Adding the "Filter:true" header to the curl request
doesn't change anything. If the user account is not an admin account, I get a 401
status result. So my question still stands, can the REST API be used by a mere, non-admin
"mortal" or is it only for administrative functions?
I'm in the process of trying to hook up a different client to a VM managed by ovirt.
I can't use the user portal app. So I was trying to use the REST APIs on behalf of a
normal, non-admin user to get the list of the authenticating user's VMs and their
connection information.
3.1 added support for non admin to use the api.
i.e., this should work.
which specific version are you using?
Brian
On Oct 2, 2012, at 2:15 AM, Itamar Heim wrote:
> On 10/02/2012 06:28 AM, Brian Vetter wrote:
>> I've done two different things. First, I associated one of my groups in my
directory with being a VMUser which gave members access to a particular VM. If I login
with one of those users via the User portal, I can see their VM (or VMs if I do more than
one). If I use the REST API (or ovirt-shell) using this user's account and password, I
get an unauthorized error.
>>
>> Similarly, I have another group that is assigned the DomainManager role. If I add
this other user to that group, when I login with that user via the user portal, I see the
advanced portal. If I use the REST-API (using curl) or ovirt-shell and use the user's
login information, I now am authorized and see a list of VMs returned as XML (in the case
of curl).
>>
>> That said, I see all VMs in the system, not just the one assigned to the user
that logged in. So this makes me think that either the REST API for getting the APIs as
suggested by the article is an administrative API and there is either (a) a different rest
API/uri that returns the logged in user's vms (the list that would be returned to the
portal) or (b) no way to get a particular user's list of VMs authenticated as the
user.
>
> you need to specify to the api you want to view things in "user mode" via
the filter header.
> Example:
> curl -X GET -H "Filter: true" -u user@domain:password
http://[servername]:PORT/api/vms
>
>
>
>>
>> Brian
>>
>> On Oct 1, 2012, at 10:49 PM, Yair Zaslavsky wrote:
>>
>>> Hi Brian,
>>> I looked at the wiki -
>>> I assume you're referring to the "showVm" part.
>>> Have you assigned any permissions to the user that is supposed to view the
VMs?
>>> I assume you created the VMs with the administrator user, so any other user
will require to have a proper permissions in order to view these VMs
>>>
>>> Yair
>>>
>>>
>>> On 10/02/2012 05:09 AM, Brian Vetter wrote:
>>>> I was trying to use both the rest api to view a user's vm
information. I found that the REST APIs always returned an authentication error if the
account I had logged into was not an ovirt administrator. I am guessing that either (a) I
am using the wrong URL in the REST api or (b) you must be some kind of admin to access the
REST APIs. I noticed the same behavior when I was using the ovirt-shell tool.
>>>>
>>>> For example, I was trying to follow the instructions in
http://wiki.ovirt.org/wiki/How_to_Connect_to_SPICE_Console_Without_Portal to get the list
of VMs (presumably for the user that is logging in), I get an unauthorized error. If the
user account I login with in the curl or ovirt-shell connect statement is an admin, I get
the list of VMs.
>>>>
>>>> So my question here is does the REST-API need admin privileges or am I
using a url that requires admin privileges whereas some others don't. And if it is the
latter, is there somewhere that documents the various rest api resources? For example, to
go back to the "How to connect to Spice console ..." article, how would one use
the REST API to fetch one's virtual machines, their status, and connection info for
them?
>>>>
>>>> Thanks,
>>>>
>>>> Brian