freeipa

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 12, 2024 License: CECILL-2.1, MIT Imports: 16 Imported by: 6

Documentation

Overview

Package freeipa provides a client for the FreeIPA API.

It provides access to almost all methods available through the API. Every API method has generated go structs for request parameters and output.

This code is generated from a schema which was queried from a FreeIPA server using its "schema" method. This client performs basic response validation. Since the FreeIPA server does not always conform to its own schema, it can happen that this libary fails to unmarshal a response from FreeIPA. If you run into that, please open an issue for this client library. With that said, this is still the most extensive golang FreeIPA client and it's probably easier to fix those issues here than to write a new client from scratch.

Since FreeIPA cares about the presence or abscence of fields in requests, all optional fields are defined as pointers. There are utility functions like freeipa.String to make filling these less painful.

The client uses FreeIPA's JSON-RPC interface with username/password authentication. There is no support for connecting to FreeIPA with Kerberos authentication. There is currently no support for batched requests.

See https://github.com/ccin2p3/go-freeipa/blob/master/developing.md for information on how this library is generated.

Example (AddUser)
package main

import (
	"crypto/tls"
	"fmt"
	"log"
	"math/rand"
	"net/http"
	"time"

	"github.com/ccin2p3/go-freeipa/freeipa"
)

func main() {
	tspt := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true, // WARNING DO NOT USE THIS OPTION IN PRODUCTION
		},
	}
	c, e := freeipa.Connect("dc1.test.local", tspt, "admin", "walrus123")
	if e != nil {
		log.Fatal(e)
	}

	rand.Seed(time.Now().UTC().UnixNano())
	uid := fmt.Sprintf("jdoe%v", rand.Int())

	res, e := c.UserAdd(&freeipa.UserAddArgs{
		Givenname: "John",
		Sn:        "Doe",
	}, &freeipa.UserAddOptionalArgs{
		UID: freeipa.String(uid),
	})
	if e != nil {
		log.Fatal(e)
	}

	fmt.Printf("Added user %v", *res.Result.Cn)
}
Output:

Added user John Doe
Example (ErrorHandling)
package main

import (
	"crypto/tls"
	"fmt"
	"log"
	"net/http"

	"github.com/ccin2p3/go-freeipa/freeipa"
)

func main() {
	tspt := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true, // WARNING DO NOT USE THIS OPTION IN PRODUCTION
		},
	}
	c, e := freeipa.Connect("dc1.test.local", tspt, "admin", "walrus123")
	if e != nil {
		log.Fatal(e)
	}

	_, e = c.UserShow(&freeipa.UserShowArgs{}, &freeipa.UserShowOptionalArgs{
		UID: freeipa.String("somemissinguid"),
	})
	if e == nil {
		fmt.Printf("No error")
	} else if ipaE, ok := e.(*freeipa.Error); ok {
		fmt.Printf("FreeIPA error %v: %v\n", ipaE.Code, ipaE.Message)
		if ipaE.Code == freeipa.NotFoundCode {
			fmt.Println("(matched expected error code)")
		}
	} else {
		fmt.Printf("Other error: %v", e)
	}

}
Output:

FreeIPA error 4001: somemissinguid: user not found
(matched expected error code)
Example (KerberosLogin)
package main

import (
	"crypto/tls"
	"fmt"
	"log"
	"net/http"
	"os"

	"github.com/ccin2p3/go-freeipa/freeipa"
)

func main() {

	krb5Principal := "host/cc.in2p3.fr"
	krb5Realm := "CC.IN2P3.FR"

	krb5KtFd, err := os.Open("/etc/krb5.keytab")
	if err != nil {
		log.Fatal(err)
	}
	defer krb5KtFd.Close()

	krb5Fd, err := os.Open("/etc/krb5.conf")
	if err != nil {
		log.Fatal(err)
	}
	defer krb5Fd.Close()

	krb5ConnectOption := &freeipa.KerberosConnectOptions{
		Krb5ConfigReader: krb5Fd,
		KeytabReader:     krb5KtFd,
		Username:         krb5Principal,
		Realm:            krb5Realm,
	}

	tspt := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: false,
		},
	}

	c, err := freeipa.ConnectWithKerberos("dc1.test.local", tspt, krb5ConnectOption)
	if err != nil {
		log.Fatal(err)
	}

	sizeLimit := 5
	res, err := c.UserFind("", &freeipa.UserFindArgs{}, &freeipa.UserFindOptionalArgs{
		Sizelimit: &sizeLimit,
	})
	if err != nil {
		log.Fatal(err)
	}

	for _, user := range res.Result {
		fmt.Printf("User[%s] HOME=%s\n", user.UID, *user.Homedirectory)
	}
}
Output:

Index