Re: [Users] Authentication for REST APIs?

From: "Itamar Heim" <iheim(a)redhat.com&gt; To: "Brian Vetter" <bjvetter(a)gmail.com&gt; Cc: users(a)ovirt.org Sent: Tuesday, October 2, 2012 3:15:34 AM Subject: Re: [Users] Authentication for REST APIs? On 10/02/2012 06:28 AM, Brian Vetter wrote: > I've done two different things. First, I associated one of my > groups in my directory with being a VMUser which gave members > access to a particular VM. If I login with one of those users via > the User portal, I can see their VM (or VMs if I do more than > one). If I use the REST API (or ovirt-shell) using this user's > account and password, I get an unauthorized error. > > Similarly, I have another group that is assigned the DomainManager > role. If I add this other user to that group, when I login with > that user via the user portal, I see the advanced portal. If I use > the REST-API (using curl) or ovirt-shell and use the user's login > information, I now am authorized and see a list of VMs returned as > XML (in the case of curl). > > That said, I see all VMs in the system, not just the one assigned > to the user that logged in. So this makes me think that either the > REST API for getting the APIs as suggested by the article is an > administrative API and there is either (a) a different rest > API/uri that returns the logged in user's vms (the list that would > be returned to the portal) or (b) no way to get a particular > user's list of VMs authenticated as the user. you need to specify to the api you want to view things in "user mode" via the filter header. Example: curl -X GET -H "Filter: true" -u user@domain:password http://[servername]:PORT/api/vms