[Galene] read groups from API

[Galene] read groups from API

[Michael Ströder]

HI!

It would be helpful if groups could be retrieved from a simple web
service which just returns the JSON data.

This would make it possible to integrate with other database-backed
management systems so that implementing #11 is not really needed.

https://github.com/jech/galene/issues/11

I'd volunteer to implement an example web service based on Python with
fastapi module.

What do you think?

Ciao, Michael.

[Galene] Re: read groups from API

[Juliusz Chroboczek]

> It would be helpful if groups could be retrieved from a simple web
> service which just returns the JSON data.

Why does that need to be part of Galène ?  Why can't it be a separate
service that has access to the filesystem with Galène's configuration
files?  This way, Galène doesn't need write access to its configuration
directory, which is good for security and simplifies deployment (you can
run it in a read-only container).

> This would make it possible to integrate with other database-backed
> management systems so that implementing #11 is not really needed.

I fully agree that the management interface should not be part of Galène
itself: Galène never writes to disk except if you ask it to record a file,
which means it can be run on a read-only filesystem, and that two
instances of Galène can use a single configuration directory.

The plan is that Galène should automatically pick up any change being made
to any of its configuration files; this is not quite the case yet:

  - changes to group definition files will be picked up the next time
    a client connects;
  - changes to the ice-servers.json file will be picked up after two
    minutes at most, but will only apply to new clients;
  - changes to the SSL key or to the data/passwd file are not picked up
    yet, but that is planned in the future.

So my opinion is that an administrative interface should not be hacked
into Galène -- it should be a separate program that either has write
access to the filesystem Galène is running on, or a program running on
a different host that propages changes over sftp or rsync.

> I'd volunteer to implement an example web service based on Python with
> fastapi module.

Sure, and don't hesitate to suggest improvements to the configuration file
format.  In particular, I'm not particularly fond of the current
permissions system (op/presenter/other and allow-recording), it doesn't
accurately reflect the one used in the protocol (permissions are a bitmap
of orthogonal permissions, op/present/record; chat is currently implied,
but will become an explicit permission in 0.2.)

Please don't expect me to integrate any management interface to the main
Galène binary -- the management interface and Galène should ideally only
communicate over the shared filesystem.

-- Juliusz

[Galene] Re: read groups from API

[Michael Ströder]

On 1/3/21 2:00 AM, Juliusz Chroboczek wrote:
>> It would be helpful if groups could be retrieved from a simple web
>> service which just returns the JSON data.
> 
> Why does that need to be part of Galène ?  Why can't it be a separate
> service that has access to the filesystem with Galène's configuration
> files?

Of course syncing files would be possible and I will do that if there's
no other possibility. But it's more complicated with some sync latency.

> This way, Galène doesn't need write access to its configuration
> directory, which is good for security and simplifies deployment (you can
> run it in a read-only container).

Galène should not write to its config. But instead of reading a file
from the filesystem it could just send a HTTP(S) request to an API (with
simple HTTP basic authentication).

>> This would make it possible to integrate with other database-backed
>> management systems so that implementing #11 is not really needed.
> 
> I fully agree that the management interface should not be part of Galène
> itself: Galène never writes to disk except if you ask it to record a file,

Be assured I highly appreciate this approach.

> and that two instances of Galène can use a single configuration
> directory.
I'd argue that using a web API is much simpler than a shared network
file system.

>   - changes to group definition files will be picked up the next time
>     a client connects;

Why not just query the group from an API?

>   - changes to the ice-servers.json file will be picked up after two
>     minutes at most, but will only apply to new clients;
>   - changes to the SSL key or to the data/passwd file are not picked up
>     yet, but that is planned in the future.

Both not that important for me. Not sure how others feel about this.

> So my opinion is that an administrative interface should not be hacked
> into Galène

+1, especially because it will never be complete (for whatever defintion
of "complete" one might come up with).

>> I'd volunteer to implement an example web service based on Python with
>> fastapi module.
> 
> Sure, and don't hesitate to suggest improvements to the configuration file
> format.

Yes, I have some ideas like validity period or similar. Will send a
separate message soon.

> In particular, I'm not particularly fond of the current
> permissions system

Agreed. ;-)

Thanks again for Galène.

Ciao, Michael.

[Galene] Re: read groups from API

[Juliusz Chroboczek]

>> - changes to group definition files will be picked up the next time
>> a client connects;

> Why not just query the group from an API?

Why not do both?  Filesystem by default, remote server if configured to do so?

-- Juliusz

[Galene] Re: read groups from API

[Michael Ströder]

On 1/3/21 1:31 PM, Juliusz Chroboczek wrote:
>>> - changes to group definition files will be picked up the next time
>>> a client connects;
> 
>> Why not just query the group from an API?
> 
> Why not do both?  Filesystem by default, remote server if configured to do so?

Yes, this would be very nice.

Ciao, Michael.