This is a multi-part message in MIME format. --------------070504080709030105090209 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi=2C Currently I=27m trying to add an ovirt compute resource in forman that is= limited to the VM=27s of the user=2E When I give this user the PowerUser role=2C I cannot access the api=3A query execution failed due to insufficient permissions When I give this user the SuperUser role=2C I can access the api=2E But I= can see all the VM=27s of all users=2E How can I grant api access so the user can deploy through forman without giving access to all the vm=27s in our oVirt environment=3F Kind regards=2C Jorick Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- --------------070504080709030105090209 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Chead=3E =3Cmeta http-equiv=3D=22content-type=22 content=3D=22text/html=3B chars= et=3Dutf-8=22=3E =3C/head=3E =3Cbody bgcolor=3D=22=23FFFFFF=22 text=3D=22=23000000=22=3E Hi=2C=3Cbr=3E =3Cbr=3E Currently I=27m trying to add an ovirt compute resource in forman that= is limited to the VM=27s of the user=2E =3Cbr=3E =3Cbr=3E When I give this user the PowerUser role=2C I cannot access the api=3A= =3Cbr=3E =3Cbr=3E =3Cblockquote=3Equery execution failed due to insufficient permissions= =3Cbr=3E =3Cbr=3E =3C/blockquote=3E When I give this user the SuperUser role=2C I can access the api=2E But= I can see all the VM=27s of all users=2E=3Cbr=3E =3Cbr=3E How can I grant api access so the user can deploy through forman without giving access to all the vm=27s in our oVirt environment=3F=3Cb= r=3E =3Cbr=3E Kind regards=2C=3Cbr=3E =3Cbr=3E Jorick=3Cbr=3E =20= =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cbr=3E=3Cspan styl= e=3D=22color=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan sty= le=3D=22mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelij= ke groet=2C With kind regards=2C=3Cbr=3E=3Cbr=3EJorick Astrego=3Cbr=3E=3C/s= pan=3E=3C/font=3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E= Netbulae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3An= one=3Bborder-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 52= 2px=22=3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A= 10px=22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130p= x=3Bfont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D= =22width=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =20= =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td= =3E=3C/tr=3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3EFax=3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfo= nt-size=3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width= =3A 130px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style= =3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E= =3C/tr=3E=3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bb= order-top=3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E --------------070504080709030105090209--
This is a multi-part message in MIME format. --------------080300010909040801050005 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit On 10/26/2015 02:53 PM, Jorick Astrego wrote:
Hi,
Currently I'm trying to add an ovirt compute resource in forman that is limited to the VM's of the user.
When I give this user the PowerUser role, I cannot access the api:
query execution failed due to insufficient permissions
Are you sending header 'Filter: true' with the request ? If your user is not admin(PowerUserRole is not admin role), you have to use this header.
When I give this user the SuperUser role, I can access the api. But I can see all the VM's of all users.
How can I grant api access so the user can deploy through forman without giving access to all the vm's in our oVirt environment?
Kind regards,
Jorick
Met vriendelijke groet, With kind regards,
Jorick Astrego * Netbulae Virtualization Experts * ------------------------------------------------------------------------ Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
------------------------------------------------------------------------
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------080300010909040801050005 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 7bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <br> <br> <div class="moz-cite-prefix">On 10/26/2015 02:53 PM, Jorick Astrego wrote:<br> </div> <blockquote cite="mid:562E3075.5050203@netbulae.eu" type="cite"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> Hi,<br> <br> Currently I'm trying to add an ovirt compute resource in forman that is limited to the VM's of the user. <br> <br> When I give this user the PowerUser role, I cannot access the api:<br> <br> <blockquote>query execution failed due to insufficient permissions<br> </blockquote> </blockquote> <br> Are you sending header 'Filter: true' with the request ?<br> If your user is not admin(PowerUserRole is not admin role),<br> you have to use this header.<br> <br> <blockquote cite="mid:562E3075.5050203@netbulae.eu" type="cite"> <blockquote> <br> </blockquote> When I give this user the SuperUser role, I can access the api. But I can see all the VM's of all users.<br> <br> How can I grant api access so the user can deploy through forman without giving access to all the vm's in our oVirt environment?