Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HDM API #153

Merged
merged 3 commits into from
Aug 10, 2023
Merged

HDM API #153

merged 3 commits into from
Aug 10, 2023

Conversation

oneiros
Copy link
Collaborator

@oneiros oneiros commented Apr 20, 2023
edited
Loading

Here are the first steps towards an API for HDM (#87).

For now it only allows to query for environments, nodes and keys, roughly reflecting the initial functionality of HDM from long ago.

The initial documentation is mostly autogenerated and can be previewed e.g. here: https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/betadots/hdm/issue-87/doc/openapi.yaml

At the very least, key search is still missing currently.

Also, the data returned is very limited. E.g. as the API is read-only I did not include the information if a file/value is writable. I also omitted the information if a file has been replaced from a git repo. I am not sure if these features mix well 😕

I am not sure what we discussed regarding encrypted values. For now I return them verbatim, i.e. no decryption is performed. This is the safest approach from a security perspective, but it severly limits the usefulness of the API.

In the end I believe one or more actual use-cases would help to find out what is actually missing or should be implemented differently. Maybe the foreman integration can be such a use-case.

Closes #87.

@oneiros
Add role to users #87
1e2888a 
Role can be either `admin`, `regular` or `api`. The first
two represent the two existing roles while the third is
added in preparation for API access.
@oneiros
First steps towards an API #87
c989f62 
Allows to query for environments, nodes and keys for now.

Returned JSON structure might not yet be final.
@oneiros oneiros requested a review from a team as a code owner April 20, 2023 10:53
@oneiros oneiros marked this pull request as draft April 20, 2023 10:54
@tuxmea
Copy link
Member

tuxmea commented Apr 20, 2023
edited
Loading

Search keys

The API does not need a key search implementation.
Use case for API is the Foreman integration.
Searching for keys will be done in the Foreman web UI.

Read-write

We dont need write support as we only show data within Foreman UI

Encrypted values

For Foreman integration showing encrypted values is sufficient.
We can consider a decrpytion at a later time if required by community and users.

Git dir keys

HDM can fetch keys from a git repo and shows that these keys are taken from git (when using HDM web UI).
We dont need this in API.

API endpoints

Within Foreman we select a node. A node can have a puppet environment configured (pinned) in Foreman. But this is optional.
Every node uses an environment and the environment is part of the PuppetDB node API endpoints.
We will rely on the PuppetDB node data to identify which environment is used by a node.

For Foreman we need the node endpoint to get a list of hiera keys and the key endpoint to show in which hierarchies we are able to find data for the requested key.

rwaffen
rwaffen reviewed Apr 24, 2023
View reviewed changes
Copy link
Member

@rwaffen rwaffen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

initial code looks okay for me.

@oneiros
Allow querying key data w/o environment #87
f929f5b 
This will simply use the node's environment.
@oneiros
Copy link
Collaborator Author

oneiros commented May 26, 2023

Within Foreman we select a node. A node can have a puppet environment configured (pinned) in Foreman. But this is optional.
Every node uses an environment and the environment is part of the PuppetDB node API endpoints.
We will rely on the PuppetDB node data to identify which environment is used by a node.

This was actually missing from my POC foreman and smart proxy plugins, mainly because I forgot about this but also because the API was just not there. I added a /nodes/{node}/keys and /nodes/{node}/keys/{key} endpoint that works just like what was there before but will take the environment from the node. I already updated the smart proxy and foreman plugins accordingly.

Since we opted to leave out everything else for now and the proof of concept works with what is already here, I will remove the draft status from this PR.

@oneiros oneiros changed the title WIP / Preview: HDM API HDM API May 26, 2023
@oneiros oneiros marked this pull request as ready for review May 26, 2023 10:04
@tuxmea tuxmea merged commit c99a7b3 into main Aug 10, 2023
@tuxmea tuxmea deleted the issue-87 branch August 10, 2023 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwaffen rwaffen rwaffen approved these changes

@tuxmea tuxmea tuxmea approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow API usage
3 participants
@oneiros @tuxmea @rwaffen