Remote Administration per REST.

Shawn Beasley06. Sep 2019 | Miscellaneous

Disclaimer:

The practical examples presented in our technical blog (blog.otrs.com) and now in the expert category in our FAQ blog section serve as a source of ideas and documentation to show what is theoretically possible with OTRS in concrete scenarios or sometimes even for more exotic configurations. All configurations presented here were developed under laboratory conditions as a proof of concept. 

We can only guarantee testing and implementation of these concepts to be error-free and productive if implemented in a workshop with one of our OTRS consultants. Without this, the responsibility lies with the customer himself. Please note that configurations from older OTRS versions may not work in the newer ones.


OTRS has offered an external API since OTRS 7. This API, however, does not cover administrator actions. Many users may remember, in older versions, there was an RPC interface via the rpc.pl script. This has gone away. Fortunately, one little known fact is that the RPC feature is still available via the Generic Interface.

This allows admins to remotely administer their OTRS via a REST or SOAP call, among other methods.

Just gimme the core message.

In order to have access to the power of the perl API, you need to configure OTRS to allow access to this controller — Generic::RPC

WARNING: This is a security threat if you don’t know what you are doing.

Activate Controller

Search for Generic::RPC in the system configuration.

Set this to active and deploy.

Activate Object

Determine which object is to be used and activate it in the system configuration.

Search for GenericInterface::Operation::Generic::RPC::Modules###001-Default


Modify, if needed, by adding the system module to be used, save and deploy.

Note: In this case, we want to add or invalidate a group, so we do not need to add a new object.

Adding a Group via the Generic Interface Using the Generic::RPC Controller

In order to accomplish this, you need the documentation for the controller (Kernel::GenericInterface::Operation::Generic::RPC) and the operation (Kernel::System::Group) you want to control.

You need to configure a new web service. (Read how on-line: Web Services) For our example, we will use REST for our transport.

 

As you can see, we need:

  • a provider operation using the controller Generic::RPC
  • a defined route in the transport settings
  • a tool to make the request (see Postman).

In our documentation of the controller,  we read that you need the following (as of OTRS 7).

my $Result = $OperationObject->Run(
    Data => {
        UserLogin         => 'some agent login',     # (required) 
        CustomerUserLogin => 'some customer login',  #
        SessionID         => 123,                    #
        Password          => 'some password',        # required with UserLogin or CustomerUserLogin.
        Object            => 'Ticket',               # (required)
        Method            => 'TicketGet',            # (required)
        Parameter         => { TicketID => 123, },   # (optional)
    },
);

The “Object” is always the system module to be used. The “Method” is the function to be called. We will use GroupAdd() from Kernel::System::Group

This is our example request.

The result is that a group named web-service is added (see title picture above) with the comment “added via webservice.” This group is immediately ready for use by OTRS.

Summary (TL/DR)

It is possible to access core functions of OTRS using the Generic::RPC. This will require a deeper understanding of how OTRS works and its data model, but it’s possible. Using this as a loopback web service can help administrators implement features which are not currently available.

Have more interest? Contact sales@otrs.com for a web service design workshop or administrator training.

#2
Shawn Beasley at 14.02.2020, 13:46

I know why, you have to contact the managed team. Your system is using roles (GOOD 4 U), but the Generic::RPC requires a user to group relationship which can be done with a command line switch. Please utilise your service contract :)

#1
Morten Bøhmer at 14.02.2020, 12:18

thank you for your code example, when we try to do the same we get the following: $VAR1 = { 'Error' => { 'ErrorCode' => 'RPC.PermissionDenied', 'ErrorMessage' => 'RPC: You are not allowed to execute objects via this operation!' } }; This is running on OTRS managed instance. Any ideas why we get permission denied ?

Your email address will not be published. Required fields are marked *