<br> <br> Kind regards,<br> <br> Jorick<br> <br> <br> <br> <br> <span style="color:#604c78;"><font color="000000"><span style="mso-fareast-language:en-gb;" lang="NL">Met vriendelijke groet, With kind regards,<br> <br> Jorick Astrego<br> </span></font></span><b style="color:#604c78"><br> Netbulae Virtualization Experts </b><br> <hr style="border:none;border-top:1px solid #ccc;"> <table style="width: 522px"> <tbody> <tr> <td style="width: 130px;font-size: 10px">Tel: 053 20 30 270</td> <td style="width: 130px;font-size: 10px"><a class="moz-txt-link-abbreviated" href="mailto:info@netbulae.eu">info@netbulae.eu</a></td> <td style="width: 130px;font-size: 10px">Staalsteden 4-3A</td> <td style="width: 130px;font-size: 10px">KvK 08198180</td> </tr> <tr> <td style="width: 130px;font-size: 10px">Fax: 053 20 30 271</td> <td style="width: 130px;font-size: 10px"><a class="moz-txt-link-abbreviated" href="http://www.netbulae.eu">www.netbulae.eu</a></td> <td style="width: 130px;font-size: 10px">7547 TA Enschede</td> <td style="width: 130px;font-size: 10px">BTW NL821234584B01</td> </tr> </tbody> </table> <br> <hr style="border:none;border-top:1px solid #ccc;"><br> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </body> </html> --------------080300010909040801050005--
This is a multi-part message in MIME format. --------------080800080602030006000201 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable On 10/26/2015 02=3A57 PM=2C Ondra Machacek wrote=3A =3E =3E =3E On 10/26/2015 02=3A53 PM=2C Jorick Astrego wrote=3A =3E=3E Hi=2C =3E=3E =3E=3E Currently I=27m trying to add an ovirt compute resource in forman th= at =3E=3E is limited to the VM=27s of the user=2E =3E=3E =3E=3E When I give this user the PowerUser role=2C I cannot access the api= =3A =3E=3E =3E=3E query execution failed due to insufficient permissions =3E=3E =3E =3E Are you sending header =27Filter=3A true=27 with the request =3F =3E If your user is not admin=28PowerUserRole is not admin role=29=2C =3E you have to use this header=2E =3E =3E As I=27m using forman=2C I have no control over this=2E There used to be a= bug=2C but it should have been patched months ago=3A http=3A//projects=2Etheforeman=2Eorg/issues/6835 =09- -----------------------------------------------------------------------= - *Description* Cloned from https=3A//bugzilla=2Eredhat=2Ecom/show=5Fbug=2Ecgi=3Fid=3D1= 123676 Description of problem=3A When trying to create a rhev compute resource with non-admin RHEV user=2C the following error occurs=3A =22query execution failed due to insufficient permissions=2E=22 The reason for this is the RHEV needs to be called with =27Filter=3A true=27 headers for the api to work correctly with non-admin user=2E The rbovirt client library supports to specify the filtered=5Fapi option=2C but fog and foreman don=27t have a support for that https=3A//github=2Ecom/abenari/rbovirt/blob/a7c277e3fc5698e55e95a943299= 7b1a9c8d486ae/lib/rbovirt=2Erb=23L54-L55 History =231 =3Chttp=3A//projects=2Etheforeman=2Eorg/issues/6835=23note= -1=3E Updated by Dominic Cleal =3Chttp=3A//projects=2Etheforeman=2Eorg/users/3536=3E about 1 y= ear =3Chttp=3A//projects=2Etheforeman=2Eorg/projects/foreman/activi= ty=3Ffrom=3D2014-07-30=3E ago * *Category* set to /Compute resources - oVirt/ * *Assigned To* deleted =28/Dominic Cleal/=29 =232 =3Chttp=3A//projects=2Etheforeman=2Eorg/issues/6835=23note= -2=3E Updated by Tom Caspy =3Chttp=3A//projects=2Etheforeman=2Eorg/users/5429=3E 10 months= =3Chttp=3A//projects=2Etheforeman=2Eorg/projects/foreman/activi= ty=3Ffrom=3D2015-01-13=3E ago added a pull request to the fog gem=3A https=3A//github=2Ecom/fog/fog/pull/3393 =233 =3Chttp=3A//projects=2Etheforeman=2Eorg/issues/6835=23note= -3=3E Updated by Ohad Levy =3Chttp=3A//projects=2Etheforeman=2Eorg/users/3=3E 5 months =3Chttp=3A//projects=2Etheforeman=2Eorg/projects/foreman/activi= ty=3Ffrom=3D2015-06-09=3E ago Fog PR has been merged a while ago=2E The version of rbovirt we have is=3A ruby193-rubygem-rbovirt-0=2E0=2E35-1=2Eel6=2Enoarch Kind regards=2C Jorick =3E=3E =3E=3E When I give this user the SuperUser role=2C I can access the api=2E= But I =3E=3E can see all the VM=27s of all users=2E =3E=3E =3E=3E How can I grant api access so the user can deploy through forman =3E=3E without giving access to all the vm=27s in our oVirt environment=3F= =3E=3E =3E=3E Kind regards=2C =3E=3E =3E=3E Jorick =3E=3E =3E=3E =3E=3E =3E=3E =3E=3E Met vriendelijke groet=2C With kind regards=2C =3E=3E =3E=3E Jorick Astrego =3E=3E * =3E=3E Netbulae Virtualization Experts * =3E=3E --------------------------------------------------------------------= ---- =3E=3E Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A=20= =09KvK 08198180 =3E=3E Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09B= TW =3E=3E NL821234584B01 =3E=3E =3E=3E =3E=3E --------------------------------------------------------------------= ---- =3E=3E =3E=3E =3E=3E =3E=3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =3E=3E Users mailing list =3E=3E Users=40ovirt=2Eorg =3E=3E http=3A//lists=2Eovirt=2Eorg/mailman/listinfo/users =3E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- --------------080800080602030006000201 Content-Type: multipart/related; boundary="------------080706000702040403020005" --------------080706000702040403020005 Content-Type: text/html; charset="windows-1252" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Chead=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3C/head=3E =3Cbody bgcolor=3D=22=23FFFFFF=22 text=3D=22=23000000=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/26/2015 02=3A57 PM=2C Ondr= a Machacek wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A562E3143=2E4010600=40redhat=2Ecom=22 type= =3D=22cite=22=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/26/2015 02=3A53 PM=2C Jo= rick Astrego wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A562E3075=2E5050203=40netbulae=2Eeu=22 t= ype=3D=22cite=22=3E =3Cmeta