1298286 – [RFE] IdM Server stable API

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1298286 - [RFE] IdM Server stable API

Summary: [RFE] IdM Server stable API

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	IPA Maintainers
QA Contact:	Namita Soman
Docs Contact:	Marc Muehlfeld
URL:
Whiteboard:
Depends On:
Blocks:	1292074 1296125 1313485 1351228 1381130 1664719 2084166
TreeView+	depends on / blocked

Reported:	2016-01-13 16:21 UTC by Petr Vobornik
Modified:	2022-05-11 15:11 UTC (History)
CC List:	9 users (show)
Fixed In Version:	ipa-4.4.0-1.el7
Doc Type:	Technology Preview
Doc Text:	.Identity Management JSON-RPC API available as a Technology Preview An API is available for Identity Management (IdM). To view the API, IdM also provides an API browser as Technology Preview. In RHEL 7.3, the IdM API was enhanced to enable multiple versions of API commands. Previously, enhancements could change the behavior of a command in an incompatible way. Users are now able to continue using existing tools and scripts even if the IdM API changes. This enables: * Administrators to use previous or later versions of IdM on the server than on the managing client. * Developers to use a specific version of an IdM call, even if the IdM version changes on the server. In all cases, the communication with the server is possible, regardless if one side uses, for example, a newer version that introduces new options for a feature. For details on using the API, see the related link:https://access.redhat.com/articles/2728021[Knowlegdebase article].
Clone Of:
Clones:	1351228 1664719 2084166 (view as bug list)
Environment:
Last Closed:	2016-11-04 05:48:54 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
tkt_4427.log (12.90 KB, text/plain) 2016-08-16 12:17 UTC, Abhijeet Kasurde	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	FREEIPA-8261	0	None	None	None	2022-05-11 15:11:21 UTC
Red Hat Product Errata	RHBA-2016:2404	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2016-11-03 13:56:18 UTC

Description Petr Vobornik 2016-01-13 16:21:12 UTC

As a Developer of a Product, I want to call a specific version of API call, without being affected by higher or lower version of the IdM server than my testing instance so that the Product is not dependent on a specific IdM server version and respective changes

Version-Release number of selected component (if applicable):
4.2

How reproducible:
always

Steps to Reproduce:
1. run any 'ipa' command from client newer than an IPA server. E.g. user-find

Actual results:
There is only "one" API, API version is used only for rejecting request and not managing requests.

Expected results:
Client can call API with API version specified. Server will respond according to the specified version(different output/required params, etc.).

The supported versions are yet to be determined.

Comment 3 Petr Vobornik 2016-01-15 16:16:56 UTC

Possibly related upstream tickets:
* https://fedorahosted.org/freeipa/ticket/33
* https://fedorahosted.org/freeipa/ticket/2026
* https://fedorahosted.org/freeipa/ticket/4427

Comment 4 Petr Vobornik 2016-02-19 14:45:12 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4427

Comment 5 Jan Cholasta 2016-06-28 11:31:19 UTC

master:
https://fedorahosted.org/freeipa/changeset/9a21964877c4bb64599e75ca708ec83a72abeb51
https://fedorahosted.org/freeipa/changeset/79d1f5833547044a7cb2700454cacb2a0976dd5f
https://fedorahosted.org/freeipa/changeset/4284d4fb4da1049c8b9f23d838f963b301aef97d
https://fedorahosted.org/freeipa/changeset/8466e9444085fbd06a2496e8b83e28102b263e47
https://fedorahosted.org/freeipa/changeset/5f52e0fcbfb927c3adada58e94bd10685535d2bd

Comment 11 Abhijeet Kasurde 2016-08-16 12:17:14 UTC

Created attachment 1191258 [details]
tkt_4427.log

Verified using IPA version ::

ipa-server-4.4.0-7.el7.x86_64

Marking RFE BZ as verified. There is a BZ1357488 opened which is related to this RFE.

Comment 13 Martin Kosek 2016-08-18 11:35:59 UTC

This Bugzilla is being repurposed, to track global availability of the IdM Server API (as a Tech Preview).

This is the more general user story proposed for that purpose:
As a Developer, I want to communicate with IdM Server via stable API and without being affected by higher or lower version of the IdM server than my testing instance, so that the API call is not broken when used with different IdM servers.

This change in focus does not need any actual code changes, it is rather about making the support level of the IdM Server API explicit, tracked and reference-able in other bugs.

Please note, that the actual IdM Server API functionality is composed from several parts:
* IdM Server JSON-RPC API itself, as it was available since RHEL 7.0 (unsupported at all, available as Tech Preview since RHEL-7.3)
* IdM Server API browser (announced as Experimental in RHEL-7.2 in Bug 846033, moved to Tech Preview in RHEL-7.3 in Bug 1335567)
* IdM Server API documentation and guidance (based on https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions/, DOC Bugzilla TBD).

Comment 14 Martin Kosek 2016-08-18 11:37:21 UTC

(In reply to Martin Kosek from comment #13)
> * IdM Server JSON-RPC API itself, as it was available since RHEL 7.0
> (unsupported at all, available as Tech Preview since RHEL-7.3)

This is the part covered by this bug, including API versioning which was a prerequisite for productizing IdM Server API.

Comment 16 errata-xmlrpc 2016-11-04 05:48:54 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html

Note You need to log in before you can comment on or make changes to this bug.