----- Original Message ----- > From: "Einav Cohen" <eco...@redhat.com> > To: "Yaniv Dary" <yd...@redhat.com> > Cc: "Vojtech Szocs" <vsz...@redhat.com>, devel@ovirt.org > Sent: Wednesday, December 3, 2014 3:56:00 PM > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > integration > > > ----- Original Message ----- > > From: "Yaniv Dary" <yd...@redhat.com> > > Sent: Wednesday, December 3, 2014 5:02:19 AM > > > > Does this affect any 3rd parties that implemented UI plugins? > > this affects any UI plugin that utilizes the rest-api-session *generated > by the ui-plugins infrastructure* outside the context of the client/browser; > I.e., plugins that send the ui-plugins-infra-generated-rest-api-session-id > to some (3rd party) server-side (which is not aware of the client's browser/ > web-admin status at all) that performs communication with the engine's rest- > api based on that rest-api-session-id.
To explain a bit about REST integration for UI plugins: right upon each successful WebAdmin GUI login, WebAdmin's UI plugin infra will acquire new REST session and pass the REST session ID to all UI plugins through "RestApiSessionAcquired" callback [1]. [1] http://www.ovirt.org/Features/UIPlugins#REST_API_integration Any UI plugin can register "RestApiSessionAcquired" callback handler and be notified of REST session ID. Typically, UI plugin itself can talk with Engine REST API. I assume this covers the majority of all UI plugins utilizing the "RestApiSessionAcquired" callback. These plugins do NOT need to be modified at all. However, passing this (UI plugin & WebAdmin GUI user specific) REST session ID to any 3rd party is generally discouraged since as of 3.5 the REST session won't be usable after WebAdmin GUI user logs out [2]. When GUI user logs in again, new REST session ID will be passed to UI plugins. [2] http://gerrit.ovirt.org/#/c/35185/ > > > Will they need to change anything or is this change more a behaviour change > > only? > > for the plugins that I mentioned above: assuming these plugins would like > retain their functionality and have their server-side perform communication > with the engine's rest-api regardless of the current status of the client's > browser/web-admin (active/logged-in/logged-out/...), they will need to change > their code to obtain their own rest-api-session (to be used by the server- > side), rather than rely on the rest-api-session that was obtained by the ui- > plugins infrastructure for them; the latter should be used *only* for the > plugin's *client*-side communication with the engine's rest-api. Yes. In other words, REST session ID obtained via "RestApiSessionAcquired" callback is scoped to current WebAdmin GUI user. Any 3rd party (outside of UI plugin context) should manage its "own" REST session. > > if these plugins will not change their code as described above - these > plugins' server-side communication with the engine's rest-api will break > upon web-admin logout (which may be an acceptable 'breakage' for some > plugins - this is really up to each ui-plugin author to make this decision). > > all other plugins (i.e. plugins that use the ui-plugins-infra-generated-rest- > api-session only within the client context, plugins that don't use this rest- > api-session at all, etc.) can remain as-is - they will not be affected. > > > > > > > > > Yaniv > > > > ----- Original Message ----- > > > From: "Vojtech Szocs" <vsz...@redhat.com> > > > To: "Alon Bar-Lev" <alo...@redhat.com> > > > Cc: devel@ovirt.org > > > Sent: Tuesday, December 2, 2014 7:12:21 PM > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > > integration > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Alon Bar-Lev" <alo...@redhat.com> > > > > To: "Sven Kieske" <s.kie...@mittwald.de> > > > > Cc: devel@ovirt.org > > > > Sent: Tuesday, December 2, 2014 9:43:18 AM > > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > > > integration > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Sven Kieske" <s.kie...@mittwald.de> > > > > > To: devel@ovirt.org > > > > > Sent: Tuesday, December 2, 2014 10:41:00 AM > > > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > > > > integration > > > > > > > > > > > > > > > > > > > > On 01/12/14 20:26, Vojtech Szocs wrote: > > > > > > In other words, usability of REST session ID is now strictly > > > > > > scoped to GUI user being authenticated. If the user logs in, > > > > > > (always) new REST session ID will be passed to all UI plugins. > > > > > > If the user logs out, REST session ID will not work anymore. > > > > > > > > > > What if I use just REST for logging in and doing something > > > > > without any GUI interaction at all? > > > > > > This announcement was about UI plugins in WebAdmin. If you use > > > Engine REST API without any GUI interaction involved, you aren't > > > affected in any way. > > > > > > > > > > > > > this reads a little like: you always need an open web gui > > > > > to be able to use REST, which does not make sense at all. > > > > > > Sorry if my email confused you. It should read like: if you're > > > an author of oVirt UI plugin for WebAdmin, please beware that > > > REST API session ID (automatically acquired by UI plugin infra > > > on behalf of all UI plugins) will not work after GUI logout. > > > > > > > > > > > If you provide your own credentials nothing changed. > > > > > > > > The change is only effecting RESTAPI usage within the user interface > > > > using > > > > the credentials obtained interactively from the user within login page. > > > > > > > > > So I guess I'm misreading this? > > > > > > > > > > -- > > > > > Mit freundlichen Grüßen / Regards > > > > > > > > > > Sven Kieske > > > > > > > > > > Systemadministrator > > > > > Mittwald CM Service GmbH & Co. KG > > > > > Königsberger Straße 6 > > > > > 32339 Espelkamp > > > > > T: +49-5772-293-100 > > > > > F: +49-5772-293-333 > > > > > https://www.mittwald.de > > > > > Geschäftsführer: Robert Meyer > > > > > St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad > > > > > Oeynhausen > > > > > Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad > > > > > Oeynhausen > > > > > _______________________________________________ > > > > > Devel mailing list > > > > > Devel@ovirt.org > > > > > http://lists.ovirt.org/mailman/listinfo/devel > > > > _______________________________________________ > > > > Devel mailing list > > > > Devel@ovirt.org > > > > http://lists.ovirt.org/mailman/listinfo/devel > > > _______________________________________________ > > > Devel mailing list > > > Devel@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/devel > > _______________________________________________ > > Devel mailing list > > Devel@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/devel > _______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