http-equiv=3D=22content-type=22 content=3D=22text/html=3B= charset=3Dwindows-1252=22=3E Hi=2C=3Cbr=3E =3Cbr=3E Currently I=27m trying to add an ovirt compute resource in forman= that is limited to the VM=27s of the user=2E =3Cbr=3E =3Cbr=3E When I give this user the PowerUser role=2C I cannot access the api=3A=3Cbr=3E =3Cbr=3E =3Cblockquote=3Equery execution failed due to insufficient permissions=3Cbr=3E =3C/blockquote=3E =3C/blockquote=3E =3Cbr=3E Are you sending header =27Filter=3A true=27 with the request =3F=3Cbr= =3E If your user is not admin=28PowerUserRole is not admin role=29=2C=3Cb= r=3E you have to use this header=2E=3Cbr=3E =3Cbr=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E As I=27m using forman=2C I have no control over this=2E There used to b= e a bug=2C but it should have been patched months ago=3A=3Cbr=3E =3Cbr=3E =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22http=3A//projects=2E= theforeman=2Eorg/issues/6835=22=3Ehttp=3A//projects=2Etheforeman=2Eorg/issu= es/6835=3C/a=3E=3Cbr=3E =3Cbr=3E =3Cblockquote=3E =3Ctable class=3D=22attributes=22=3E =3Ctbody=3E =3Ctr=3E =3Cth=3E=3Cbr=3E =3C/th=3E =3Ctd=3E-=3C/td=3E =3C/tr=3E =3C/tbody=3E =3C/table=3E =3Chr=3E =3Cdiv class=3D=22description=22=3E =3Cdiv class=3D=22contextual=22=3E =3C/div=3E =3Cp=3E=3Cstrong=3EDescription=3C/strong=3E=3C/p=3E =3Cdiv class=3D=22wiki=22=3E =3Cp=3ECloned from =3Ca class=3D=22external=22 href=3D=22https=3A//bugzilla=2Eredhat=2Ecom/show=5Fbug=2Ecgi= =3Fid=3D1123676=22=3Ehttps=3A//bugzilla=2Eredhat=2Ecom/show=5Fbug=2Ecgi=3Fi= d=3D1123676=3C/a=3E =3Cbr=3E Description of problem=3A=3Cbr=3E When trying to create a rhev compute resource with non-admin RHEV user=2C the following error occurs=3A=3C/p=3E =3Cp=3E=22query execution failed due to insufficient permissions= =2E=22=3C/p=3E =3Cp=3EThe reason for this is the RHEV needs to be called with =27Filter=3A true=27 headers=3Cbr=3E for the api to work correctly with non-admin user=2E=3C/p=3E =3Cp=3EThe rbovirt client library supports to specify the filtered=5Fapi option=2C but fog and foreman don=27t have a support for that=3C/p=3E =3Cp=3E=3Ca class=3D=22external=22 href=3D=22https=3A//github=2Ecom/abenari/rbovirt/blob/a7c277e3fc5698e55e95a= 9432997b1a9c8d486ae/lib/rbovirt=2Erb=23L54-L55=22=3Ehttps=3A//github=2Ecom/= abenari/rbovirt/blob/a7c277e3fc5698e55e95a9432997b1a9c8d486ae/lib/rbovirt= =2Erb=23L54-L55=3C/a=3E=3C/p=3E =3C/div=3E =3C/div=3E =3Cdiv id=3D=22history=22=3E =3Ch3=3EHistory=3C/h3=3E =3Cdiv id=3D=22change-23740=22 class=3D=22journal has-details=22=3E= =3Cdiv id=3D=22note-1=22=3E =3Ch4=3E=3Ca href=3D=22http=3A//projects=2Etheforeman=2Eorg/issues/6835= =23note-1=22 class=3D=22journal-link=22=3E=231=3C/a=3E =3Cimg style=3D= =22border=3A 1px solid rgb=28255=2C 204=2C 204=29=3B background-repeat=3A no= -repeat=3B background-position=3A center center=3B background-image=3A= url=28=26quot=3Bdata=3Aimage/png=3Bbase64=2CiVBORw0KGgoAAAANSUhEUgAAABAAAAA= QCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACx= MBAJqcGAAAAAd0SU1FB9gMFRANL5LXnioAAAJWSURBVDjLnZI/ixtXFMV/972ZNzPSrmTtalexl= sWBGMfEYOzaVciXyKdIkW/hFKnS22WafIDUxk0g2AQSgm0csIPWK42ktaSRNPP+pRBK5SLOqS7c= ew7ccw4xxrPJ+8XdHx4+7AE8e3Cj++zLm71fvrqT8x+QAK35dJr2n/x89urTa+eDm/cS+eI2y3e= T+Lx/bt8u1vNqfDH++teXdk/6ThAfUUBIgL9ku75z/8WL7LOlhXIGJ0Pyw75wMcnGv//xSQ2DH4= ddu9k01dXWsWzcofhYaiiViLjiWi9UWQa1gzcjWF7hgfzzW5ydnXB62JLjg0PTLfJertNepnQSI= A+gE4Cs03UuNYYQYP4e5jPogmSG9vA6rrjC+0AxN2i5Qk0DpXVJhCQB0EVRrzqdFgB1DZfvCDHi= xiV2NqO6LHHKIKnQMoaWbFBgIrQVgIXaDc+JCHgP5QRZr4jzGWFbo6yncRYviiiQKUhBRch3Lyi= x4bgPWsAkcDkmZAV2OiE0DaI1WoEShRKF3sWnmt01pFBnJydEpZDEwHSGt47lYsls43AIXjTWV9= R1Qx0DGahqLyAhbqrj0/ib0nRzXNoyCo0Kkor2llV0eKOwdUMg4pSQA7JPQXvnJv1B+GlwOvrGl= aXB6fV2lb5t6qOtike56DSJgYDGBQcOAsQAfueBMeHR48fhadb1j/58HWARdt6yBv7+/vpBe2o5= OogxlcaKdt5aKCNsk309W0WxKQjmQ33/9mJVAdWHdmo/tNvtRZIkfCz+ZQwGg6rT6Zj/LTAajTb= D4bD5WIF/AAseEisPFO8uAAAAAElFTkSuQ mC C=26quot=3B=29=3B=22 alt=3D=22=22 class=3D=22gravatar=22 default=3D=22=22 rating= =3D=22PG=22 src=3D=22cid=3Apart4=2E08060205=2E08060205=40netbulae=2Eeu= =22 ssl=3D=22false=22 title=3D=22=5Bgravatar=2Ecom=5D=22 height= =3D=2250=22 width=3D=2250=22=3E Updated by =3Ca href=3D=22http=3A//projects=2Etheforeman=2Eorg/users/3536= =22 class=3D=22user active=22=3EDominic Cleal=3C/a=3E =3Ca href=3D=22http=3A//projects=2Etheforeman=2Eorg/projects/foreman/activity=3F= from=3D2014-07-30=22 title=3D=2207/30/2014 05=3A47 AM=22=3Eabout 1 year=3C/a=3E= ago =3C/h4=3E =3Cul class=3D=22details=22=3E =3Cli=3E=3Cstrong=3ECategory=3C/strong=3E set to =3Ci=3ECompu= te resources - oVirt=3C/i=3E=3C/li=3E =3Cli=3E=3Cstrong=3EAssigned To=3C/strong=3E deleted =28=3Cde= l=3E=3Ci=3EDominic Cleal=3C/i=3E=3C/del=3E=29=3C/li=3E =3C/ul=3E =3C/div=3E =3C/div=3E =3Cdiv id=3D=22change-35119=22 class=3D=22journal has-notes=22=3E= =3Cdiv id=3D=22note-2=22=3E =3Ch4=3E=3Ca href=3D=22http=3A//projects=2Etheforeman=2Eorg/issues/6835= =23note-2=22 class=3D=22journal-link=22=3E=232=3C/a=3E =3Cimg style=3D= =22border=3A 1px solid rgb=28255=2C 204=2C 204=29=3B background-repeat=3A no= -repeat=3B background-position=3A center center=3B background-image=3A= url=28=26quot=3Bdata=3Aimage/png=3Bbase64=2CiVBORw0KGgoAAAANSUhEUgAAABAAAAA= QCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACx= MBAJqcGAAAAAd0SU1FB9gMFRANL5LXnioAAAJWSURBVDjLnZI/ixtXFMV/972ZNzPSrmTtalexl= sWBGMfEYOzaVciXyKdIkW/hFKnS22WafIDUxk0g2AQSgm0csIPWK42ktaSRNPP+pRBK5SLOqS7c= ew7ccw4xxrPJ+8XdHx4+7AE8e3Cj++zLm71fvrqT8x+QAK35dJr2n/x89urTa+eDm/cS+eI2y3e= T+Lx/bt8u1vNqfDH++teXdk/6ThAfUUBIgL9ku75z/8WL7LOlhXIGJ0Pyw75wMcnGv//xSQ2DH4= ddu9k01dXWsWzcofhYaiiViLjiWi9UWQa1gzcjWF7hgfzzW5ydnXB62JLjg0PTLfJertNepnQSI= A+gE4Cs03UuNYYQYP4e5jPogmSG9vA6rrjC+0AxN2i5Qk0DpXVJhCQB0EVRrzqdFgB1DZfvCDHi= xiV2NqO6LHHKIKnQMoaWbFBgIrQVgIXaDc+JCHgP5QRZr4jzGWFbo6yncRYviiiQKUhBRch3Lyi= x4bgPWsAkcDkmZAV2OiE0DaI1WoEShRKF3sWnmt01pFBnJydEpZDEwHSGt47lYsls43AIXjTWV9= R1Qx0DGahqLyAhbqrj0/ib0nRzXNoyCo0Kkor2llV0eKOwdUMg4pSQA7JPQXvnJv1B+GlwOvrGl= aXB6fV2lb5t6qOtike56DSJgYDGBQcOAsQAfueBMeHR48fhadb1j/58HWARdt6yBv7+/vpBe2o5= OogxlcaKdt5aKCNsk309W0WxKQjmQ33/9mJVAdWHdmo/tNvtRZIkfCz+ZQwGg6rT6Zj/LTAajTb= D4bD5WIF/AAseEisPFO8uAAAAAElFTkSuQ mC C=26quot=3B=29=3B=22 alt=3D=22=22 class=3D=22gravatar=22 default=3D=22=22 rating= =3D=22PG=22 src=3D=22cid=3Apart4=2E08060205=2E08060205=40netbulae=2Eeu= =22 ssl=3D=22false=22 title=3D=22=5Bgravatar=2Ecom=5D=22 height= =3D=2250=22 width=3D=2250=22=3E Updated by =3Ca href=3D=22http=3A//projects=2Etheforeman=2Eorg/users/5429= =22 class=3D=22user active=22=3ETom Caspy=3C/a=3E =3Ca href=3D=22http=3A//projects=2Etheforeman=2Eorg/projects/foreman/activity=3F= from=3D2015-01-13=22 title=3D=2201/13/2015 04=3A12 AM=22=3E10 months=3C/a=3E ago= =3C/h4=3E =3Cdiv class=3D=22wiki=22 id=3D=22journal-35119-notes=22=3E =3Cp=3Eadded a pull request to the fog gem=3A =3Ca class=3D=22external=22 href=3D=22https=3A//github=2Ecom/fog/fog/pull/3393=22=3Eh= ttps=3A//github=2Ecom/fog/fog/pull/3393=3C/a=3E=3C/p=3E =3C/div=3E =3C/div=3E =3C/div=3E =3Cdiv id=3D=22change-44024=22 class=3D=22journal has-notes=22=3E= =3Cdiv id=3D=22note-3=22=3E =3Ch4=3E=3Ca href=3D=22http=3A//projects=2Etheforeman=2Eorg/issues/6835= =23note-3=22 class=3D=22journal-link=22=3E=233=3C/a=3E =3Cimg style=3D= =22border=3A 1px solid rgb=28255=2C 204=2C 204=29=3B background-repeat=3A no= -repeat=3B background-position=3A center center=3B background-image=3A= url=28=26quot=3Bdata=3Aimage/png=3Bbase64=2CiVBORw0KGgoAAAANSUhEUgAAABAAAAA= QCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACx= MBAJqcGAAAAAd0SU1FB9gMFRANL5LXnioAAAJWSURBVDjLnZI/ixtXFMV/972ZNzPSrmTtalexl= sWBGMfEYOzaVciXyKdIkW/hFKnS22WafIDUxk0g2AQSgm0csIPWK42ktaSRNPP+pRBK5SLOqS7c= ew7ccw4xxrPJ+8XdHx4+7AE8e3Cj++zLm71fvrqT8x+QAK35dJr2n/x89urTa+eDm/cS+eI2y3e= T+Lx/bt8u1vNqfDH++teXdk/6ThAfUUBIgL9ku75z/8WL7LOlhXIGJ0Pyw75wMcnGv//xSQ2DH4= ddu9k01dXWsWzcofhYaiiViLjiWi9UWQa1gzcjWF7hgfzzW5ydnXB62JLjg0PTLfJertNepnQSI= A+gE4Cs03UuNYYQYP4e5jPogmSG9vA6rrjC+0AxN2i5Qk0DpXVJhCQB0EVRrzqdFgB1DZfvCDHi= xiV2NqO6LHHKIKnQMoaWbFBgIrQVgIXaDc+JCHgP5QRZr4jzGWFbo6yncRYviiiQKUhBRch3Lyi= x4bgPWsAkcDkmZAV2OiE0DaI1WoEShRKF3sWnmt01pFBnJydEpZDEwHSGt47lYsls43AIXjTWV9= R1Qx0DGahqLyAhbqrj0/ib0nRzXNoyCo0Kkor2llV0eKOwdUMg4pSQA7JPQXvnJv1B+GlwOvrGl= aXB6fV2lb5t6qOtike56DSJgYDGBQcOAsQAfueBMeHR48fhadb1j/58HWARdt6yBv7+/vpBe2o5= OogxlcaKdt5aKCNsk309W0WxKQjmQ33/9mJVAdWHdmo/tNvtRZIkfCz+ZQwGg6rT6Zj/LTAajTb= D4bD5WIF/AAseEisPFO8uAAAAAElFTkSuQ mC C=26quot=3B=29=3B=22 alt=3D=22=22 class=3D=22gravatar=22 default=3D=22=22 rating= =3D=22PG=22 src=3D=22cid=3Apart4=2E08060205=2E08060205=40netbulae=2Eeu= =22 ssl=3D=22false=22 title=3D=22=5Bgravatar=2Ecom=5D=22 height= =3D=2250=22 width=3D=2250=22=3E Updated by =3Ca href=3D=22http=3A//projects=2Etheforeman=2Eorg/users/3=22= class=3D=22user active=22=3EOhad Levy=3C/a=3E =3Ca href=3D=22http=3A//projects=2Etheforeman=2Eorg/projects/foreman/activity=3F= from=3D2015-06-09=22 title=3D=2206/09/2015 02=3A42 PM=22=3E5 months=3C/a=3E ago= =3C/h4=3E =3Cdiv class=3D=22wiki=22 id=3D=22journal-44024-notes=22=3E =3Cp=3EFog PR has been merged a while ago=2E=3Cbr=3E =3C/p=3E =3C/div=3E =3C/div=3E =3C/div=3E =3C/div=3E =3C/blockquote=3E =3Cdiv id=3D=22history=22=3E =3Cdiv id=3D=22change-44024=22 class=3D=22journal has-notes=22=3E =3Cdiv id=3D=22note-3=22=3E =3Cdiv class=3D=22wiki=22 id=3D=22journal-44024-notes=22=3E =3Cp=3EThe version of rbovirt we have is=3A=3Cbr=3E =3C/p=3E =3Cp=3Eruby193-rubygem-rbovirt-0=2E0=2E35-1=2Eel6=2Enoarch=3Cbr= =3E =3Cbr=3E Kind regards=2C=3Cbr=3E =3C/p=3E =3Cp=3EJorick=3Cbr=3E =3C/p=3E =3C/div=3E =3C/div=3E =3C/div=3E =3C/div=3E =3Cblockquote=3E =3Cdiv id=3D=22history=22=3E =3Cdiv id=3D=22change-44024=22 class=3D=22journal has-notes=22=3E= =3Cdiv id=3D=22note-3=22=3E =3C/div=3E =3C/div=3E =3C/div=3E =3C/blockquote=3E =3Cblockquote cite=3D=22mid=3A562E3143=2E4010600=40redhat=2Ecom=22 type= =3D=22cite=22=3E =3Cblockquote cite=3D=22mid=3A562E3075=2E5050203=40netbulae=2Eeu=22 t= ype=3D=22cite=22=3E =3Cblockquote=3E =3Cbr=3E =3C/blockquote=3E When I give this user the SuperUser role=2C I can access the api=2E= But I can see all the VM=27s of all users=2E=3Cbr=3E =3Cbr=3E How can I grant api access so the user can deploy through forman without giving access to all the vm=27s in our oVirt environment=3F= =3Cbr=3E =3Cbr=3E Kind regards=2C=3Cbr=3E =3Cbr=3E Jorick=3Cbr=3E =3Cbr=3E =3Cbr=3E =3Cbr=3E =3Cbr=3E =3Cspan style=3D=22color=3A=23604c78=3B=22=3E=3Cfont color=3D=22000= 000=22=3E=3Cspan style=3D=22mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22= =3EMet vriendelijke groet=2C With kind regards=2C=3Cbr=3E =3Cbr=3E Jorick Astrego=3Cbr=3E =3C/span=3E=3C/font=3E=3C/span=3E=3Cb style=3D=22color=3A=23604= c78=22=3E=3Cbr=3E Netbulae Virtualization Experts =3C/b=3E=3Cbr=3E =3Chr style=3D=22border=3Anone=3Bborder-top=3A1px solid =23ccc=3B= =22=3E =3Ctable style=3D=22width=3A 522px=22=3E =3Ctbody=3E =3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3ETel= =3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3E=3Ca= moz-do-not-send=3D=22true=22 class=3D=22moz-txt-link-abbreviated=22 href=3D=22mailto=3Ainfo=40netbulae=2Eeu=22=3Einfo=40netbu= lae=2Eeu=3C/a=3E=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EStaa= lsteden 4-3A=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK= 08198180=3C/td=3E =3C/tr=3E =3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EFax= =3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3E=3Ca= moz-do-not-send=3D=22true=22 class=3D=22moz-txt-link-abbreviated=22 href=3D=22http=3A//www=2Enetbulae=2Eeu=22=3Ewww=2Enetbula= e=2Eeu=3C/a=3E=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3E7547= TA Enschede=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EBTW= NL821234584B01=3C/td=3E =3C/tr=3E =3C/tbody=3E =3C/table=3E =3Cbr=3E =3Chr style=3D=22border=3Anone=3Bborder-top=3A1px solid =23ccc=3B= =22=3E=3Cbr=3E =3Cbr=3E =3Cfieldset class=3D=22mimeAttachmentHeader=22=3E=3C/fieldset=3E =3Cbr=3E =3Cpre wrap=3D=22=22=3E=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F Users mailing list =3Ca moz-do-not-send=3D=22true=22 class=3D=22moz-txt-link-abbreviated=22 hr= ef=3D=22mailto=3AUsers=40ovirt=2Eorg=22=3EUsers=40ovirt=2Eorg=3C/a=3E =3Ca moz-do-not-send=3D=22true=22 class=3D=22moz-txt-link-freetext=22 href= =3D=22http=3A//lists=2Eovirt=2Eorg/mailman/listinfo/users=22=3Ehttp=3A//lis= ts=2Eovirt=2Eorg/mailman/listinfo/users=3C/a=3E =3C/pre=3E =3C/blockquote=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E =20= =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cbr=3E=3Cspan styl= e=3D=22color=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan sty= le=3D=22mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelij= ke groet=2C With kind regards=2C=3Cbr=3E=3Cbr=3EJorick Astrego=3Cbr=3E=3C/s= pan=3E=3C/font=3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E= Netbulae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3An= one=3Bborder-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 52= 2px=22=3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A= 10px=22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130p= x=3Bfont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D= =22width=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =20= =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td= =3E=3C/tr=3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3EFax=3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfo= nt-size=3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width= =3A 130px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style= =3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E= =3C/tr=3E=3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bb= order-top=3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E --------------080706000702040403020005 Content-Type: image/gif; name="efafgfcc.gif" Content-Transfer-Encoding: base64 Content-ID: <part4.08060205.08060205@netbulae.eu> Content-Disposition: inline; filename="efafgfcc.gif" R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 --------------080706000702040403020005-- --------------080800080602030006000201--
This is a multi-part message in MIME format. --------------040403070801040202060604 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable On 10/26/2015 03=3A14 PM=2C Jorick Astrego wrote=3A =3E =3E =3E On 10/26/2015 02=3A57 PM=2C Ondra Machacek wrote=3A =3E=3E =3E=3E =3E=3E On 10/26/2015 02=3A53 PM=2C Jorick Astrego wrote=3A =3E=3E=3E Hi=2C =3E=3E=3E =3E=3E=3E Currently I=27m trying to add an ovirt compute resource in forman= that =3E=3E=3E is limited to the VM=27s of the user=2E =3E=3E=3E =3E=3E=3E When I give this user the PowerUser role=2C I cannot access the a= pi=3A =3E=3E=3E =3E=3E=3E query execution failed due to insufficient permissions =3E=3E=3E =3E=3E =3E=3E Are you sending header =27Filter=3A true=27 with the request =3F =3E=3E If your user is not admin=28PowerUserRole is not admin role=29=2C =3E=3E you have to use this header=2E =3E=3E =3E=3E =3E Hmm=2C not much response on foreman-users=2E=2E I checked the code of fog in my foreman install =28 /opt/rh/ruby193/root/usr/share/gems/gems/fog-1=2E32=2E0/lib/fog/ovirt/compu= te=2Erb =29 and it appears to have the correct option merged=3A connection=5Fopts=5B=3Afiltered=5Fapi=5D =3D options=5B=3Aov= irt=5Ffiltered=5Fapi=5D But I don=27t know what url the foreman actually generates=2C is there any= way to capture the login string=3F I tried setting some DEBUG logging but= don=27t get the output I=27m looking for=2E =3Clogger category=3D=22org=2Eovirt=2Eengine=2Ecore=2Ebll=2ESea= rchQuery=22=3E =3Clevel name=3D=22DEBUG=22/=3E =3C/logger=3E =3Clogger category=3D=22org=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginUserComman= d=22=3E =3Clevel name=3D=22DEBUG=22/=3E =3C/logger=3E =3Clogger category=3D=22org=2Eovirt=2Eengine=2Eapi=2Erestapi=2Eresource=2EAbstrac= tBackendResource=22=3E =3Clevel name=3D=22DEBUG=22/=3E =3C/logger=3E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- --------------040403070801040202060604 Content-Type: text/html; charset="windows-1252" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Chead=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3C/head=3E =3Cbody bgcolor=3D=22=23FFFFFF=22 text=3D=22=23000000=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/26/2015 03=3A14 PM=2C Jori= ck Astrego wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A562E355D=2E4030201=40netbulae=2Eeu=22 typ= e=3D=22cite=22=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/26/2015 02=3A57 PM=2C On= dra Machacek wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A562E3143=2E4010600=40redhat=2Ecom=22 ty= pe=3D=22cite=22=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/26/2015 02=3A53 PM=2C= Jorick Astrego wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A562E3075=2E5050203=40netbulae=2Eeu=22= type=3D=22cite=22=3E =3Cmeta http-equiv=3D=22content-type=22 