I believe it no longer works. It was largely written before the lowdata interface had been hashed out.

Salt-master/salt-api installed via the EPEL repo (salt-master tested on epel/epel-testing versions).
Sending the following curl command results in an internal server error (all requests generate the same error).
curl -sik -d "username=USERNAME&password=PASSWORD&eauth=pam" "http://localhost:8000/login"

Generates the following error...

https://gist.github.com/cmeisinger/5275275

External auth is configured in salt-master (tested via salt -a pam * test.ping).

Get first function passing up

jQuery (following the PHP/RoR convention) automatically adds empty brackets to the name of a param when using x-www-form-urlencoded if you pass that param more than once. We should add a small warning to the docs about this.

http://api.jquery.com/jQuery.param/

Thanks to xt on IRC for the report.

I've found that if I point my browser (Firefox or Chrome) at http://127.0.0.1:8000 I get a 500 error:

500 Internal Server Error

The server encountered an unexpected condition which prevented it from fulfilling the request.

Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/CherryPy-3.2.2-py2.6.egg/cherrypy/_cprequest.py", line 656, in respond
    response.body = self.handler()
  File "/usr/lib/python2.6/site-packages/CherryPy-3.2.2-py2.6.egg/cherrypy/lib/encoding.py", line 188, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python2.6/site-packages/saltapi/netapi/rest_cherrypy/app.py", line 220, in hypermedia_handler
    index = os.path.join(cherrypy.config.get('static'), 'index.html')
  File "/usr/lib64/python2.6/posixpath.py", line 67, in join
    elif path == '' or path.endswith('/'):
AttributeError: 'NoneType' object has no attribute 'endswith'

Using Curl on the command line (same host) produces the expected 401 error e.g.

$ curl -v http://127.0.0.1:8000/
* About to connect() to 127.0.0.1 port 8000 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.27.0
> Host: 127.0.0.1:8000
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
< Content-Length: 57
< Vary: Accept-Encoding
< Server: CherryPy/3.2.2
< Allow: GET, HEAD, POST
< Date: Mon, 25 Mar 2013 15:37:44 GMT
< Content-Type: application/json
< Www-Authenticate: Session
< Set-Cookie: session_id=aaea7096b7f5af51e6890fc8d04f3f66dd0e520d; expires=Tue, 26 Mar 2013 01:37:44 GMT; Path=/
< 
* Connection #0 to host 127.0.0.1 left intact
{"status": "401 Unauthorized", "return": "Please log in"}* Closing connection #0

Log from salt-api can be found here: http://pastebin.com/7tMgLdPF

Salt-api needs to be able to be run in daemon mode.

For some strange reason grain.items returns 401

curl -sS localhost:8000/run -H 'Accept: application/x-yaml' -d client='local' -d tgt='*' -d fun='grain.items' -d eauth='pam' -d username='myuser' -d password='mypwd'
return: Please log in
status: 401 Unauthorized

curl -sS localhost:8000/run -H 'Accept: application/x-yaml' -d client='local' -d tgt='*' -d fun='grains.ite' -d eauth='pam' -d username='myuser' -d password='myuser'
return:
- arch-dev-vbox: '"grains.ite" is not available.'

grains.items works correctly.

salt-api --version is 0.8.0

As a side note, this reveals another bug in salt-ui I believe. Not only it asks for authentication again but then after a successful re-authentication, it enters what looks like an infinite loop to the user

Should be easy to fix:

[jeff@omniscience salt-ui]$ salt-api -l debug
[INFO    ] Loaded configuration file: /etc/salt/master
[DEBUG   ] Created pidfile: /var/run/salt-master.pid
[DEBUG   ] Failed to set the ownership of PID file /var/run/salt-master.pid to user root
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/salt/utils/process.py", line 47, in set_pidfile
    os.chown(pidfile, uid, gid)
OSError: [Errno 1] Operation not permitted: '/var/run/salt-master.pid'
Failed to set the ownership of PID file /var/run/salt-master.pid to user root

I don't really see how to start the rest_cherrypy netapi module ...

