Changes between Version 28 and Version 29 of SPIDocs

Sep 30, 2014 11:31:47 AM (8 years ago)



  • SPIDocs

    v28 v29  
    7474  Low level testbed administration
    7575 Circles::
    76   Manipulation of Circles
     76  Manipulation of [wiki:SPIDocs#Circles Circles]
    7777 Experiments::
    78   Manipulation of Experiments
     78  Manipulation of [wiki:SPIDocs#Experiments Experiments]
    7979 Libraries::
    80   Manipulation of Libraries
     80  Manipulation of [wiki:SPIDocs#Libraries Libraries]
    8181 Projects::
    82   Manipulation of Projects
     82  Manipulation of [wiki:SPIDocs#Projects Projects]
    8383 Users::
    8484  Manipulation of [wiki:SPIDocs#Users Users]
    700700These are documented below.
     702=== Other Services ===
     704The `ApiInfo` and `Admin` [wiki:SPIDocs#Services services] do not directly manipulate the major abstractions.  `ApiInfo` is useful to many applications whil `Admin` is mostly useful for testbed administrators.
     706==== ApiInfo ====
     708The `ApiInfo` service provides versioning information and some basic application connectivity tests.  It also provides a simple mechanism to get server and client certificates from the system.
     710The `getVersion` operation does not require any login and returns the version and patch level of the implementation running on this server.  If the caller provided an X.509 client certificate, the [ RFC5280]-defined identifier of the certificate is also returned.
     712The `echo` operation takes and returns a single string argument.  It can be used to confirm that simple SOAP-based parameter passing is working.  The `echo` service does not require a login.
     714The `getServerCertificate` operation returns the X.509 certificate that the server is using to authenticate itself.  An application may need this to make it part of a trust chain.  The certificate is returned as a PEM-encoded string.
     716The `getClientCertificate` operation returns a certificate and an unencrypted private key that an application can use as an identity.  This is essentially the same kind of certificate returned when a [wiki:SPIDoc#Authentication user logs in without a client certificate].  The operation takes a parameter that is recorded as the common name in the X.509 certificate returned.  Both the key and the certificate are returned in PEM format.
     718The certificate retrieval operations are simple enough that they can often be carried out through a web browser without using SOAP at all.
     720==== Admin ====
     722The `Admin` service provides a few operations useful to administrators.
     724The `addPermission` call installs a new permission into the system.  This is only done when adding new functionality to the system or initially creating a server.  It takes 2 parameters, the permission name and the kind of object it is valid for.
     726The `bootstrap` call creates a basic system from scratch.  If there is no admin user nor a project called admin, such a user, `deterboss` is created in the `admin` project.  `deterboss` owns `admin` and `admin is approved`.  The world circle and a few projects needed for regression tests are also created.  The password for the `deterboss` user is returned.  From here an application can build a server using the operations above.
     728The `clearCredentialCache` and `resetAccessControl` calls change the system's policy.  In the first case, any cached policies are removed from memory.  In the second case all the cached policies are removed and all policies system-wide are recreated.  These are rarely used operations.