content=3D=22text/html=3B= charset=3Dwindows-1252=22=3E Hi=2C=3Cbr=3E =3Cbr=3E Currently I=27m trying to add an ovirt compute resource in forman that is limited to the VM=27s of the user=2E =3Cbr=3E =3Cbr=3E When I give this user the PowerUser role=2C I cannot access the= api=3A=3Cbr=3E =3Cbr=3E =3Cblockquote=3Equery execution failed due to insufficient permissions=3Cbr=3E =3C/blockquote=3E =3C/blockquote=3E =3Cbr=3E Are you sending header =27Filter=3A true=27 with the request =3F=3C= br=3E If your user is not admin=28PowerUserRole is not admin role=29=2C= =3Cbr=3E you have to use this header=2E=3Cbr=3E =3Cbr=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E Hmm=2C not much response on foreman-users=2E=2E =3Cbr=3E =3Cbr=3E I checked the code of fog in my foreman install =28 /opt/rh/ruby193/root/usr/share/gems/gems/fog-1=2E32=2E0/lib/fog/ovirt/c= ompute=2Erb =29 and it appears to have the correct option merged=3A=3Cbr=3E =3Cbr=3E =3Cblockquote=3E=A0=A0=A0=A0=A0=A0=A0=A0=A0 connection=5Fopts=5B=3Afilt= ered=5Fapi=5D=A0 =3D options=5B=3Aovirt=5Ffiltered=5Fapi=5D=3Cbr=3E =3Cbr=3E =3Cbr=3E =3C/blockquote=3E But I don=27t know what url the foreman actually generates=2C is there= any way to capture the login string=3F I tried setting some DEBUG logging but don=27t get the output I=27m looking for=2E=3Cbr=3E =3Cbr=3E =3Cblockquote=3E=A0=A0=A0=A0=A0=A0=A0 =26lt=3Blogger category=3D=22org=2Eovirt=2Eengine=2Ecore=2Ebll=2ESearchQuery=22=26gt= =3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =26lt=3Blevel name=3D= =22DEBUG=22/=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3B/logger=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3Blogger category=3D=22org=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginUserComm= and=22=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =26lt=3Blevel name=3D= =22DEBUG=22/=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3B/logger=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3Blogger category=3D=22org=2Eovirt=2Eengine=2Eapi=2Erestapi=2Eresource=2EAbstractBac= kendResource=22=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =26lt=3Blevel name=3D= =22DEBUG=22/=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3B/logger=26gt=3B=3Cbr=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E =3Cblockquote=3E=3Cbr=3E =3Cbr=3E =3C/blockquote=3E =20= =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cbr=3E=3Cspan styl= e=3D=22color=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan sty= le=3D=22mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelij= ke groet=2C With kind regards=2C=3Cbr=3E=3Cbr=3EJorick Astrego=3Cbr=3E=3C/s= pan=3E=3C/font=3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E= Netbulae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3An= one=3Bborder-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 52= 2px=22=3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A= 10px=22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130p= x=3Bfont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D= =22width=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =20= =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td= =3E=3C/tr=3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3EFax=3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfo= nt-size=3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width= =3A 130px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style= =3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E= =3C/tr=3E=3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bb= order-top=3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E --------------040403070801040202060604--
This is a multi-part message in MIME format. --------------010300080002000006010702 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit On 10/28/2015 11:29 AM, Jorick Astrego wrote:
On 10/26/2015 03:14 PM, Jorick Astrego wrote:
On 10/26/2015 02:57 PM, Ondra Machacek wrote:
On 10/26/2015 02:53 PM, Jorick Astrego wrote:
Hi,
Currently I'm trying to add an ovirt compute resource in forman that is limited to the VM's of the user.
When I give this user the PowerUser role, I cannot access the api:
query execution failed due to insufficient permissions
Are you sending header 'Filter: true' with the request ? If your user is not admin(PowerUserRole is not admin role), you have to use this header.
Hmm, not much response on foreman-users..
I checked the code of fog in my foreman install ( /opt/rh/ruby193/root/usr/share/gems/gems/fog-1.32.0/lib/fog/ovirt/compute.rb ) and it appears to have the correct option merged:
connection_opts[:filtered_api] = options[:ovirt_filtered_api]
But I don't know what url the foreman actually generates, is there any way to capture the login string? I tried setting some DEBUG logging but don't get the output I'm looking for.
<logger category="org.ovirt.engine.core.bll.SearchQuery"> <level name="DEBUG"/> </logger> <logger category="org.ovirt.engine.core.bll.aaa.LoginUserCommand"> <level name="DEBUG"/> </logger> <logger category="org.ovirt.engine.api.restapi.resource.AbstractBackendResource"> <level name="DEBUG"/> </logger>
It depends what url foreman client access. But you can set: <logger category="org.ovirt.engine.core.bll"> <level name="ALL"/> </logger> And then you will see what commands was queried with or without the filtered API. 2015-10-29 15:45:45,436 TRACE [org.ovirt.engine.core.bll.GetAllVmsQuery] (ajp-/127.0.0.1:8702-1) [] START, GetAllVmsQuery(VdcQueryParametersBase:{refresh='true', filtered='true'}), log id: 53b3c8b9 ^^ This is example of running 'Filter: true' on /api/vms (you can see filtered='true').
