--Apple-Mail=_4EAD8554-0B0E-4319-812F-9E0B82F673A7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 I also tried a simple connect to the home of the ovirt server in the = ovirt-shell: [oVirt shell (disconnected)]# connect https://ovirtserver <user> <pass> error: 'str' object has no attribute 'product_info' [oVirt shell (disconnected)]#=20 So this happens without trying to get to the api/vms. As to your question:
i think you should get an empty list and not a 401 in any case, but = just to make sure - you have the user role on a specific VM and you = don't see it?
On 10/02/2012 05:20 PM, Brian Vetter wrote:
3.1 added support for non admin to use the api. i.e., this should work. which specific version are you using? =20 =46rom the about box in the admin web app: =20 oVirt Engine Version:3.1.0-2.fc17 =20 =20 The curl command I send is: =20 curl --cacert $CA_FILE -X GET -H "Filter: true" -u user@domain:password https://$OVIRT/api/vms > uservms.xml =20 =20 The output when my user's group has a DOMAIN_ADMIN role contains the = xml for the VMs. The output when the user's group has either a power user = or a regular user role contains the error response with a 401 = unauthorized error. =20 I had lots of fun getting this server set up so it is possible I made = a mistake during installation, but it seems pretty functional right = now. Everything seems to be working but I haven't been able to to test out how/if I can connect a new, non-portal client without having to add = new servlets. =20 i think you should get an empty list and not a 401 in any case, but = just to make sure - you have the user role on a specific VM and you = don't see it? michael - thoughts? maybe this was fixed post ovirt 3.1 fedora release? =20 =20 Brian =20 On Oct 2, 2012, at 9:57 AM, Itamar Heim wrote: =20 On 10/02/2012 04:52 PM, Brian Vetter wrote:
Adding the "Filter:true" header to the curl request doesn't change anything. If the user account is not an admin account, I get a 401 status result. So my question still stands, can the REST API be = used by a mere, non-admin "mortal" or is it only for administrative = functions? =20 I'm in the process of trying to hook up a different client to a VM managed by ovirt. I can't use the user portal app. So I was trying = to use the REST APIs on behalf of a normal, non-admin user to get the list of the authenticating user's VMs and their connection = information. =20 3.1 added support for non admin to use the api. i.e., this should work. which specific version are you using? =20 =20 Brian =20 On Oct 2, 2012, at 2:15 AM, Itamar Heim wrote: =20
On 10/02/2012 06:28 AM, Brian Vetter wrote:
I've done two different things. First, I associated one of my groups in my directory with being a VMUser which gave members access to a particular VM. If I login with one of those users via the User portal, I can see their VM (or VMs if I do more than = one). If I use the REST API (or ovirt-shell) using this user's account and password, I get an unauthorized error. =20 Similarly, I have another group that is assigned the = DomainManager role. If I add this other user to that group, when I login with that user via the user portal, I see the advanced portal. If I = use the REST-API (using curl) or ovirt-shell and use the user's login information, I now am authorized and see a list of VMs returned = as XML (in the case of curl). =20 That said, I see all VMs in the system, not just the one assigned to the user that logged in. So this makes me think that either =
REST API for getting the APIs as suggested by the article is an administrative API and there is either (a) a different rest = API/uri that returns the logged in user's vms (the list that would be returned to the portal) or (b) no way to get a particular user's list of VMs authenticated as the user. =20 you need to specify to the api you want to view things in "user mode" via the filter header. Example: curl -X GET -H "Filter: true" -u user@domain:password http://[servername]:PORT/api/vms =20 =20 =20 =20 Brian =20 On Oct 1, 2012, at 10:49 PM, Yair Zaslavsky wrote: =20 > Hi Brian, > I looked at the wiki - > I assume you're referring to the "showVm" part. > Have you assigned any permissions to the user that is supposed = to > view the VMs? > I assume you created the VMs with the administrator user, so any > other user will require to have a proper permissions in order to > view these VMs >=20 > Yair >=20 >=20 > On 10/02/2012 05:09 AM, Brian Vetter wrote: >> I was trying to use both the rest api to view a user's vm >> information. I found that the REST APIs always returned an >> authentication error if the account I had logged into was not = an >> ovirt administrator. I am guessing that either (a) I am using =
Yes, I believe this is true. If the same user logs into the user portal, = he can see the VM and start/stop it. =46rom the ovirt admin portal, I = see the following permissions for the VM: User Role Brian Vetter (bjvetter@domain) UserRole Brian On Oct 2, 2012, at 10:27 AM, Itamar Heim wrote: the the
>> wrong URL in the REST api or (b) you must be some kind of admin >> to access the REST APIs. I noticed the same behavior when I was >> using the ovirt-shell tool. >>=20 >> For example, I was trying to follow the instructions in >> = http://wiki.ovirt.org/wiki/How_to_Connect_to_SPICE_Console_Without_Portal >> to get the list of VMs (presumably for the user that is logging >> in), I get an unauthorized error. If the user account I login >> with in the curl or ovirt-shell connect statement is an admin, = I >> get the list of VMs. >>=20 >> So my question here is does the REST-API need admin privileges = or >> am I using a url that requires admin privileges whereas some >> others don't. And if it is the latter, is there somewhere that >> documents the various rest api resources? For example, to go = back >> to the "How to connect to Spice console ..." article, how would >> one use the REST API to fetch one's virtual machines, their >> status, and connection info for them? >>=20 >> Thanks, >>=20 >> Brian =20 =20 =20 =20 =20 =20
<blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite">Similarly, I have another group that is assigned the = DomainManager<br></blockquote></blockquote></blockquote></blockquote></blo= ckquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">role. = If I add this other user to that group, when I login = with<br></blockquote></blockquote></blockquote></blockquote></blockquote><=
<blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">That = said, I see all VMs in the system, not just the one = assigned<br></blockquote></blockquote></blockquote></blockquote></blockquo= te><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">to the = user that logged in. So this makes me think that either =
<blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">list = of VMs authenticated as the = user.<br></blockquote></blockquote></blockquote></blockquote></blockquote>= <blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote><blo= ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">you need to specify to the api = you want to view things in = "user<br></blockquote></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">mode" via the filter =
</blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">On Oct = 1, 2012, at 10:49 PM, Yair Zaslavsky = wrote:<br></blockquote></blockquote></blockquote></blockquote></blockquote= <blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">Hi = Brian,<br></blockquote></blockquote></blockquote></blockquote></blockquote= </blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">I = looked at the wiki = -<br></blockquote></blockquote></blockquote></blockquote></blockquote></bl= ockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">I assume you're referring to the = "showVm" =
</blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">I was trying to use both the = rest api to view a user's = vm<br></blockquote></blockquote></blockquote></blockquote></blockquote></b= lockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">information. I found that the = REST APIs always returned = an<br></blockquote></blockquote></blockquote></blockquote></blockquote></b= lockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">authentication error if the = account I had logged into was not = an<br></blockquote></blockquote></blockquote></blockquote></blockquote></b= lockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">ovirt administrator. I am = guessing that either (a) I am using =
--Apple-Mail=_4EAD8554-0B0E-4319-812F-9E0B82F673A7 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1 <html><head></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I = also tried a simple connect to the home of the ovirt server in the = ovirt-shell:<div><br></div><blockquote class=3D"webkit-indent-blockquote" = style=3D"margin: 0 0 0 40px; border: none; padding: = 0px;"><div><div>[oVirt shell (disconnected)]# connect <a = href=3D"https://ovirtserver">https://ovirtserver</a> <user> = <pass></div></div><div><div><br></div></div><div><div>error: 'str' = object has no attribute = 'product_info'</div></div><div><br></div><div><div>[oVirt shell = (disconnected)]# </div></div></blockquote><div><div><br></div></div><= div>So this happens without trying to get to the = api/vms.</div><div><br></div><div>As to your question:</div><blockquote = class=3D"webkit-indent-blockquote" style=3D"margin: 0 0 0 40px; border: = none; padding: 0px;"><div><blockquote type=3D"cite"><div>i think you = should get an empty list and not a 401 in any case, but just to make = sure - you have the user role on a specific VM and you don't see = it?</div></blockquote></div></blockquote><div><br></div><div>Yes, I = believe this is true. If the same user logs into the user portal, he can = see the VM and start/stop it. =46rom the ovirt admin portal, I see the = following permissions for the VM:</div><div><br></div><div><b>User<span = class=3D"Apple-tab-span" style=3D"white-space:pre"> = </span>Role</b></div><div>Brian Vetter = (bjvetter@domain)<span class=3D"Apple-tab-span" style=3D"white-space:pre">= = </span>UserRole</div><div><br></div><div>Brian</div><div><br></div><div><d= iv><div>On Oct 2, 2012, at 10:27 AM, Itamar Heim wrote:</div><br = class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div>On = 10/02/2012 05:20 PM, Brian Vetter wrote:<br><blockquote = type=3D"cite"><blockquote type=3D"cite">3.1 added support for non admin = to use the api.<br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">i.e., this should = work.<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">which specific version are you = using?<br></blockquote></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite"> =46rom the = about box in the admin web app:<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite"> = oVirt Engine = Version:3.1.0-2.fc17<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The curl = command I send is:<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite"> = curl --cacert $CA_FILE -X GET -H "Filter: true" = -u<br></blockquote><blockquote type=3D"cite"> = user@domain:password <a = href=3D"https://$OVIRT/api/vms">https://$OVIRT/api/vms</a> > = uservms.xml<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The output when = my user's group has a DOMAIN_ADMIN role contains the = xml<br></blockquote><blockquote type=3D"cite">for the VMs. The output = when the user's group has either a power user = or<br></blockquote><blockquote type=3D"cite">a regular user role = contains the error response with a 401 = unauthorized<br></blockquote><blockquote = type=3D"cite">error.