What needs to be added to the master config file exactly so that he command 'salt-api' start the rest server ?

rest_cherrypy:
  - port: 8000

or does it need to be wrapped with "saltapi" or "netapi" ?

I am using the latest github src.

Thanks for your help.

The cheroot server helpfully denies http requests to an https port, however we should wrap that and provide a friendlier redirect.

The rest_cherrypy module should explain that eauth must be configured and in use.

The post-login redirect is programatically useless (makes sense for browsers but not an API). Instead return JSON of the token and expiration.

...and also return the configured eauth authorization for the current user (the section in the opts dict for the current user). This will allow a client to be more intelligent about what commands are available to execute.

Currently it's just looking for a token, not using it. Thanks to s0lar for noticing this.

Currently, the minion response when a job hasn't completed is:
bash-3.2$ curl -i localhost:8000/jobs/20130225115005304834 \

    -H "X-Auth-Token: 129c6a5dadd1463932fd9db452b52148c44c6c91" \

-H "Accept: application/json"
HTTP/1.1 200 OK
Content-Length: 16
Vary: Accept-Encoding
Server: CherryPy/3.2.2
Allow: GET, HEAD, POST
Cache-Control: private
Date: Mon, 25 Feb 2013 19:50:12 GMT
Content-Type: application/json
Set-Cookie: session_id=129c6a5dadd1463932fd9db452b52148c44c6c91; expires=Tue, 26 Feb 2013 05:50:12 GMT; Path=/

{"return": [{}]}

I am using this and a combination of saltutil.running to determine whether the job is still running, dead or completed. However, if the other issues like streaming responses get incorporated, it will become increasingly difficult to detect the state of any given job. Is it possible to return more information about what the state of the job is in the response?

A way to logout should be provided in the cherrypy netapi. This just prevents abuse from a token that is no longer being used.

With cherrypy 3.1.2, salt-api was exiting with state '0' no matter what I put in the config. In-line debugging showed that the netapi var in client.py was always empty.

Updating to 3.2.2 in my venv seems to have fixed things -- the server now starts and listens.

       <h2>500 Internal Server Error</h2>
        <p>The server encountered an unexpected condition which prevented it from fulfilling the request.</p>
        <pre id="traceback">Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/cherrypy/_cprequest.py", line 656, in respond
    response.body = self.handler()
  File "/usr/lib/python2.6/site-packages/cherrypy/lib/encoding.py", line 188, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python2.6/site-packages/saltapi/netapi/rest_cherrypy/__init__.py", line 141, in hypermedia_handler
    'message': '{0}'.format(exc) if cherrypy.config['debug']
KeyError: 'debug'

ping.test works on this target, and the append works correctly if called from the CLI on the Salt master.

rest api!

Log Excerpt: http://pastebin.com/rDVgSgR5

salt-api 0.75

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 656, in respond
    response.body = self.handler()
  File "/usr/local/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 188, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/saltapi/netapi/rest_cherrypy/__init__.py", line 148, in hypermedia_handler
    index = os.path.join(cherrypy.config['static'], 'index.html')
KeyError: 'static'

at this place, cherrypy.config seem to be just cherrypy config... not the rest_cherrypy dict value in master config.

Hi, hope here is the right location for this "bug"-report.

I noticed if I call a cmd on a server from within Python

  import salt.client
  saltclient = salt.client.LocalClient()
  saltclient.cmd('salttest*', 'test.ping')

it won't work if the server is registered as "Salttest" or "SALTTEST".

Within the bash-cmd there is no case sensitivity.

I don't know if this is intended or a "bug". I only think it would be more clear if you can write within Python the same way you write it in bash. As I store server-names in a DB (NC) I used expr_form='pcre' and put the names in a regex to get around this.

Marius

Accept multiple arg params. Compound commands must be supplied via yaml or json.

Use Salt's CA module for generating a cert.