Met vriendelijke groet, With kind regards,
Jorick Astrego * Netbulae Virtualization Experts * ------------------------------------------------------------------------ Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
------------------------------------------------------------------------
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------010300080002000006010702 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <br> <br> <div class="moz-cite-prefix">On 10/28/2015 11:29 AM, Jorick Astrego wrote:<br> </div> <blockquote cite="mid:5630A36D.6000202@netbulae.eu" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> <br> <br> <div class="moz-cite-prefix">On 10/26/2015 03:14 PM, Jorick Astrego wrote:<br> </div> <blockquote cite="mid:562E355D.4030201@netbulae.eu" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> <br> <br> <div class="moz-cite-prefix">On 10/26/2015 02:57 PM, Ondra Machacek wrote:<br> </div> <blockquote cite="mid:562E3143.4010600@redhat.com" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> <br> <br> <div class="moz-cite-prefix">On 10/26/2015 02:53 PM, Jorick Astrego wrote:<br> </div> <blockquote cite="mid:562E3075.5050203@netbulae.eu" type="cite"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> Hi,<br> <br> Currently I'm trying to add an ovirt compute resource in forman that is limited to the VM's of the user. <br> <br> When I give this user the PowerUser role, I cannot access the api:<br> <br> <blockquote>query execution failed due to insufficient permissions<br> </blockquote> </blockquote> <br> Are you sending header 'Filter: true' with the request ?<br> If your user is not admin(PowerUserRole is not admin role),<br> you have to use this header.<br> <br> <br> </blockquote> <br> </blockquote> <br> Hmm, not much response on foreman-users.. <br> <br> I checked the code of fog in my foreman install ( /opt/rh/ruby193/root/usr/share/gems/gems/fog-1.32.0/lib/fog/ovirt/compute.rb ) and it appears to have the correct option merged:<br> <br> <blockquote> connection_opts[:filtered_api] = options[:ovirt_filtered_api]<br> <br> <br> </blockquote> But I don't know what url the foreman actually generates, is there any way to capture the login string? I tried setting some DEBUG logging but don't get the output I'm looking for.<br> <br> <blockquote> <logger category="org.ovirt.engine.core.bll.SearchQuery"><br> <level name="DEBUG"/><br> </logger><br> <logger category="org.ovirt.engine.core.bll.aaa.LoginUserCommand"><br> <level name="DEBUG"/><br> </logger><br> <logger category="org.ovirt.engine.api.restapi.resource.AbstractBackendResource"><br> <level name="DEBUG"/><br> </logger><br> <br> </blockquote> <br> </blockquote> <br> It depends what url foreman client access. But you can set:<br> <br> <logger category="org.ovirt.engine.core.bll"><br> <level name="ALL"/><br> </logger><br> <br> And then you will see what commands was queried with or without the filtered API.<br> <br> 2015-10-29 15:45:45,436 TRACE [org.ovirt.engine.core.bll.GetAllVmsQuery] (ajp-/127.0.0.1:8702-1) [] START, GetAllVmsQuery(VdcQueryParametersBase:{refresh='true', filtered='true'}), log id: 53b3c8b9<br> <br> ^^ This is example of running 'Filter: true' on /api/vms (you can see filtered='true').<br> <br> <blockquote cite="mid:5630A36D.6000202@netbulae.eu" type="cite"> <blockquote><br> <br> </blockquote> <br> <br> <br> <br> <span style="color:#604c78;"><font color="000000"><span style="mso-fareast-language:en-gb;" lang="NL">Met vriendelijke groet, With kind regards,<br> <br> Jorick Astrego<br> </span></font></span><b style="color:#604c78"><br> Netbulae Virtualization Experts </b><br> <hr style="border:none;border-top:1px solid #ccc;"> <table style="width: 522px"> <tbody> <tr> <td style="width: 130px;font-size: 10px">Tel: 053 20 30 270</td> <td style="width: 130px;font-size: 10px"><a class="moz-txt-link-abbreviated" href="mailto:info@netbulae.eu">info@netbulae.eu</a></td> <td style="width: 130px;font-size: 10px">Staalsteden 4-3A</td> <td style="width: 130px;font-size: 10px">KvK 08198180</td> </tr> <tr> <td style="width: 130px;font-size: 10px">Fax: 053 20 30 271</td> <td style="width: 130px;font-size: 10px"><a class="moz-txt-link-abbreviated" href="http://www.netbulae.eu">www.netbulae.eu</a></td> <td style="width: 130px;font-size: 10px">7547 TA Enschede</td> <td style="width: 130px;font-size: 10px">BTW NL821234584B01</td> </tr> </tbody> </table> <br> <hr style="border:none;border-top:1px solid #ccc;"><br> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </body> </html> --------------010300080002000006010702--
This is a multi-part message in MIME format. --------------090003020906060406020408 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit On 10/29/2015 03:56 PM, Ondra Machacek wrote:
On 10/28/2015 11:29 AM, Jorick Astrego wrote:
On 10/26/2015 03:14 PM, Jorick Astrego wrote:
On 10/26/2015 02:57 PM, Ondra Machacek wrote:
On 10/26/2015 02:53 PM, Jorick Astrego wrote:
Hi,
Currently I'm trying to add an ovirt compute resource in forman that is limited to the VM's of the user.
When I give this user the PowerUser role, I cannot access the api:
query execution failed due to insufficient permissions
Are you sending header 'Filter: true' with the request ? If your user is not admin(PowerUserRole is not admin role), you have to use this header.
Hmm, not much response on foreman-users..
I checked the code of fog in my foreman install ( /opt/rh/ruby193/root/usr/share/gems/gems/fog-1.32.0/lib/fog/ovirt/compute.rb ) and it appears to have the correct option merged:
connection_opts[:filtered_api] = options[:ovirt_filtered_api]
But I don't know what url the foreman actually generates, is there any way to capture the login string? I tried setting some DEBUG logging but don't get the output I'm looking for.
<logger category="org.ovirt.engine.core.bll.SearchQuery"> <level name="DEBUG"/> </logger> <logger category="org.ovirt.engine.core.bll.aaa.LoginUserCommand"> <level name="DEBUG"/> </logger> <logger category="org.ovirt.engine.api.restapi.resource.AbstractBackendResource"> <level name="DEBUG"/> </logger>
It depends what url foreman client access. But you can set:
<logger category="org.ovirt.engine.core.bll"> <level name="ALL"/> </logger>
And then you will see what commands was queried with or without the filtered API.
2015-10-29 15:45:45,436 TRACE [org.ovirt.engine.core.bll.GetAllVmsQuery] (ajp-/127.0.0.1:8702-1) [] START, GetAllVmsQuery(VdcQueryParametersBase:{refresh='true', filtered='true'}), log id: 53b3c8b9
^^ This is example of running 'Filter: true' on /api/vms (you can see filtered='true').
But maybe it would be easier to use tcpdump, or some apache module to dump headers.
