Change in ovirt-engine[master]: webadmin: Use existing Engine session for REST API integration
by awels@redhat.com
Alexander Wels has submitted this change and it was merged.
Change subject: webadmin: Use existing Engine session for REST API integration
......................................................................
webadmin: Use existing Engine session for REST API integration
Before this patch
=================
* WebAdmin login triggers creation of separate (logical) Engine session
through creation of new (physical) REST session using HTTP basic auth
-> REST session is acquired using current WebAdmin user credentials
-> REST session ID is provided to all UI plugins
* above causes two separate user login operations with same credentials
and therefore two "user has logged in" events in Engine server log
* acquired (physical) REST session, as well as corresponding (logical)
Engine session, are _NOT_ closed upon WebAdmin logout, even though
these sessions were created with WebAdmin user credentials
After this patch
================
* WebAdmin login _DOES NOT_ trigger creation of separate (logical)
Engine session; instead, it reuses existing Engine user session
-> REST session is still acquired, but instead of HTTP basic auth
credentials, we're passing existing Engine session auth token
to associate REST session with current user's Engine session
-> REST session ID is provided to all UI plugins
* above ensures single user login operation upon WebAdmin login
* since acquired REST session maps to existing Engine session,
WebAdmin user logout makes that REST session unusable, even if
the REST session itself is still alive
We use Prefer:new-auth to ensure that new REST session is created
on each WebAdmin login.
Important note for UI plugin developers
=======================================
REST session ID passed to UI plugins via "RestApiSessionAcquired"
hook, also represented by JSESSIONID cookie for /api, will become
unusable after WebAdmin logout.
Since UI plugins are active (invoked by the infra) only while the
user is authenticated, this shouldn't impact UI plugins that use
provided REST session (cookie) to talk directly with Engine.
Change-Id: Ic3905b3b5834a0f7327321e93064274df0d1db65
Bug-Url: https://bugzilla.redhat.com/1161734
Bug-Url: https://bugzilla.redhat.com/1161730
Signed-off-by: Vojtech Szocs <vszocs(a)redhat.com>
---
M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java
M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/FrontendLoginHandler.java
M frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/FrontendActionTest.java
M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java
5 files changed, 91 insertions(+), 67 deletions(-)
Approvals:
Alexander Wels: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/35185
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic3905b3b5834a0f7327321e93064274df0d1db65
Gerrit-PatchSet: 4
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Vojtech Szocs <vszocs(a)redhat.com>
Gerrit-Reviewer: Alexander Wels <awels(a)redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Daniel Erez <derez(a)redhat.com>
Gerrit-Reviewer: Einav Cohen <ecohen(a)redhat.com>
Gerrit-Reviewer: Kanagaraj M <kmayilsa(a)redhat.com>
Gerrit-Reviewer: Martin Betak <mbetak(a)redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Tomas Jelinek <tjelinek(a)redhat.com>
Gerrit-Reviewer: Vojtech Szocs <vszocs(a)redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzaslavs(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
10 years
Change in ovirt-engine[master]: aaa: filters: add Prefer new-auth option
by awels@redhat.com
Alexander Wels has submitted this change and it was merged.
Change subject: aaa: filters: add Prefer new-auth option
......................................................................
aaa: filters: add Prefer new-auth option
this enforces opening a new http session, this is useful when remote
wants to enforce new session and authorization in persist mode.
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1161734
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1161730
Change-Id: I78e91d9c1994203bd4b278d878b26c843eaad3cf
Signed-off-by: Alon Bar-Lev <alonbl(a)redhat.com>
---
M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java
M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java
M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionValidationFilter.java
M backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/filters/FiltersHelperTest.java
4 files changed, 41 insertions(+), 29 deletions(-)
Approvals:
Alon Bar-Lev: Verified
Alexander Wels: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/35188
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I78e91d9c1994203bd4b278d878b26c843eaad3cf
Gerrit-PatchSet: 4
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Alexander Wels <awels(a)redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Vojtech Szocs <vszocs(a)redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzaslavs(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
10 years
Change in ovirt-engine[master]: aaa: filters: enable accept engine session using header
by awels@redhat.com
Alexander Wels has submitted this change and it was merged.
Change subject: aaa: filters: enable accept engine session using header
......................................................................
aaa: filters: enable accept engine session using header
new header OVIRT-INTERNAL-ENGINE-AUTH-TOKEN accepts token that contains
engine session id.
a new query GetEngineSessionIdToken returns this token.
ui should use the new query and apply the header to avoid double login.
this may be temporary solution for 3.5 life cycle, as such applied only
for restapi.
when engine session is invalidated, all instances that used it are also
invalidated.
Change-Id: I028082cced7043b5af0b9fa7b0548ba888996e9d
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1161734
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1161730
Signed-off-by: Alon Bar-Lev <alonbl(a)redhat.com>
---
A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/EngineSessionTokenAuthenticationFilter.java
M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java
M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionValidationFilter.java
A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/GetEngineSessionIdTokenQuery.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java
M backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml
6 files changed, 106 insertions(+), 14 deletions(-)
Approvals:
Alon Bar-Lev: Verified
Alexander Wels: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/35069
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I028082cced7043b5af0b9fa7b0548ba888996e9d
Gerrit-PatchSet: 8
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Alexander Wels <awels(a)redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Barak Azulay <bazulay(a)redhat.com>
Gerrit-Reviewer: Einav Cohen <ecohen(a)redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Vojtech Szocs <vszocs(a)redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzaslavs(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
10 years
Change in ovirt-engine[ovirt-engine-3.5]: core: Add foreign keys from async_tasks to command_entities
by tnisan@redhat.com
Tal Nisan has submitted this change and it was merged.
Change subject: core: Add foreign keys from async_tasks to command_entities
......................................................................
core: Add foreign keys from async_tasks to command_entities
Change-Id: If66661c75806fbad7821c9a2c9ffebabdeabe485
Bug-Url: https://bugzilla.redhat.com/1161012
Signed-off-by: Yair Zaslavsky <yzaslavs(a)redhat.com>
---
M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/AsyncTaskDAOTest.java
M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/FixturesTool.java
M backend/manager/modules/dal/src/test/resources/fixtures.xml
A packaging/dbscripts/upgrade/03_05_1160_add_foreign_keys_to_async_tasks_table.sql
4 files changed, 20 insertions(+), 5 deletions(-)
Approvals:
Eli Mesika: Looks good to me, approved
Yair Zaslavsky: Verified
--
To view, visit http://gerrit.ovirt.org/35219
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If66661c75806fbad7821c9a2c9ffebabdeabe485
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Yair Zaslavsky <yzaslavs(a)redhat.com>
Gerrit-Reviewer: Eli Mesika <emesika(a)redhat.com>
Gerrit-Reviewer: Tal Nisan <tnisan(a)redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzaslavs(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
10 years
Change in ovirt-log-collector[ovirt-log-collector-3.5]: remove password leak from ovirt-engine setup answer file
by sbonazzo@redhat.com
Sandro Bonazzola has submitted this change and it was merged.
Change subject: remove password leak from ovirt-engine setup answer file
......................................................................
remove password leak from ovirt-engine setup answer file
Change-Id: Ie86186b48e04141d2ed7ee9b2185eb3a09bbc166
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1162781
Signed-off-by: Sandro Bonazzola <sbonazzo(a)redhat.com>
(cherry picked from commit aee7188f3f272c47e49daf10b012d4d314ec52db)
---
M src/sos/plugins/ovirt.py
1 file changed, 15 insertions(+), 0 deletions(-)
Approvals:
Sandro Bonazzola: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/35237
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie86186b48e04141d2ed7ee9b2185eb3a09bbc166
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-log-collector
Gerrit-Branch: ovirt-log-collector-3.5
Gerrit-Owner: Sandro Bonazzola <sbonazzo(a)redhat.com>
Gerrit-Reviewer: Lev Veyde <lveyde(a)redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbonazzo(a)redhat.com>
Gerrit-Reviewer: Simone Tiraboschi <stirabos(a)redhat.com>
Gerrit-Reviewer: Yedidyah Bar David <didi(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
10 years
Change in ovirt-log-collector[master]: remove password leak from ovirt-engine setup answer file
by sbonazzo@redhat.com
Sandro Bonazzola has submitted this change and it was merged.
Change subject: remove password leak from ovirt-engine setup answer file
......................................................................
remove password leak from ovirt-engine setup answer file
Change-Id: Ie86186b48e04141d2ed7ee9b2185eb3a09bbc166
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1162781
Signed-off-by: Sandro Bonazzola <sbonazzo(a)redhat.com>
---
M src/sos/plugins/ovirt.py
1 file changed, 15 insertions(+), 0 deletions(-)
Approvals:
Sandro Bonazzola: Verified; Looks good to me, approved
Simone Tiraboschi: Looks good to me, but someone else must approve
Yedidyah Bar David: Looks good to me, but someone else must approve
--
To view, visit http://gerrit.ovirt.org/35172
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie86186b48e04141d2ed7ee9b2185eb3a09bbc166
Gerrit-PatchSet: 4
Gerrit-Project: ovirt-log-collector
Gerrit-Branch: master
Gerrit-Owner: Sandro Bonazzola <sbonazzo(a)redhat.com>
Gerrit-Reviewer: Lev Veyde <lveyde(a)redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbonazzo(a)redhat.com>
Gerrit-Reviewer: Simone Tiraboschi <stirabos(a)redhat.com>
Gerrit-Reviewer: Yedidyah Bar David <didi(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
10 years
Change in ovirt-engine[ovirt-engine-3.5]: jsonrpc: wrong response key name
by tnisan@redhat.com
Tal Nisan has submitted this change and it was merged.
