Difference between revisions of "Management API config"

From i2Rest
Jump to: navigation, search
(Created page with "=Request authorization= Most of requests to i2Rest Sever require authorization. Such requests as IBM i command call, I2Rest_API#run_program_AP...")
 
Line 1: Line 1:
 
=Request authorization=
 
=Request authorization=
Most of requests to i2Rest Sever require authorization. Such requests as [[I2Rest_API#run_command_API|IBM i command call]], [[I2Rest_API#run_program_API|API call]] (except anonymous API call) and [[I2Rest_API#Management_APIs|management api call]] will not be served without OAuth2 token with appropriate [[I2Rest_scopes|scope]]. There is a [[OAuth2_object|OAuth2 object]], representing built-in authorization model. [[OAuth2_object#Settings_for_built-in_implementation|i2Rest built-in authorization model]] configuration options on example.<br>  
+
[[Management_APIs|Management APIs]] includes functions that can be used to do some management stuff - change runtime parameters, query current status of server instance, etc. OAuth2 token with management_functions scope is required for any management Api call.
<div id="Oauth2_obj_template">
+
 
    "OAuth2":
+
;Step 1
  {
+
:Create text file named I2RESTECHO.PCML anywhere on IFS, for example "/tmp/PCML/i2restecho.pcml". Copy and paste following code. It represents a description for the sample program I2RESTECHO, that is included into i2Rest Server installation for demonstration purposes:
      "scopes": {"management_functions" : {"description":"i2Rest management APIs call"},
+
<pre>
                "run_program"          : {"description":"Run *PGM and *SRVPGM"},  
+
<pcml version="1.0">
                "run_command"         : {"description":"Run CL command"}
+
 
  },
+
  <program name="echo" path="/QSYS.LIB/%LIBL%.LIB/I2RESTECHO.PGM">
 +
      <data name="echo" usage="inputoutput" type="char" length="10" trim="both"/>
 +
  </program>
 +
 
 +
</pcml>
 +
</pre>
 +
 
 +
;Step 2
 +
:Contact your system administrator for your IBM i server host name (or IP) and ''two'' available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Enter following text, replace host_name, ports and pcml_file with appropriate values.<bt>
 +
[[I2Rest_quick_config|Basic configuration]] management API variant (differences are highlighted in <span style="background:#00FFFF;">blue</span>):
 +
 
 +
{
 +
    "gates":
 +
    {
 +
      "main"      : {"url":"http://<span style="color:red;"><host_name>[:port] (for example api.i2rest.com:1234)</span>"},
 +
      "management" : {"url":"http://<span style="color:red;"><host_name>[:port] (for example api.i2rest.com:4321)</span>"}
 +
    },
 +
    "session_systems":
 +
    [
 +
      { "name"  : "*ANONYMOUS",
 +
          "submit" : "SBMJOB JOB(I2RESTA)                \
 +
                            USER(${user})              \
 +
                            CMD(CALL I2REST            \
 +
                                PARM('-session'          \
 +
                                    '-url' '${surl}'    \
 +
                                    '-uid' '${uid}'    \
 +
                                    '-user' '${user}')) \
 +
                            INLLIBL(I2REST)"
 +
      }
 +
    ],
 +
    "pcmls":
 +
    [
 +
      {
 +
          "pcml_mount"         : "echo",
 +
          "pcml_file"          : "<span style="color:red;"><complete name of i2restecho.pcml on IFS (for example /tmp/PCML/i2restecho.pcml)></span>"<span style="background:#00FFFF;">,
 +
          "valid_in_anonymous" : true
 +
      }
 +
    ],
 +
 
 +
    "OAuth2":
 +
    {
 +
      "scopes": {"management_functions" : {"description":"i2Rest management APIs call"}
 +
      },
 
       "users":
 
       "users":
 
       {
 
       {
Line 20: Line 62:
 