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">I had lots of = fun getting this server set up so it is possible I made = a<br></blockquote><blockquote type=3D"cite">mistake during installation, = but it seems pretty functional right now.<br></blockquote><blockquote = type=3D"cite">Everything seems to be working but I haven't been able to = to test out<br></blockquote><blockquote type=3D"cite">how/if I can = connect a new, non-portal client without having to add = new<br></blockquote><blockquote = type=3D"cite">servlets.<br></blockquote><br>i think you should get an = empty list and not a 401 in any case, but just to make sure - you have = the user role on a specific VM and you don't see it?<br>michael - = thoughts?<br>maybe this was fixed post ovirt 3.1 fedora = release?<br><br><blockquote type=3D"cite"><br></blockquote><blockquote = type=3D"cite">Brian<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">On Oct 2, 2012, = at 9:57 AM, Itamar Heim wrote:<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">On 10/02/2012 04:52 PM, Brian Vetter = wrote:<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">Adding the "Filter:true" header = to the curl request doesn't = change<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite">anything. If the user account is not an admin account, I = get a 401<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">status = result. So my question still stands, can the REST API be = used<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">by a = mere, non-admin "mortal" or is it only for administrative = functions?<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">I'm in = the process of trying to hook up a different client to a = VM<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">managed = by ovirt. I can't use the user portal app. So I was trying = to<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">use = the REST APIs on behalf of a normal, non-admin user to get = the<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">list = of the authenticating user's VMs and their connection = information.<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">3.1 added support for non admin = to use the api.<br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite">i.e., this should = work.<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite">which specific version are you = using?<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite">Brian<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">On Oct = 2, 2012, at 2:15 AM, Itamar Heim = wrote:<br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">On 10/02/2012 06:28 AM, Brian = Vetter = wrote:<br></blockquote></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">I've = done two different things. First, I associated one of = my<br></blockquote></blockquote></blockquote></blockquote></blockquote><bl= ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">groups = in my directory with being a VMUser which gave = members<br></blockquote></blockquote></blockquote></blockquote></blockquot= e><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">access = to a particular VM. If I login with one of those users = via<br></blockquote></blockquote></blockquote></blockquote></blockquote><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">the = User portal, I can see their VM (or VMs if I do more than = one).<br></blockquote></blockquote></blockquote></blockquote></blockquote>= <blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">If I = use the REST API (or ovirt-shell) using this user's = account<br></blockquote></blockquote></blockquote></blockquote></blockquot= e><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">and = password, I get an unauthorized = error.<br></blockquote></blockquote></blockquote></blockquote></blockquote= blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">that = user via the user portal, I see the advanced portal. If I = use<br></blockquote></blockquote></blockquote></blockquote></blockquote><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">the = REST-API (using curl) or ovirt-shell and use the user's = login<br></blockquote></blockquote></blockquote></blockquote></blockquote>= <blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite">information, I now am authorized and see a list of VMs = returned = as<br></blockquote></blockquote></blockquote></blockquote></blockquote><bl= ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">XML = (in the case of = curl).<br></blockquote></blockquote></blockquote></blockquote></blockquote= the<br></blockquote></blockquote></blockquote></blockquote></blockquote><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">REST = API for getting the APIs as suggested by the article is = an<br></blockquote></blockquote></blockquote></blockquote></blockquote><bl= ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite">administrative API and there is either (a) a different = rest = API/uri<br></blockquote></blockquote></blockquote></blockquote></blockquot= e><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">that = returns the logged in user's vms (the list that would = be<br></blockquote></blockquote></blockquote></blockquote></blockquote><bl= ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">returned= to the portal) or (b) no way to get a particular = user's<br></blockquote></blockquote></blockquote></blockquote></blockquote= header.