Python API
Interacting with XPipe from Python
Introduction
The XPipe Python API is a Python client for the XPipe HTTP API. It is essentially a wrapper for the raw HTTP API and intended to make working with it more convenient. If you are not that comfortable with Python, the API can also be used in other languages via a simple HTTP client library that supports exchanging json requests.
You can find the source code at https://github.com/xpipe-io/xpipe-python-api.
The primary use cases for the Python API are:
- Automatic import and migration of lots of servers from other sources where configuring them manually it would take too much time, e.g. if you want to migrate ~1000 servers to XPipe. There are only limited migration tools for other tools, so using the API makes sense, especially when it comes to also importing secrets.
- Automated management of a fleet of servers. For example, upgrading or configuring a tool on all servers. Especially when the workflow is more than just running a command, e.g., different control flows based on the server configuration. Furthermore, this allows for an automated aggregation of results to check whether the task completed successfully on all systems.
Installation
Connecting to the XPipe application
To start out, you need to enable the API access in the XPipe settings. You can find that under Settings -> HTTP API. For only local API access, you don't need to worry about the API key in the settings menu.
There's also an async version of the client that can be accessed as AsyncClient. All calls are run asynchronously with that client. This page will only cover the sync client though.
Querying connections
A connection reference is just a UUID string. You can query one or multiple existing connections stored in XPipe based on various filters.
Getting connection information
Since each connection reference is just a UUID string, you have to retrieve information for it using another API call.
Adding connections
You can add custom connections as well.
The schema for each connection type is not publicly documented as it might be subject to change. However, you can see the current active schemas for every connection and use that as a basis.
For an SSH connection, it could, for example, look something like this if it references an existing identity:
or something like this if it has encrypted credentials configured in-place:
Encrypting secrets
Based on that information, you can create your own connections via the API. The challenge here is encrypting secrets so that they can be stored correctly. But this is also possible via the API:
Note that you can't decrypt the secrets of these samples yourself if you try it as your XPipe instance uses another unique encryption key. If you're also using a custom vault user passphrase, then the encryption key is unique to your user as well.
Encrypting key information
For SSH, any identities like key references also need to be encrypted. XPipe itself doesn't store the private keys itself, it will only keep references like a file path. These are, however, still encrypted.
With that, you can now create connection schemas and add them like this:
There are also other types of schemas for keys available. For example, to use a specific key file, you would use the following schema and encrypt it:
Of course, there are also more variants for SSH keys. To inspect the key information of an existing connection, you can use the secret_decrypt
function.
Putting it together
Now that the password and key information have been encrypted, you can add a new connection with credentials:
Using reusable identities
To skip the need to pass secrets in-place, you can also create identities instead. Once you have created an identity in XPipe, you can then just use the identity UUID as a reference:
This will make the connection creation much easier. You can also create identites through the same API and with the same encrypted values for the password and SSH key; however, it is easier to use in the GUI.
Adding other connections
While the process of adding an SSH connection has been quite complex due to the encryption, other ways aren't that complex.
To start off, you can also skip adding any data you don't want to include and instead leave it empty. This will still add the connection, but will keep it in an invalid state where you have to configure any missing data in the XPipe interface if you click on it. If you are looking to just import the hostnames first without all the secrets, assigning "identity": None
also works.
Furthermore, most connection types, for example shell environments, do not require any secrets and can therefore be created much easier:
Actions
You can perform actions for the desktop application from the API as well. For more information on actions in general, see the actions page.
Shell operations
You can open remote shell sessions to systems and run arbitrary commands in them.
File system operations
You can interact with the file system of any remote shell as well.