Change subject: jsonrpc: wrong response key name
......................................................................
jsonrpc: wrong response key name
Change-Id: I2c0cd541a0ea0d43a8599a5f55a184cf6e7f78b7
Signed-off-by: pkliczewski <piotr.kliczewski(a)gmail.com>
Bug-Url: https://bugzilla.redhat.com/1159637
---
M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcVdsServer.java
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Piotr Kliczewski: Verified
Saggi Mizrahi: Looks good to me, but someone else must approve
Oved Ourfali: Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/35223
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2c0cd541a0ea0d43a8599a5f55a184cf6e7f78b7
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Maor Lipchuk <mlipchuk(a)redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Tal Nisan <tnisan(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
10 years
Change in ovirt-engine[master]: core: configurable ssl protocol
by oourfali@redhat.com
Oved Ourfali has submitted this change and it was merged.
Change subject: core: configurable ssl protocol
......................................................................
core: configurable ssl protocol
We need to make ssl protocol configurable.
I tested 3.5 engine and vdsm with all combinations (sslv3, tlsv1) and
there were no issues.
I tested 3.0 engine with 3.5 vdsm and noticed that when tlsv1 was set on
vdsm side the communication failed with wrong protocol version.
I tested 3.0 vdsm with latest engine (tlsv1) and it worked after hacking
host-deploy.
Change-Id: I33a33c15e8a995eb8de7d5131b3dbadc6191f873
Signed-off-by: pkliczewski <piotr.kliczewski(a)gmail.com>
Bug-Url: https://bugzilla.redhat.com/1154184
---
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/host/provider/foreman/ForemanHostProviderProxy.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java
M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/TransportFactory.java
M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/attestation/AttestationService.java
M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/EngineManagerProvider.java
M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcUtils.java
M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/xmlrpc/XmlRpcUtils.java
M backend/manager/modules/vdsbroker/src/test/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcIntegrationTest.java
M packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
M packaging/etc/engine-config/engine-config.properties
11 files changed, 52 insertions(+), 21 deletions(-)
Approvals:
Oved Ourfali: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/34372
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I33a33c15e8a995eb8de7d5131b3dbadc6191f873
Gerrit-PatchSet: 12
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Eli Mesika <emesika(a)redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
10 years
Change in ovirt-engine[ovirt-engine-3.5]: engine : Suspend VM fails with a NullPointerException
by oourfali@redhat.com
Oved Ourfali has submitted this change and it was merged.
Change subject: engine : Suspend VM fails with a NullPointerException
......................................................................
engine : Suspend VM fails with a NullPointerException
Suspending a VM when Async Tasks with no
entityInfo set in parameters are being executed
throws a NPE
Change-Id: I75a807af67c8f6683f2023fe37f7847ef0aa2eb5
Bug-Url: https://bugzilla.redhat.com/1160876
Signed-off-by: Ravi Nori <rnori(a)redhat.com>
---
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveVmCommand.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/tasks/AsyncTaskManager.java
2 files changed, 10 insertions(+), 2 deletions(-)
Approvals:
Ravi Nori: Verified
Oved Ourfali: Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/35228
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I75a807af67c8f6683f2023fe37f7847ef0aa2eb5
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Ravi Nori <rnori(a)redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Ravi Nori <rnori(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
10 years
Change in ovirt-engine[master]: webadmin: Cluster dialog overlapping checkboxes fixed
by awels@redhat.com
Alexander Wels has submitted this change and it was merged.
Change subject: webadmin: Cluster dialog overlapping checkboxes fixed
......................................................................
webadmin: Cluster dialog overlapping checkboxes fixed
'Enable Virt Service' checkbox and 'Enable Gluster Service' checkbox
in New/Edit Cluster dialog were overlapped in webkit based browsers
due to css browser specific media queries.
Change-Id: I07b3d83a0d2af26c6c722542bea7cdf402f7dd2e
Bug-Url: https://bugzilla.redhat.com/1138556
Signed-off-by: Jakub Niedermertl <jniederm(a)redhat.com>
---
M packaging/branding/ovirt.brand/ovirt-patternfly-compat.css
1 file changed, 0 insertions(+), 14 deletions(-)
Approvals:
Alexander Wels: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/35048
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I07b3d83a0d2af26c6c722542bea7cdf402f7dd2e
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Jakub Niedermertl <jniederm(a)redhat.com>
Gerrit-Reviewer: Alexander Wels <awels(a)redhat.com>
Gerrit-Reviewer: Greg Sheremeta <gshereme(a)redhat.com>
Gerrit-Reviewer: Jakub Niedermertl <jniederm(a)redhat.com>
Gerrit-Reviewer: Tomas Jelinek <tjelinek(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
10 years