On 10/02/2012 05:20 PM, Brian Vetter wrote:
3.1 added support for non admin to use the api.
i.e., this should work.
which specific version are you using?
From the about box in the admin web app:
oVirt Engine Version:3.1.0-2.fc17
The curl command I send is:
curl --cacert $CA_FILE -X GET -H "Filter: true" -u
user@domain:password https://$OVIRT/api/vms > uservms.xml
The output when my user's group has a DOMAIN_ADMIN role contains the xml
for the VMs. The output when the user's group has either a power user or
a regular user role contains the error response with a 401 unauthorized
error.
I had lots of fun getting this server set up so it is possible I made a
mistake during installation, but it seems pretty functional right now.
Everything seems to be working but I haven't been able to to test out
how/if I can connect a new, non-portal client without having to add new
servlets.
i think you should get an empty list and not a 401 in any case, but just
to make sure - you have the user role on a specific VM and you don't see it?
michael - thoughts?
maybe this was fixed post ovirt 3.1 fedora release?
Brian
On Oct 2, 2012, at 9:57 AM, Itamar Heim wrote:
On 10/02/2012 04:52 PM, Brian Vetter wrote:
Adding the "Filter:true" header to the curl request doesn't change
anything. If the user account is not an admin account, I get a 401
status result. So my question still stands, can the REST API be used
by a mere, non-admin "mortal" or is it only for administrative functions?
I'm in the process of trying to hook up a different client to a VM
managed by ovirt. I can't use the user portal app. So I was trying to
use the REST APIs on behalf of a normal, non-admin user to get the
list of the authenticating user's VMs and their connection information.
3.1 added support for non admin to use the api.
i.e., this should work.
which specific version are you using?
Brian
On Oct 2, 2012, at 2:15 AM, Itamar Heim wrote:
On 10/02/2012 06:28 AM, Brian Vetter wrote:
I've done two different things. First, I associated one of my
groups in my directory with being a VMUser which gave members
access to a particular VM. If I login with one of those users via
the User portal, I can see their VM (or VMs if I do more than one).
If I use the REST API (or ovirt-shell) using this user's account
and password, I get an unauthorized error.
Similarly, I have another group that is assigned the DomainManager
role. If I add this other user to that group, when I login with
that user via the user portal, I see the advanced portal. If I use
the REST-API (using curl) or ovirt-shell and use the user's login
information, I now am authorized and see a list of VMs returned as
XML (in the case of curl).
That said, I see all VMs in the system, not just the one assigned
to the user that logged in. So this makes me think that either the
REST API for getting the APIs as suggested by the article is an
administrative API and there is either (a) a different rest API/uri
that returns the logged in user's vms (the list that would be
returned to the portal) or (b) no way to get a particular user's
list of VMs authenticated as the user.
you need to specify to the api you want to view things in "user
mode" via the filter header.
Example:
curl -X GET -H "Filter: true" -u user@domain:password
http://[servername]:PORT/api/vms
Brian
On Oct 1, 2012, at 10:49 PM, Yair Zaslavsky wrote:
Hi Brian,
I looked at the wiki -
I assume you're referring to the "showVm" part.
Have you assigned any permissions to the user that is supposed to
view the VMs?
I assume you created the VMs with the administrator user, so any
other user will require to have a proper permissions in order to
view these VMs
Yair
On 10/02/2012 05:09 AM, Brian Vetter wrote:
I was trying to use both the rest api to view a user's vm
information. I found that the REST APIs always returned an
authentication error if the account I had logged into was not an
ovirt administrator. I am guessing that either (a) I am using the
wrong URL in the REST api or (b) you must be some kind of admin
to access the REST APIs. I noticed the same behavior when I was
using the ovirt-shell tool.
For example, I was trying to follow the instructions in
http://wiki.ovirt.org/wiki/How_to_Connect_to_SPICE_Console_Without_Portal
to get the list of VMs (presumably for the user that is logging
in), I get an unauthorized error. If the user account I login
with in the curl or ovirt-shell connect statement is an admin, I
get the list of VMs.
So my question here is does the REST-API need admin privileges or
am I using a url that requires admin privileges whereas some
others don't. And if it is the latter, is there somewhere that
documents the various rest api resources? For example, to go back
to the "How to connect to Spice console ..." article, how would
one use the REST API to fetch one's virtual machines, their
status, and connection info for them?
Thanks,
Brian
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
