Existing Services

There are many Services in Fedora. Many of these have an interface that we can query and get back information as JSON data. There is documentation here about both the services and the client modules that can access them.

Fedora Account System

FAS is the Fedora Account System. It holds the account data for all of our contributors.

class fedora.client.AccountSystem(base_url='https://admin.fedoraproject.org/accounts/', *args, **kwargs)

An object for querying the Fedora Account System.

The Account System object provides a python API for talking to the Fedora Account System. It abstracts the http requests, cookie handling, and other details so you can concentrate on the methods that are important to your program.

Warning

If your code is trying to use the AccountSystem object to connect to fas for multiple users you probably want to use FasProxyClient instead. If your code is trying to reuse a single instance of AccountSystem for multiple users you definitely want to use FasProxyClient instead. Using AccountSystem in these cases may result in a user being logged in as a different user. (This may be the case even if you instantiate a new AccountSystem object for each user if :attr:cache_session: is True since that creates a file on the file system that can end up loading session credentials for the wrong person.

Changed in version 0.3.26: Added gravatar_url() that returns a url to a gravatar for a user.

Changed in version 0.3.33: Renamed gravatar_url() to avatar_url().

avatar_url(username, size=64, default=None, lookup_email=True, service=None)

Returns a URL to an avatar for a given username.

Avatars are drawn from third party services.

Parameters
  • username – FAS username to construct a avatar url for

  • size – size of the avatar. Allowed sizes are 32, 64, 140. Default: 64

  • default – If the service does not have a avatar image for the email address, this url is returned instead. Default: the fedora logo at the specified size.

  • lookup_email – If true, use the email from FAS for gravatar.com lookups, otherwise just append @fedoraproject.org to the username. For libravatar.org lookups, this is ignored. The openid identifier of the user is used instead. Note that gravatar.com lookups will be much slower if lookup_email is set to True since we’d have to make a query against FAS itself.

  • service – One of ‘libravatar’ or ‘gravatar’. Default: ‘libravatar’.

Raises

ValueError – if the size parameter is not allowed or if the service is not one of ‘libravatar’ or ‘gravatar’

Return type

str

Returns

url of a avatar for the user

If that user has no avatar entry, instruct the remote service to redirect us to the Fedora logo.

If that user has no email attribute, then make a fake request to the third party service.

New in version 0.3.26.

create_group(name, display_name, owner, group_type, invite_only=0, needs_sponsor=0, user_can_remove=1, prerequisite='', joinmsg='', apply_rules='None')

Creates a FAS group.

Parameters
  • name – The short group name (alphanumeric only).

  • display_name – A longer version of the group’s name.

  • owner – The username of the FAS account which owns the new group.

  • group_type – The kind of group being created. Current valid options are git, svn, hg, shell, and tracking.

  • invite_only – Users must be invited to the group, they cannot join on their own.

  • needs_sponsor – Users must be sponsored into the group.

  • user_can_remove – Users can remove themselves from the group.

  • prerequisite – Users must be in the given group (string) before they can join the new group.

  • joinmsg – A message shown to users when they apply to the group.

  • apply_rules – Rules for applying to the group, shown to users before they apply.

Return type

munch.Munch

Returns

A Munch containing information about the group that was created.

New in version 0.3.29.

get_config(username, application, attribute)

Return the config entry for the key values.

Parameters
  • username – Username of the person

  • application – Application for which the config is set

  • attribute – Attribute key to lookup

Raises

AppError – if the server returns an exception

Returns

The unicode string that describes the value. If no entry matched the username, application, and attribute then None is returned.

get_configs_like(username, application, pattern='*')

Return the config entries that match the keys and the pattern.

Note: authentication on the server will prevent anyone but the user or a fas admin from viewing or changing their configs.