When getting salt-api installed on Ubuntu 12.04 x86_64, I also installed CherryPy as was recommended in the documentation (sudo apt-get install python-cherrypy) and when trying to start salt-api it would silently fail. This was fixed by removing python-cherrypy (v2.3.0-3build1 at the time of this ticket) and installing python-cherrypy3 (v3.2.2-2) instead.

Requires saltstack/salt#3949

I am noticing 500 errors when trying to login concurrently using pam as the external auth. The log message is:

127.0.0.1 - - [13/Mar/2013:08:05:26] "POST /login HTTP/1.1" 500 37 "" "curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5"
[CRITICAL] Authentication module threw an exception: argument 1: <type 'exceptions.TypeError'>: expected PamHandle instance instead of PamHandle
[CRITICAL] Authentication module threw an exception: argument 1: <type 'exceptions.TypeError'>: expected PamHandle instance instead of PamHandle
[CRITICAL] Authentication module threw an exception: argument 1: <type 'exceptions.TypeError'>: expected PamHandle instance instead of PamHandle
[CRITICAL] Authentication module threw an exception: argument 1: <type 'exceptions.TypeError'>: expected PamHandle instance instead of PamHandle
127.0.0.1 - - [13/Mar/2013:08:05:26] "POST /login HTTP/1.1" 500 37 "" "curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5"
Traceback (most recent call last):
Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 313, in 'calling callback function'
  File "/Library/Python/2.7/site-packages/salt/auth/pam.py", line 122, in my_conv
    p_response[0] = cast(addr, POINTER(PamResponse))
  File "_ctypes/callbacks.c", line 313, in 'calling callback function'
TypeError:   File "/Library/Python/2.7/site-packages/salt/auth/pam.py", line 122, in my_conv
incompatible types, LP_PamResponse instance instead of LP_PamResponse instance    p_response[0] = cast(addr, POINTER(PamResponse))
TypeError: incompatible types, LP_PamResponse instance instead of LP_PamResponse instance

To reproduce:

1. Start salt master and salt api
2. Generate load against salt-api using multiple processes all performing:

curl -sik -d "username=<user>&password=<password>&eauth=pam" "http://localhost:8000/login" 

Monitor logs and curl output. The curls will start returning:

HTTP/1.1 500 Internal Server Error
Content-Length: 37
Vary: Accept-Encoding
X-Auth-Token: 144a00d097bc58749cf816f2443b6086796c7716
Allow: GET, HEAD, POST
Date: Wed, 13 Mar 2013 15:05:02 GMT
Server: CherryPy/3.2.2
Content-Type: application/json
Set-Cookie: session_id=144a00d097bc58749cf816f2443b6086796c7716; expires=Thu, 14 Mar 2013 01:05:02 GMT; Path=/

{"status": 500, "message": "'token'"}

I am running salt-api 0.7.5 on OSX but I have also seen the same issue on RHEL6 inside a vagrant instance. Salt master is on version 0.13.1-45-gd52d617. CherryPy is 3.2.2.

Is it at a state where a fledgling release could be made yet?

This occurs when building from master, or from the v0.7.1 tarball, but not from develop.

Example of setup.py output for master: http://pastebin.com/xAjT3wpR

Example for develop: http://pastebin.com/CP7zwwGz

I am not sure if this is intended or not.

If I run a cmd.run on a file I have got a python error from the minion saying that the directory does not exist (which is right because it is a file)

I am trying this via SaltUI:
cmd.run ls /etc/salt --> works fine
cmd.run cat /etc/salt/master --> failed

I have not tried it with curl so I cannot say for sure that the issue is not related to the UI.

As an obvious note, it does work using the salt command line

Maybe I miss the doc that describes this limitation ?

Running the CherryPy server isn't required. Add a standalone wsgi file and documentation on how to run the rest_cherrypy module directly from Apache's mod_wsgi and others.

Salt returns can be iterative; we need to utilize that and stream the responses to execution requests as we get them back from minions.