5:58 p.m.
This is a multi-part message in MIME format.
--------------090003020906060406020408
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
On 10/29/2015 03:56 PM, Ondra Machacek wrote:
On 10/28/2015 11:29 AM, Jorick Astrego wrote:
>
>
> On 10/26/2015 03:14 PM, Jorick Astrego wrote:
>>
>>
>> On 10/26/2015 02:57 PM, Ondra Machacek wrote:
>>>
>>>
>>> On 10/26/2015 02:53 PM, Jorick Astrego wrote:
>>>> Hi,
>>>>
>>>> Currently I'm trying to add an ovirt compute resource in forman
>>>> that is limited to the VM's of the user.
>>>>
>>>> When I give this user the PowerUser role, I cannot access the api:
>>>>
>>>> query execution failed due to insufficient permissions
>>>>
>>>
>>> Are you sending header 'Filter: true' with the request ?
>>> If your user is not admin(PowerUserRole is not admin role),
>>> you have to use this header.
>>>
>>>
>>
>
> Hmm, not much response on foreman-users..
>
> I checked the code of fog in my foreman install (
> /opt/rh/ruby193/root/usr/share/gems/gems/fog-1.32.0/lib/fog/ovirt/compute.rb
> ) and it appears to have the correct option merged:
>
> connection_opts[:filtered_api] =
> options[:ovirt_filtered_api]
>
>
> But I don't know what url the foreman actually generates, is there
> any way to capture the login string? I tried setting some DEBUG
> logging but don't get the output I'm looking for.
>
> <logger
category="org.ovirt.engine.core.bll.SearchQuery">
> <level name="DEBUG"/>
> </logger>
> <logger
> category="org.ovirt.engine.core.bll.aaa.LoginUserCommand">
> <level name="DEBUG"/>
> </logger>
> <logger
>
category="org.ovirt.engine.api.restapi.resource.AbstractBackendResource">
> <level name="DEBUG"/>
> </logger>
>
>
It depends what url foreman client access. But you can set:
<logger category="org.ovirt.engine.core.bll">
<level name="ALL"/>
</logger>
And then you will see what commands was queried with or without the
filtered API.
2015-10-29 15:45:45,436 TRACE
[org.ovirt.engine.core.bll.GetAllVmsQuery] (ajp-/127.0.0.1:8702-1) []
START, GetAllVmsQuery(VdcQueryParametersBase:{refresh='true',
filtered='true'}), log id: 53b3c8b9
^^ This is example of running 'Filter: true' on /api/vms (you can see
filtered='true').
But maybe it would be easier to use tcpdump, or some apache module to
dump headers.
>
>
>
>
>
>
> Met vriendelijke groet, With kind regards,
>
> Jorick Astrego
> *
> Netbulae Virtualization Experts *
> ------------------------------------------------------------------------
> Tel: 053 20 30 270 info(a)netbulae.eu Staalsteden 4-3A KvK 08198180
> Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW
> NL821234584B01
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--------------090003020906060406020408
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 10/29/2015 03:56 PM, Ondra Machacek
wrote:<br>
</div>
<blockquote cite="mid:56323394.8050800@redhat.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 10/28/2015 11:29 AM, Jorick
Astrego wrote:<br>
</div>
<blockquote cite="mid:5630A36D.6000202@netbulae.eu"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 10/26/2015 03:14 PM, Jorick
Astrego wrote:<br>
</div>
<blockquote cite="mid:562E355D.4030201@netbulae.eu"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 10/26/2015 02:57 PM, Ondra
Machacek wrote:<br>
</div>
<blockquote cite="mid:562E3143.4010600@redhat.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 10/26/2015 02:53 PM, Jorick
Astrego wrote:<br>
</div>
<blockquote cite="mid:562E3075.5050203@netbulae.eu"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
Hi,<br>
<br>
Currently I'm trying to add an ovirt compute resource in
forman that is limited to the VM's of the user. <br>
<br>
When I give this user the PowerUser role, I cannot access
the api:<br>
<br>