<br></blockquote></blockquote></blockquote></blockquote><blockquote= type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite">Example:<br></blockquote></blockquote></blockquote></blockqu= ote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">curl -X GET -H "Filter: true" -u = user@domain:password<br></blockquote></blockquote></blockquote></blockquot= e><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><a = href=3D"http://[servername]:PORT/api/vms">http://[servername]:PORT/api/vms= </a><br></blockquote></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote><blo= ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote><blo= ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote><blo= ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite">Brian<br></blockquote></blockquote></blockquote></blockquote= part.<br></blockquote></blockquote></blockquote></blockquote></blockquote>= </blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">Have = you assigned any permissions to the user that is supposed = to<br></blockquote></blockquote></blockquote></blockquote></blockquote></b= lockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">view the = VMs?<br></blockquote></blockquote></blockquote></blockquote></blockquote><= /blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">I = assume you created the VMs with the administrator user, so = any<br></blockquote></blockquote></blockquote></blockquote></blockquote></= blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote= type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">other user will require to have = a proper permissions in order = to<br></blockquote></blockquote></blockquote></blockquote></blockquote></b= lockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">view these = VMs<br></blockquote></blockquote></blockquote></blockquote></blockquote></= blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote= type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite">Yair<br></blockquote></blockquote></blockquote></blockquote>= </blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">On = 10/02/2012 05:09 AM, Brian Vetter = wrote:<br></blockquote></blockquote></blockquote></blockquote></blockquote= the<br></blockquote></blockquote></blockquote></blockquote></blockquote></= blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">wrong URL in the REST api or (b) = you must be some kind of = admin<br></blockquote></blockquote></blockquote></blockquote></blockquote>= </blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">to access the REST APIs. I = noticed the same behavior when I = was<br></blockquote></blockquote></blockquote></blockquote></blockquote></= blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">using the ovirt-shell = tool.<br></blockquote></blockquote></blockquote></blockquote></blockquote>= </blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">For example, I was trying to = follow the instructions = in<br></blockquote></blockquote></blockquote></blockquote></blockquote></b= lockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><a = href=3D"http://wiki.ovirt.org/wiki/How_to_Connect_to_SPICE_Console_Without= _Portal">http://wiki.ovirt.org/wiki/How_to_Connect_to_SPICE_Console_Withou= t_Portal</a><br></blockquote></blockquote></blockquote></blockquote></bloc= kquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">to get the list of VMs = (presumably for the user that is = logging<br></blockquote></blockquote></blockquote></blockquote></blockquot= e></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">in), I get an unauthorized = error. If the user account I = login<br></blockquote></blockquote></blockquote></blockquote></blockquote>= </blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">with in the curl or ovirt-shell = connect statement is an admin, = I<br></blockquote></blockquote></blockquote></blockquote></blockquote></bl= ockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">get the list of = VMs.<br></blockquote></blockquote></blockquote></blockquote></blockquote><= /blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">So my question here is does the = REST-API need admin privileges = or<br></blockquote></blockquote></blockquote></blockquote></blockquote></b= lockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">am I using a url that requires = admin privileges whereas = some<br></blockquote></blockquote></blockquote></blockquote></blockquote><= /blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">others don't. And if it is the = latter, is there somewhere = that<br></blockquote></blockquote></blockquote></blockquote></blockquote><= /blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">documents the various rest api = resources? For example, to go = back<br></blockquote></blockquote></blockquote></blockquote></blockquote><= /blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">to the "How to connect to Spice = console ..." article, how = would<br></blockquote></blockquote></blockquote></blockquote></blockquote>= </blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">one use the REST API to fetch = one's virtual machines, = their<br></blockquote></blockquote></blockquote></blockquote></blockquote>= </blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">status, and connection info for = them?<br></blockquote></blockquote></blockquote></blockquote></blockquote>= </blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite">Thanks,<br></blockquote></blockquote></blockquote></blockquo= te></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote = type=3D"cite">Brian<br></blockquote></blockquote></blockquote></blockquote=
</blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote><blockquote = type=3D"cite"><blockquote = type=3D"cite"><br></blockquote></blockquote><blockquote = type=3D"cite"><br></blockquote><br><br></div></blockquote></div><br></div>= </body></html>=
--Apple-Mail=_4EAD8554-0B0E-4319-812F-9E0B82F673A7--