Parameters
  • username – Username of the person

  • application – Application for which the config is set

  • pattern – A pattern to select values for. This accepts * as a wildcard character. Default=’*’

Raises

AppError – if the server returns an exception

Returns

A dict mapping attribute to value.

gravatar_url(*args, **kwargs)

Deprecated - Use avatar_url.

New in version 0.3.26.

group_by_id(group_id)

Returns a group object based on its id

group_by_name(groupname)

Returns a group object based on its name

group_data(force_refresh=None)

Return administrators/sponsors/users and group type for all groups

Parameters

force_refresh – If true, the returned data will be queried from the database, as opposed to memcached.

Raises

AppError – if the query failed on the server

Returns

A dict mapping group names to the group type and the user IDs of the administrator, sponsors, and users of the group.

New in version 0.3.8.

group_members(groupname)

Return a list of people approved for a group.

This method returns a list of people who are in the requested group. The people are all approved in the group. Unapproved people are not shown. The format of data is:

\[{'username': 'person1', 'role_type': 'user'},
\{'username': 'person2', 'role_type': 'sponsor'}]

role_type can be one of ‘user’, ‘sponsor’, or ‘administrator’.

New in version 0.3.2.

Changed in version 0.3.21: Return a Bunch instead of a DictContainer

property insecure

If this attribute is set to True, do not check server certificates against their CA’s. This means that man-in-the-middle attacks are possible. You might turn this option on for testing against a local version of a server with a self-signed certificate but it should be off in production.

people_by_groupname(groupname)

Return a list of persons for the given groupname.

Parameters

groupname – Name of the group to look up

Returns

A list of person objects from the group. If the group contains no entries, then an empty list is returned.

people_by_id()

Deprecated Use people_by_key() instead.

Returns a dict relating user IDs to human_name, email, username, and bugzilla email

Changed in version 0.3.21: Return a Bunch instead of a DictContainer

people_by_key(key='username', search='*', fields=None)

Return a dict of people

For example:

>>> ret_val = FASCLIENT.people_by_key(
...     key='email', search='toshio*', fields=['id'])
>>> ret_val.keys()
a.badger@[...].com
a.badger+test1@[...].com
a.badger+test2@[...].com
>>> ret_val.values()
100068
102023
102434
Parameters
  • key – Key used to organize the returned dictionary. Valid values are ‘id’, ‘username’, or ‘email’. Default is ‘username’.

  • search – Pattern to match usernames against. Defaults to the ‘*’ wildcard which matches everyone.

  • fields

    Limit the data returned to a specific list of fields. The default is to retrieve all fields. Valid fields are:

    • affiliation

    • alias_enabled

    • bugzilla_email

    • certificate_serial

    • comments

    • country_code

    • creation

    • email

    • emailtoken

    • facsimile

    • gpg_keyid

    • group_roles

    • human_name

    • id

    • internal_comments

    • ircnick

    • last_seen

    • latitude

    • locale

    • longitude

    • memberships

    • old_password

    • password

    • password_changed

    • passwordtoken

    • postal_address

    • privacy

    • roles

    • ssh_key

    • status

    • status_change

    • telephone

    • timezone

    • unverified_email

    • username

    Note that for most users who access this data, many of these fields will be set to None due to security or privacy settings.

Returns

a dict relating the key value to the fields.

Changed in version 0.3.21: Return a Bunch instead of a DictContainer

Changed in version 0.3.26: Fixed to return a list with both people who have signed the CLA and have not

people_query(constraints=None, columns=None)

Returns a list of dicts representing database rows

Parameters
  • constraints – A dictionary specifying WHERE constraints on columns

  • columns – A list of columns to be selected in the query

Raises

AppError – if the query failed on the server (most likely because the server was given a bad query)

Returns

A list of dicts representing database rows (the keys of the dict are the columns requested)

New in version 0.3.12.1.

person_by_id(person_id)

Returns a person object based on its id

person_by_username(username)

Returns a person object based on its username

proxy = None
set_config(username, application, attribute, value)

Set a config entry in FAS for the user.