<blockquote>query execution failed due to insufficient
permissions<br>
</blockquote>
</blockquote>
<br>
Are you sending header 'Filter: true' with the request ?<br>
If your user is not admin(PowerUserRole is not admin role),<br>
you have to use this header.<br>
<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
Hmm, not much response on foreman-users.. <br>
<br>
I checked the code of fog in my foreman install (
/opt/rh/ruby193/root/usr/share/gems/gems/fog-1.32.0/lib/fog/ovirt/compute.rb
) and it appears to have the correct option merged:<br>
<br>
<blockquote> connection_opts[:filtered_api] =
options[:ovirt_filtered_api]<br>
<br>
<br>
</blockquote>
But I don't know what url the foreman actually generates, is
there any way to capture the login string? I tried setting some
DEBUG logging but don't get the output I'm looking for.<br>
<br>
<blockquote> <logger
category="org.ovirt.engine.core.bll.SearchQuery"><br>
<level name="DEBUG"/><br>
</logger><br>
<logger
category="org.ovirt.engine.core.bll.aaa.LoginUserCommand"><br>
<level name="DEBUG"/><br>
</logger><br>
<logger
category="org.ovirt.engine.api.restapi.resource.AbstractBackendResource"><br>
<level name="DEBUG"/><br>
</logger><br>
<br>
</blockquote>
<br>
</blockquote>
<br>
It depends what url foreman client access. But you can set:<br>
<br>
<logger category="org.ovirt.engine.core.bll"><br>
<level name="ALL"/><br>
</logger><br>
<br>
And then you will see what commands was queried with or without
the filtered API.<br>
<br>
2015-10-29 15:45:45,436 TRACE
[org.ovirt.engine.core.bll.GetAllVmsQuery] (ajp-/127.0.0.1:8702-1)
[] START, GetAllVmsQuery(VdcQueryParametersBase:{refresh='true',
filtered='true'}), log id: 53b3c8b9<br>
<br>
^^ This is example of running 'Filter: true' on /api/vms (you can
see filtered='true').<br>
</blockquote>
<br>
But maybe it would be easier to use tcpdump, or some apache module
to dump headers.<br>
<br>
<blockquote cite="mid:56323394.8050800@redhat.com"
type="cite"> <br>
<blockquote cite="mid:5630A36D.6000202@netbulae.eu"
type="cite">
<blockquote><br>
<br>
</blockquote>
<br>
<br>
<br>
<br>
<span style="color:#604c78;"><font
color="000000"><span
style="mso-fareast-language:en-gb;" lang="NL">Met
vriendelijke groet, With kind regards,<br>
<br>
Jorick Astrego<br>
</span></font></span><b
style="color:#604c78"><br>
Netbulae Virtualization Experts </b><br>
<hr style="border:none;border-top:1px solid #ccc;">
<table style="width: 522px">
<tbody>
<tr>
<td style="width: 130px;font-size: 10px">Tel: 053 20 30
270</td>
<td style="width: 130px;font-size: 10px"><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:info@netbulae.eu"><a
class="moz-txt-link-abbreviated"
href="mailto:info@netbulae.eu">info@netbulae.eu</a></a></td>
<td style="width: 130px;font-size: 10px">Staalsteden
4-3A</td>
<td style="width: 130px;font-size: 10px">KvK
08198180</td>
</tr>
<tr>
<td style="width: 130px;font-size: 10px">Fax: 053 20 30
271</td>
<td style="width: 130px;font-size: 10px"><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.netbulae.eu"><a
class="moz-txt-link-abbreviated"
href="http://www.netbulae.eu">www.netbulae.eu</a></a></td>
<td style="width: 130px;font-size: 10px">7547 TA
Enschede</td>
<td style="width: 130px;font-size: 10px">BTW
NL821234584B01</td>
</tr>
</tbody>
</table>
<br>
<hr style="border:none;border-top:1px solid #ccc;"><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://lists.ovirt.org/mailman/listinfo/users">http://...
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated"
href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a class="moz-txt-link-freetext"
href="http://lists.ovirt.org/mailman/listinfo/users">http://...
</pre>
</blockquote>
<br>
</body>
</html>
--------------090003020906060406020408--