SlideShare a Scribd company logo

Kiwipycon command line

Download as PPTX, PDF
M
Michael Hudson-Doyle

Linaro aims to improve Linux support for ARM processors. They created LAVA (Linaro Automated Validation) to automate testing of new kernels on ARM hardware. LAVA needs a way to trigger test runs when kernel builds finish. Linaro implemented an XML-RPC API with HTTPS and token-based authentication to securely allow remote triggering of test runs. They open sourced the server and client code to make it easy for others to add authenticated XML-RPC to projects.

Technology
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Giving your website a command line interfaceMichael Hudson-Doylemichael.hudson@linaro.org
Linaro and its missionLinaro aims to make Linux work better on ARM processors
The ProblemThe ARM ecosystem is very fragmented, and the kernel has a lot of copy and paste code"Gaah. Guys, this whole ARM thing is a f*cking pain in the ass."— Linus Torvalds, 17 Mar 2011https://lwn.net/Articles/437170/
Enter Linaro!"Linaro is a not-for-profit software engineering company investing in core Linux software and tools for ARM SoCs."Also about educating the members in how to do open source development...
LAVA - Linaro Automated ValidationA bit part of Linaro is about automated validation:Find regressions earlier
Also benchmark toolchain improvements
Maybe even power management changes too...LAVAWe have a bunch of hardware
LAVASome scripts and tricks that can boot a board with a new kernel and run some tests.Quick Demo(ever the optimist)
LAVAAnd a website that lets you see whats going on
The Problem (finally!)We want to do things like trigger test runs when a kernel build finishes.This basically means some kind of Remote Procedure Call (RPC).
ParanoiaFor a bunch of reasons, we need some kind of security in our system:The boards in our lab are a limited resource
Some risk of mischief
Eventually may have test results from unreleased hardware or benchmarks with licenses that forbid publication of resultsProtocol ChoicesWe use XML-RPC
We didn't think about this very hard but it is well supported in most languages
Will probably add JSON-RPC support at some point for easier browser accessFirst idea: OAuthAn open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.– http://oauth.net/
The great thing about standards...<bob2> kennethreitz: oauth is a font of villany and dispair -- #python, Jun 09 11:55:08
Also doesn't solve our problemOAuth specifies that various aspects of the request are signed, but not, crucially for us, the body of the request – an important detail, because in XML-RPC the body of the request is where all the important stuff is.
Transport Layer Security, here we comeIf you're going as far as to cryptographically sign something, it's not much further to go to actually just encrypt it!
And what does everyone know about encryption?Don't implement it yourself(i.e. use HTTPS)
Back to BasicAnd if you're operating over HTTPS, you might as well just just good old RFC 2617 Basic Authentication...... but with tokens rather than passwords
Tokens > PasswordsBecause we expect the RPC to be invoked from build systems and so on, there is a moderate chance of the token being leaked – so it should not let you take over the owning user's account.In the future, a token might only let you access some APIs.
Also, we use SSO...In addition we use Launchpad's SSO service for authentication, so most users don't have a LAVA password!
Show me the code!On the server side, we've built a library that lets you add a authenticating XML-RPC to a Django project:https://launchpad.net/linaro-django-xmlrpcIt includes views and models (and very very simple templates) for creating and managing tokens.
Server side codeexample/api.py:from linaro_django_xmlrpc.models import ExposedAPIfrom linaro_django_xmlrpc.globals import mapperclass ExampleAPI(ExposedAPI): def whoami(self): if self.user: return self.user.username else: return Nonemapper.register(ExampleAPI)in your urlconf: url(r'', include('linaro_django_xmlrpc.urls')),
Client side libraryThis isn't properly factored yet really (it's it all mashed up with our toolkit for doing command line tools), but the code is in "lava-tool":https://launchpad.net/lava-toolIt uses python-keyring for token management.
Client-side codefrom lava_tool.authtoken import \ AuthenticatingServerProxy, KeyringAuthBackendauth_backend = KeyringAuthBackend()auth_backend.add_token( "user", "http://server/RPC2/", token)sp = AuthenticatingServerProxy( "http://user@server/RPC2/", auth_backend=auth_backend)print server.whoami()