       },
 
       },
 
       "tokens": {"type":"token"},"codes":{"type":"code"}
 
       "tokens": {"type":"token"},"codes":{"type":"code"}
  }  
+
    }</span>  
<div>
+
  }
The snippet above shows us In general worlds i2Rest authorization model is something like '''WHAT''' is allowed and to '''WHOM''', and '''HOW''' it realized. '''WHAT''' parameters - are the "scopes", '''HOW''' parameters - "tokens", '''WHOM''' parameters - "users" and "clients" (built-in authorization model implies that both "users" and "clients" has to be registered as an IBM i users). So we can see that user '''USRX''' using client '''TSTCLNT''' is allowed to do some actions within '''"managment_functions"''' scope. And these are exactly the settings of Oauth2 object that we need to perform a Мanagement api call.<br>
 
 
 
 
==Мanagement API call==
 
==Мanagement API call==
 
So, what you have to do before we can test Мanagement API call to i2Rest Server:
 
So, what you have to do before we can test Мanagement API call to i2Rest Server:

Revision as of 17:19, 29 June 2020

Request authorization

Management APIs includes functions that can be used to do some management stuff - change runtime parameters, query current status of server instance, etc. OAuth2 token with management_functions scope is required for any management Api call.

Step 1
Create text file named I2RESTECHO.PCML anywhere on IFS, for example "/tmp/PCML/i2restecho.pcml". Copy and paste following code. It represents a description for the sample program I2RESTECHO, that is included into i2Rest Server installation for demonstration purposes:
<pcml version="1.0">

   <program name="echo" path="/QSYS.LIB/%LIBL%.LIB/I2RESTECHO.PGM">
      <data name="echo" usage="inputoutput" type="char" length="10" trim="both"/>
   </program>

</pcml>
Step 2
Contact your system administrator for your IBM i server host name (or IP) and two available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Enter following text, replace host_name, ports and pcml_file with appropriate values.<bt>

Basic configuration management API variant (differences are highlighted in blue): 

{
   "gates":
   {
      "main"       : {"url":"http://<host_name>[:port] (for example api.i2rest.com:1234)"},
      "management" : {"url":"http://<host_name>[:port] (for example api.i2rest.com:4321)"}
   },
   "session_systems":
   [
      {  "name"   : "*ANONYMOUS", 
         "submit" : "SBMJOB JOB(I2RESTA)                \
                            USER(${user})               \
                            CMD(CALL I2REST             \
                               PARM('-session'          \
                                    '-url' '${surl}'    \
                                    '-uid' '${uid}'     \
                                    '-user' '${user}')) \
                            INLLIBL(I2REST)"
      }
   ],
   "pcmls":
   [
      {
         "pcml_mount"         : "echo",
         "pcml_file"          : "<complete name of i2restecho.pcml on IFS (for example /tmp/PCML/i2restecho.pcml)>", 
         "valid_in_anonymous" : true
      }
   ],

   "OAuth2":
   {
     "scopes": {"management_functions" : {"description":"i2Rest management APIs call"}
     },
     "users":
     {
        "USRX":{"description":"John Johnes","valid_clients":{"TSTCLNT":{"scopes":["management_functions"]}}}
     },
     "clients":
     {
        "TSTCLNT":{"redirect_uri":"<main gate URL>/oauth2/redirect", 
                   "description":"Test client", 
                   "valid_scopes":["management_functions"],
                   "valid_grant_types":["authorization_code"]}
     },
     "tokens": {"type":"token"},"codes":{"type":"code"}
   } 
}

Мanagement API call

So, what you have to do before we can test Мanagement API call to i2Rest Server:

a) Register two users on IBM i - one for a "сlient" parameter and one for a "user" parameter.
b) Fill the OAuth2 object template above with IBM i users values. Then add the snippet to your basic server configuration(with or without ssl protection) and put your new *.json anywhere on IBM i IFS.
c) Restart server to apply your new configuration *.json.

Now let's test the configuration obtaining Oauth2 token with SoapUI, and than proceed to Management api authorized call.

Retrieved from "https://www.i2rest.com/index.php?title=Management_API_config&oldid=1445"