Migrate to Flask-RestX

[abompard]

Fixes #25, #55

Also fixes/implements pagination, fixes a security issue related to the reuse of ldap connections, and fixes/implements credentials delegation so that LDAP queries are done as the connecting user and not the HTTP service (#55).

Using Flask-RestX (or Falsk-Restful) will save us code (and tests) for the REST API mechanics.

Related to #31 since Flask-RestX automatically generates and publishes the OpenAPI spec by introspecting the code and comments. I don't consider #31 entirely fixed by this PR because we need to improve the code's documentation to get the spec to a decent documentation level.

Code coverage is not 100% but I'll improve it over time.

[StephenCoady]

@abompard I've gone through this now commit-by-commit and I have no comments! This PR is crazy good. The pagination code is the only part I'm not 100% clear on how it is working. It might benefit from some comments maybe for us simpler folk :P

One thing: I noticed when I hit an endpoint and I omit the trailing slash like so /groups vs /groups/ that I get a server error. Is there a way to wildcard this? Or do we care? I would have expected both to work.

[abompard]

Thanks! If you omit the trailing slash you should get a redirect response with a Location header that points the the same endpoint with a trailing slash.

The pagination is... yeah. LDAP makes things pretty complex, because it has an internal model of pagination that we can barely use because it can't be use with different LDAP connections, therefore with different HTTP requests. So I'm using the same technique that IPA uses: I request the whole list of record IDs from LDAP, but just the IDs, not the full data. Then I slice that into pages and keep the requested page, and for those IDs only I get the full data.

I agree this would benefit from some docs, could you be more precise as to which parts you thought weren't clear?

Anyway, thanks, I'll merge it as is so we can build new stuff upon it. Thanks a lot for the review!

[StephenCoady]

Thanks! If you omit the trailing slash you should get a redirect response with a Location header that points the the same endpoint with a trailing slash.

Ah, I somehow didn't spot the redirect.

I request the whole list of record IDs from LDAP, but just the IDs, not the full data. Then I slice that into pages and keep the requested page, and for those IDs only I get the full data.

Even this description helps make pagination.py more readable, thanks! Maybe add_page_data could just do with some comments as to that reasoning. Might make future maintenance easier is all.

[abompard]

I've added some docsting but it's severely lacking in that area. I'll try to add more later. For now I'll just merge this PR so we can start building upon it (I plan on fixing the CI script next)