| | 701 | |
| | 702 | === Other Services === |
| | 703 | |
| | 704 | The `ApiInfo` and `Admin` [wiki:SPIDocs#Services services] do not directly manipulate the major abstractions. `ApiInfo` is useful to many applications whil `Admin` is mostly useful for testbed administrators. |
| | 705 | |
| | 706 | ==== ApiInfo ==== |
| | 707 | |
| | 708 | The `ApiInfo` service provides versioning information and some basic application connectivity tests. It also provides a simple mechanism to get server and client certificates from the system. |
| | 709 | |
| | 710 | The `getVersion` operation does not require any login and returns the version and patch level of the implementation running on this server. If the caller provided an X.509 client certificate, the [https://datatracker.ietf.org/doc/rfc5280/ RFC5280]-defined identifier of the certificate is also returned. |
| | 711 | |
| | 712 | The `echo` operation takes and returns a single string argument. It can be used to confirm that simple SOAP-based parameter passing is working. The `echo` service does not require a login. |
| | 713 | |
| | 714 | The `getServerCertificate` operation returns the X.509 certificate that the server is using to authenticate itself. An application may need this to make it part of a trust chain. The certificate is returned as a PEM-encoded string. |
| | 715 | |
| | 716 | The `getClientCertificate` operation returns a certificate and an unencrypted private key that an application can use as an identity. This is essentially the same kind of certificate returned when a [wiki:SPIDoc#Authentication user logs in without a client certificate]. The operation takes a parameter that is recorded as the common name in the X.509 certificate returned. Both the key and the certificate are returned in PEM format. |
| | 717 | |
| | 718 | The certificate retrieval operations are simple enough that they can often be carried out through a web browser without using SOAP at all. |
| | 719 | |
| | 720 | ==== Admin ==== |
| | 721 | |
| | 722 | The `Admin` service provides a few operations useful to administrators. |
| | 723 | |
| | 724 | The `addPermission` call installs a new permission into the system. This is only done when adding new functionality to the system or initially creating a server. It takes 2 parameters, the permission name and the kind of object it is valid for. |
| | 725 | |
| | 726 | The `bootstrap` call creates a basic system from scratch. If there is no admin user nor a project called admin, such a user, `deterboss` is created in the `admin` project. `deterboss` owns `admin` and `admin is approved`. The world circle and a few projects needed for regression tests are also created. The password for the `deterboss` user is returned. From here an application can build a server using the operations above. |
| | 727 | |
| | 728 | The `clearCredentialCache` and `resetAccessControl` calls change the system's policy. In the first case, any cached policies are removed from memory. In the second case all the cached policies are removed and all policies system-wide are recreated. These are rarely used operations. |
| | 729 | |