More Related Content

ODP
PHPNW Test Fest Pre-presentation
Lorna Mitchell
 
PPTX
Phalcon 2 - PHP Brazil Conference
Jackson F. de A. Mafra
 
PPTX
Phalcon 2 High Performance APIs - DevWeekPOA 2015
Jackson F. de A. Mafra
 
PPTX
Andres Gutierrez "Phalcon 3.0, Zephir & PHP7"
Fwdays
 
PPTX
The better PHP API (EN)
boen_robot
 
PPTX
PHP Conference - Phalcon hands-on
Jackson F. de A. Mafra
 
PPTX
Getting Started With PowerShell Scripting
Ravikanth Chaganti
 
PDF
Fluentd v0.12 master guide
N Masahiro
 
PHPNW Test Fest Pre-presentation
Lorna Mitchell
 
Phalcon 2 - PHP Brazil Conference
Jackson F. de A. Mafra
 
Phalcon 2 High Performance APIs - DevWeekPOA 2015
Jackson F. de A. Mafra
 
Andres Gutierrez "Phalcon 3.0, Zephir & PHP7"
Fwdays
 
The better PHP API (EN)
boen_robot
 
PHP Conference - Phalcon hands-on
Jackson F. de A. Mafra
 
Getting Started With PowerShell Scripting
Ravikanth Chaganti
 
Fluentd v0.12 master guide
N Masahiro
 

What's hot (20)

PPTX
Windows PowerShell - Billings .NET User Group - August 2009
John Clayton
 
PPTX
Php7
longvohoang
 
PDF
2021laravelconftwslides6
LiviaLiaoFontech
 
PPTX
PHP Presentation
JIGAR MAKHIJA
 
PPTX
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
Cisco DevNet
 
ODP
Website releases made easy with the PEAR installer - Barcelona 2008
Helgi Þormar Þorbjörnsson
 
PPT
Flyr PHP micro-framework
Siro Díaz Palazón
 
PDF
Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]
Ismail Tasdelen
 
PDF
RMLL 2014 - OpenLDAP - Manage password policy
Clément OUDOT
 
PPTX
Document Databases e RavenDB
Comunidade NetPonto
 
PPT
LOGBack and SLF4J
jkumaranc
 
PPT
香港六合彩
csukxnr
 
PPT
Php
HAINIRMALRAJ
 
PPT
Ruby Projects and Libraries
Vorleak Chy
 
ODP
Website releases made easy with the PEAR installer, OSCON 2009
Helgi Þormar Þorbjörnsson
 
PPT
Another Test
seanfrederick
 
PPTX
How i-won-club hack-precon-ctf-v2
n|u - The Open Security Community
 
PPT
Apache
HAINIRMALRAJ
 
ODP
Developing high-performance network servers in Lisp
Vladimir Sedach
 
DOCX
How to save log4net into database
codeandyou forums
 
Windows PowerShell - Billings .NET User Group - August 2009
John Clayton
 
Php7
longvohoang
 
2021laravelconftwslides6
LiviaLiaoFontech
 
PHP Presentation
JIGAR MAKHIJA
 
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
Cisco DevNet
 
Website releases made easy with the PEAR installer - Barcelona 2008
Helgi Þormar Þorbjörnsson
 
Flyr PHP micro-framework
Siro Díaz Palazón
 
Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]
Ismail Tasdelen
 
RMLL 2014 - OpenLDAP - Manage password policy
Clément OUDOT
 
Document Databases e RavenDB
Comunidade NetPonto
 
LOGBack and SLF4J
jkumaranc
 
香港六合彩
csukxnr
 
Php
HAINIRMALRAJ
 
Ruby Projects and Libraries
Vorleak Chy
 
Website releases made easy with the PEAR installer, OSCON 2009
Helgi Þormar Þorbjörnsson
 