Note: authentication on the server will prevent anyone but the user or a fas admin from viewing or changing their configs.

Parameters
  • username – Username of the person

  • application – Application for which the config is set

  • attribute – The name of the config key that we’re setting

  • value – The value to set this to

Raises

AppError – if the server returns an exception

user_data()

Return user data for all users in FAS

Note: If the user is not authorized to see password hashes, ‘*’ is returned for the hash.

Raises

AppError – if the query failed on the server

Returns

A dict mapping user IDs to a username, password hash, SSH public key, email address, and status.

New in version 0.3.8.

user_gencert()

Generate a cert for a user

user_id()

Returns a dict relating user IDs to usernames

verify_password(username, password)

Return whether the username and password pair are valid.

Parameters
  • username – username to try authenticating

  • password – password for the user

Returns

True if the username/password are valid. False otherwise.

Threadsafe Account System Access

It is not safe to use a single instance of the AccountSystem object in multiple threads. This is because instance variables are used to hold some connection-specific information (for instance, the user who is logging in). For this reason, we also provide the fedora.client.FasProxyClient object.

This is especially handy when writing authn and authz adaptors that talk to fas from a multithreaded webserver.

class fedora.client.FasProxyClient(base_url='https://admin.fedoraproject.org/accounts/', *args, **kwargs)

A threadsafe client to the Fedora Account System.

get_user_info(auth_params)

Retrieve information about a logged in user.

Parameters

auth_params – Auth information for a particular user. For instance, this can be a username/password pair or a session_id. Refer to fedora.client.proxyclient.ProxyClient.send_request() for all the legal values for this.

Returns

a tuple of session_id and information about the user.

Raises

AuthError – if the auth_params do not give access

group_list(auth_params)

Retrieve a list of groups

Parameters

auth_params – Auth information for a particular user. For instance, this can be a username/password pair or a session_id. Refer to fedora.client.proxyclient.ProxyClient.send_request() for all the legal values for this.

Returns

a tuple of session_id and information about groups. The groups information is in two fields:

groups

contains information about each group

memberships

contains information about which users are members of which groups

Raises

AuthError – if the auth_params do not give access

login(username, password)

Login to the Account System

Parameters
  • username – username to send to FAS

  • password – Password to verify the username with

Returns

a tuple of the session id FAS has associated with the user and the user’s account information. This is similar to what is returned by fedora.client.proxyclient.ProxyClient.get_user_info()

Raises

AuthError – if the username and password do not work

logout(session_id)

Logout of the Account System

Parameters

session_id – a FAS session_id to remove from FAS

person_by_id(person_id, auth_params)

Retrieve information about a particular person

Parameters

auth_params – Auth information for a particular user. For instance, this can be a username/password pair or a session_id. Refer to fedora.client.proxyclient.ProxyClient.send_request() for all the legal values for this.

Returns

a tuple of session_id and information about the user.

Raises
  • AppError – if the server returns an exception

  • AuthError – if the auth_params do not give access

refresh_session(session_id)

Try to refresh a session_id to prevent it from timing out

Parameters

session_id – FAS session_id to refresh

Returns

session_id that FAS has set now

verify_password(username, password)

Return whether the username and password pair are valid.

Parameters
  • username – username to try authenticating

  • password – password for the user

Returns

True if the username/password are valid. False otherwise.

verify_session(session_id)

Verify that a session is active.

Parameters

session_id – session_id to verify is currently associated with a logged in user

Returns

True if the session_id is valid. False otherwise.

Bodhi, the Update Server

Bodhi is used to push updates from the build system to the download repositories. It lets packagers send packages to the testing repository or to the update repository.

pythyon-fedora currently supports both the old Bodhi1 interface and the new Bodhi2 interface. By using fedora.client.BodhiCLient, the correct one should be returned to you depending on what is running live on Fedora Infrastructure servers.