sapi

Overview

The Service API requests can be made throught the vanderbilt database client.

The database has a table named SAPI. The entries correspond to some actions that can be done on the database. There is a module inside admintools (sapi.py) that reads these entries and processes them accordingly. This documentation gives a general overview of how to use the SAPI requests.

from accre.database import AdminDBClient as DBC

client = DBC()
client.add_sapi_request(
    action,
    payload,
    requester,
    ticket=0,
    status='PENDING',
    stage=0,
    creation_time=None,
    modification_time=None
)

:param str action: The SAPI action name for the request, i.e.
    NEWUSER, ADDGROUP, REMOVEGROUP, etc..
:param str payload: String representing a valid JSON object with
    properties for the action, the contents of the JSON are action
    dependent.
:param str requester: The staff member or entity requesting the action.
:param int ticket: The RT ticket number associated with this action. If
    set to 0 (default), a ticket will be generated.
:param str status: The status code for the new request, defaults to
    pending
:param int stage: Action-dependent processing stage code, default 0
:param datetime.datetime creation_time: Time when this request was
    created, if set to None it will be the current time
:param datetime.datetime modification_time: Time of the last request
    modification, if set to None it will be the current time

:returns: The SAPI request ID number of the new request
:rtype: int

Example:

srid = client.add_sapi_request(
    action='NEWUSER',
    payload=json.dumps(data),
    requester=vunetid
)

Types of SAPI actions

  • NEWUSER

  • ADDSGROUP

  • REMSGROUP

  • MODGPFSQUOTA

NEWUSER

Creates a new user with already existing vunetid within the ACCRE ecosystem.

payload = {
    full_name: "Test",
    vunetid: "vunetid",
    login_group: "group_vunetid",
    email: "email@address.com",
    approved: False/True
}

If the approved parameter is set to True, it will automatically approve the user creation. By default it is set to False, that way only after a PI has approved it, will it be set to True again.

ADDSGROUP

Adds user to a certain group.

payload = {
    vunetid: vunetid of the user (has to be valid and within accre ecosystem)
    group: vunetid of the group
}

REMSGROUP

Removes user from a certain group

payload = {
    vunetid: vunetid of the user to remove (has to be valid vunetid within accre ecosystem and also withing the group)
    group: vunetid of the group
}

MODGPFSQUOTA

Modifies the existing GPFS Quota in the database.

payload = {
    fileset (str): Name of the GPFS fileset
    filesystem (str):  Filesystem that the fileset belongs to
    blockquota (str): Soft block quota (should be in units of k, M, G, T, etc..)
    blocklimit (str): Hard block quota/limit (should be in units of k, M, G, T, etc..)
    filequota (str): Soft file quota, or no quota change if None
    filelimit (str): Soft file limit, or no quota change if None
}

Module Reference

Handler code for SAPI requests, set up as a class for each action type of SAPI request.

The process_sapi_requests function can be used as a CLI tool or cron job as root on auditor to run through all currently active SAPI requests and attempt to process them.

class accre.sapi.SAPICreateGroup(srid)[source]

Bases: object

Handler for SAPI requests of type “CREATEGROUP” for which we open an RT ticket and guide the sysadmins on how to handle it manually in the text of the ticket.

process()[source]

Main function to call to process SAPI request assigned to this object.

class accre.sapi.SAPIGPFSFilesetQuota(srid)[source]

Bases: object

Handler for SAPI requests to modify GPFS fileset quotas.

process()[source]

Main function to call to process SAPI request assigned to this object.

class accre.sapi.SAPIGenericRequest(srid)[source]

Bases: object

Handler for SAPI requests of an unknown type for which we simply open an RT ticket and let it be further processed manually

process()[source]

Main function to call to process SAPI request assigned to this object.

class accre.sapi.SAPIGroupMembership(srid)[source]

Bases: object

Handler for SAPI requests concerning a login user’s membership into ACCRE groups, such as “ADDSGROUP” and “REMSGROUP” which add or remove a secondary group respectively.

add_secondary_group()[source]

Process an add secondary group request (ADDSGROUP)

process()[source]

Main function to call to process SAPI request assigned to this object.

remove_secondary_group()[source]

Process a remove secondary group request (REMSGROUP)

class accre.sapi.SAPINewUser(srid)[source]

Bases: object

Handler for SAPI requests of type “NEWUSER” which refer to new ACCRE login account requests, typically coming from the web form.

process()[source]

Main function to call to process SAPI request assigned to this object.

class accre.sapi.SAPIRenewDisclosure(srid)[source]

Bases: object

Handler for SAPI requests of type “RENEWDISCLOSURE” for which we may open an RT ticket if there is a change in delegate. In any case, the group disclosure will be renewed or created based on the payload of the request

process()[source]

Main function to call to process SAPI request assigned to this object.

accre.sapi.process_sapi_requests()[source]

Function or CLI endpoint to process all outstanding SAPI requests, searching through all PENDING or PROCESSING requests and all RT tickets and dispatching to the appropriate handler for all known SAPI actions.

This should only be run as root on the auditor server!