Another Test
seanfrederick
 
How i-won-club hack-precon-ctf-v2
n|u - The Open Security Community
 
Apache
HAINIRMALRAJ
 
Developing high-performance network servers in Lisp
Vladimir Sedach
 
How to save log4net into database
codeandyou forums
 
Ad

Viewers also liked (6)

ZIP
How we use Twisted in Launchpad
Michael Hudson-Doyle
 
DOC
Projektdokumentation Kai Aras Ss08
Kai Aras
 
ZIP
An Introduction to PyPy
Michael Hudson-Doyle
 
PDF
Design patterns - Singleton&Command
Kai Aras
 
PPT
a quick Introduction to PyPy
Kai Aras
 
KEY
Jailbreaking iOS
Kai Aras
 
How we use Twisted in Launchpad
Michael Hudson-Doyle
 
Projektdokumentation Kai Aras Ss08
Kai Aras
 
An Introduction to PyPy
Michael Hudson-Doyle
 
Design patterns - Singleton&Command
Kai Aras
 
a quick Introduction to PyPy
Kai Aras
 
Jailbreaking iOS
Kai Aras
 
Ad

Similar to Kiwipycon command line (20)

PDF
Python RESTful webservices with Python: Flask and Django solutions
Solution4Future
 
PDF
API Design & Security in django
Tareque Hossain
 
PDF
Getting Started with Public APIs
Eryn O'Neil
 
PPTX
How to build Simple yet powerful API.pptx
Channa Ly
 
PDF
OpenStack API's and WSGI
Mike Pittaro
 
PDF
Fun! with the Twitter API
Erin Shellman
 
PDF
Creating Restful Web Services with restish
Grig Gheorghiu
 
PDF
Dennis Byrne - Full Stack Python Security_ Cryptography, TLS, and attack resi...
ngTrm19
 
PDF
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - ...
Innovecs
 
PDF
OAuth and OEmbed
leahculver
 
PDF
How to Implement Token Authentication Using the Django REST Framework
Katy Slemon
 
PPT
Learn REST API with Python
Larry Cai
 
PDF
API SECURITY
Tubagus Rizky Dharmawan
 
PDF
Rest api with Python
Santosh Ghimire
 
PPTX
Automate that
Atlassian
 
PPTX
Automate That! Scripting Atlassian applications in Python
Atlassian
 
PDF
Rest api titouan benoit
Titouan BENOIT
 
PDF
Protecting Your APIs Against Attack & Hijack
CA API Management
 
PDF
How LinkedIn changed its security model in order to offer an API
LinkedIn
 
PDF
Cloud Native API Design and Management
AllBits BVBA (freelancer)
 
Python RESTful webservices with Python: Flask and Django solutions
Solution4Future
 
API Design & Security in django
Tareque Hossain
 
Getting Started with Public APIs
Eryn O'Neil
 
How to build Simple yet powerful API.pptx
Channa Ly
 
OpenStack API's and WSGI
Mike Pittaro
 
Fun! with the Twitter API
Erin Shellman
 
Creating Restful Web Services with restish
Grig Gheorghiu
 
Dennis Byrne - Full Stack Python Security_ Cryptography, TLS, and attack resi...
ngTrm19
 
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - ...
Innovecs
 
OAuth and OEmbed
leahculver
 
How to Implement Token Authentication Using the Django REST Framework
Katy Slemon
 
Learn REST API with Python
Larry Cai
 
API SECURITY
Tubagus Rizky Dharmawan
 
Rest api with Python
Santosh Ghimire
 
Automate that
Atlassian
 
Automate That! Scripting Atlassian applications in Python
Atlassian
 
Rest api titouan benoit
Titouan BENOIT
 
Protecting Your APIs Against Attack & Hijack
CA API Management
 
How LinkedIn changed its security model in order to offer an API
LinkedIn
 
Cloud Native API Design and Management
AllBits BVBA (freelancer)
 

Recently uploaded (20)

PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Cloud computing and distributed systems.
kkkkkhan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 

Kiwipycon command line

  • 1. Giving your website a command line interfaceMichael Hudson-Doylemichael.hudson@linaro.org
  • 2. Linaro and its missionLinaro aims to make Linux work better on ARM processors
  • 3. The ProblemThe ARM ecosystem is very fragmented, and the kernel has a lot of copy and paste code"Gaah. Guys, this whole ARM thing is a f*cking pain in the ass."— Linus Torvalds, 17 Mar 2011https://lwn.net/Articles/437170/
  • 4. Enter Linaro!"Linaro is a not-for-profit software engineering company investing in core Linux software and tools for ARM SoCs."Also about educating the members in how to do open source development...
  • 5. LAVA - Linaro Automated ValidationA bit part of Linaro is about automated validation:Find regressions earlier
  • 7. Maybe even power management changes too...LAVAWe have a bunch of hardware
  • 8. LAVASome scripts and tricks that can boot a board with a new kernel and run some tests.Quick Demo(ever the optimist)
  • 9. LAVAAnd a website that lets you see whats going on
  • 10. The Problem (finally!)We want to do things like trigger test runs when a kernel build finishes.This basically means some kind of Remote Procedure Call (RPC).
  • 11. ParanoiaFor a bunch of reasons, we need some kind of security in our system:The boards in our lab are a limited resource
  • 12. Some risk of mischief
  • 13. Eventually may have test results from unreleased hardware or benchmarks with licenses that forbid publication of resultsProtocol ChoicesWe use XML-RPC
  • 14. We didn't think about this very hard but it is well supported in most languages
  • 15. Will probably add JSON-RPC support at some point for easier browser accessFirst idea: OAuthAn open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.– http://oauth.net/
  • 16. The great thing about standards...<bob2> kennethreitz: oauth is a font of villany and dispair -- #python, Jun 09 11:55:08
  • 17. Also doesn't solve our problemOAuth specifies that various aspects of the request are signed, but not, crucially for us, the body of the request – an important detail, because in XML-RPC the body of the request is where all the important stuff is.
  • 18. Transport Layer Security, here we comeIf you're going as far as to cryptographically sign something, it's not much further to go to actually just encrypt it!
  • 19. And what does everyone know about encryption?Don't implement it yourself(i.e. use HTTPS)
  • 20. Back to BasicAnd if you're operating over HTTPS, you might as well just just good old RFC 2617 Basic Authentication...... but with tokens rather than passwords
  • 21. Tokens > PasswordsBecause we expect the RPC to be invoked from build systems and so on, there is a moderate chance of the token being leaked – so it should not let you take over the owning user's account.In the future, a token might only let you access some APIs.
  • 22. Also, we use SSO...In addition we use Launchpad's SSO service for authentication, so most users don't have a LAVA password!
  • 23. Show me the code!On the server side, we've built a library that lets you add a authenticating XML-RPC to a Django project:https://launchpad.net/linaro-django-xmlrpcIt includes views and models (and very very simple templates) for creating and managing tokens.
  • 24. Server side codeexample/api.py:from linaro_django_xmlrpc.models import ExposedAPIfrom linaro_django_xmlrpc.globals import mapperclass ExampleAPI(ExposedAPI): def whoami(self): if self.user: return self.user.username else: return Nonemapper.register(ExampleAPI)in your urlconf: url(r'', include('linaro_django_xmlrpc.urls')),
  • 25. Client side libraryThis isn't properly factored yet really (it's it all mashed up with our toolkit for doing command line tools), but the code is in "lava-tool":https://launchpad.net/lava-toolIt uses python-keyring for token management.
  • 26. Client-side codefrom lava_tool.authtoken import \ AuthenticatingServerProxy, KeyringAuthBackendauth_backend = KeyringAuthBackend()auth_backend.add_token( "user", "http://server/RPC2/", token)sp = AuthenticatingServerProxy( "http://user@server/RPC2/", auth_backend=auth_backend)print server.whoami()
  • 27. Demo(assuming the first one wasn't a disaster)
  • 28. ConclusionThe lesson:Don't try to be clever – just use HTTPS and Basic auth.The code:lp:linaro-django-xmlrpclp:lava-tool