Met vriendelijke groet, With kind regards,
Jorick Astrego * Netbulae Virtualization Experts * ------------------------------------------------------------------------ Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
------------------------------------------------------------------------
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------090003020906060406020408 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <br> <br> <div class="moz-cite-prefix">On 10/29/2015 03:56 PM, Ondra Machacek wrote:<br> </div> <blockquote cite="mid:56323394.8050800@redhat.com" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> <br> <br> <div class="moz-cite-prefix">On 10/28/2015 11:29 AM, Jorick Astrego wrote:<br> </div> <blockquote cite="mid:5630A36D.6000202@netbulae.eu" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> <br> <br> <div class="moz-cite-prefix">On 10/26/2015 03:14 PM, Jorick Astrego wrote:<br> </div> <blockquote cite="mid:562E355D.4030201@netbulae.eu" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> <br> <br> <div class="moz-cite-prefix">On 10/26/2015 02:57 PM, Ondra Machacek wrote:<br> </div> <blockquote cite="mid:562E3143.4010600@redhat.com" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> <br> <br> <div class="moz-cite-prefix">On 10/26/2015 02:53 PM, Jorick Astrego wrote:<br> </div> <blockquote cite="mid:562E3075.5050203@netbulae.eu" type="cite"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> Hi,<br> <br> Currently I'm trying to add an ovirt compute resource in forman that is limited to the VM's of the user. <br> <br> When I give this user the PowerUser role, I cannot access the api:<br> <br> <blockquote>query execution failed due to insufficient permissions<br> </blockquote> </blockquote> <br> Are you sending header 'Filter: true' with the request ?<br> If your user is not admin(PowerUserRole is not admin role),<br> you have to use this header.<br> <br> <br> </blockquote> <br> </blockquote> <br> Hmm, not much response on foreman-users.. <br> <br> I checked the code of fog in my foreman install ( /opt/rh/ruby193/root/usr/share/gems/gems/fog-1.32.0/lib/fog/ovirt/compute.rb ) and it appears to have the correct option merged:<br> <br> <blockquote> connection_opts[:filtered_api] = options[:ovirt_filtered_api]<br> <br> <br> </blockquote> But I don't know what url the foreman actually generates, is there any way to capture the login string? I tried setting some DEBUG logging but don't get the output I'm looking for.<br> <br> <blockquote> <logger category="org.ovirt.engine.core.bll.SearchQuery"><br> <level name="DEBUG"/><br> </logger><br> <logger category="org.ovirt.engine.core.bll.aaa.LoginUserCommand"><br> <level name="DEBUG"/><br> </logger><br> <logger category="org.ovirt.engine.api.restapi.resource.AbstractBackendResource"><br> <level name="DEBUG"/><br> </logger><br> <br> </blockquote> <br> </blockquote> <br> It depends what url foreman client access. But you can set:<br> <br> <logger category="org.ovirt.engine.core.bll"><br> <level name="ALL"/><br> </logger><br> <br> And then you will see what commands was queried with or without the filtered API.<br> <br> 2015-10-29 15:45:45,436 TRACE [org.ovirt.engine.core.bll.GetAllVmsQuery] (ajp-/127.0.0.1:8702-1) [] START, GetAllVmsQuery(VdcQueryParametersBase:{refresh='true', filtered='true'}), log id: 53b3c8b9<br> <br> ^^ This is example of running 'Filter: true' on /api/vms (you can see filtered='true').<br> </blockquote> <br> But maybe it would be easier to use tcpdump, or some apache module to dump headers.<br> <br> <blockquote cite="mid:56323394.8050800@redhat.com" type="cite"> <br> <blockquote cite="mid:5630A36D.6000202@netbulae.eu" type="cite"> <blockquote><br> <br> </blockquote> <br> <br> <br> <br> <span style="color:#604c78;"><font color="000000"><span style="mso-fareast-language:en-gb;" lang="NL">Met vriendelijke groet, With kind regards,<br> <br> Jorick Astrego<br> </span></font></span><b style="color:#604c78"><br> Netbulae Virtualization Experts </b><br> <hr style="border:none;border-top:1px solid #ccc;"> <table style="width: 522px"> <tbody> <tr> <td style="width: 130px;font-size: 10px">Tel: 053 20 30 270</td> <td style="width: 130px;font-size: 10px"><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:info@netbulae.eu"><a class="moz-txt-link-abbreviated" href="mailto:info@netbulae.eu">info@netbulae.eu</a></a></td> <td style="width: 130px;font-size: 10px">Staalsteden 4-3A</td> <td style="width: 130px;font-size: 10px">KvK 08198180</td> </tr> <tr> <td style="width: 130px;font-size: 10px">Fax: 053 20 30 271</td> <td style="width: 130px;font-size: 10px"><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.netbulae.eu"><a class="moz-txt-link-abbreviated" href="http://www.netbulae.eu">www.netbulae.eu</a></a></td> <td style="width: 130px;font-size: 10px">7547 TA Enschede</td> <td style="width: 130px;font-size: 10px">BTW NL821234584B01</td> </tr> </tbody> </table> <br> <hr style="border:none;border-top:1px solid #ccc;"><br> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </body> </html> --------------090003020906060406020408--
This is a multi-part message in MIME format. --------------030607050102000203050600 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable On 10/29/2015 03=3A58 PM=2C Ondra Machacek wrote=3A =3E =3E =3E On 10/29/2015 03=3A56 PM=2C Ondra Machacek wrote=3A =3E=3E =3E=3E =3E=3E On 10/28/2015 11=3A29 AM=2C Jorick Astrego wrote=3A =3E=3E=3E =3E=3E=3E =3E=3E=3E On 10/26/2015 03=3A14 PM=2C Jorick Astrego wrote=3A =3E=3E=3E=3E =3E=3E=3E=3E =3E=3E=3E=3E On 10/26/2015 02=3A57 PM=2C Ondra Machacek wrote=3A =3E=3E=3E=3E=3E =3E=3E=3E=3E=3E =3E=3E=3E=3E=3E On 10/26/2015 02=3A53 PM=2C Jorick Astrego wrote=3A =3E=3E=3E=3E=3E=3E Hi=2C =3E=3E=3E=3E=3E=3E =3E=3E=3E=3E=3E=3E Currently I=27m trying to add an ovirt compute resource= in forman =3E=3E=3E=3E=3E=3E that is limited to the VM=27s of the user=2E =3E=3E=3E=3E=3E=3E =3E=3E=3E=3E=3E=3E When I give this user the PowerUser role=2C I cannot acc= ess the api=3A =3E=3E=3E=3E=3E=3E =3E=3E=3E=3E=3E=3E query execution failed due to insufficient permissio= ns =3E=3E=3E=3E=3E=3E =3E=3E=3E=3E=3E =3E=3E=3E=3E=3E Are you sending header =27Filter=3A true=27 with the reques= t =3F =3E=3E=3E=3E=3E If your user is not admin=28PowerUserRole is not admin role= =29=2C =3E=3E=3E=3E=3E you have to use this header=2E =3E=3E=3E=3E=3E =3E=3E=3E=3E=3E =3E=3E=3E=3E =3E=3E=3E =3E=3E=3E Hmm=2C not much response on foreman-users=2E=2E =3E=3E=3E =3E=3E=3E I checked the code of fog in my foreman install =28 =3E=3E=3E /opt/rh/ruby193/root/usr/share/gems/gems/fog-1=2E32=2E0/lib/fog/o= virt/compute=2Erb =3E=3E=3E =29 and it appears to have the correct option merged=3A =3E=3E=3E =3E=3E=3E connection=5Fopts=5B=3Afiltered=5Fapi=5D =3D =3E=3E=3E options=5B=3Aovirt=5Ffiltered=5Fapi=5D =3E=3E=3E =3E=3E=3E =3E=3E=3E But I don=27t know what url the foreman actually generates=2C is= there =3E=3E=3E any way to capture the login string=3F I tried setting some DEBUG= =3E=3E=3E logging but don=27t get the output I=27m looking for=2E =3E=3E=3E =3E=3E=3E =3Clogger category=3D=22org=2Eovirt=2Eengine=2Ecore= =2Ebll=2ESearchQuery=22=3E =3E=3E=3E =3Clevel name=3D=22DEBUG=22/=3E =3E=3E=3E =3C/logger=3E =3E=3E=3E =3Clogger =3E=3E=3E category=3D=22org=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELogin= UserCommand=22=3E =3E=3E=3E =3Clevel name=3D=22DEBUG=22/=3E =3E=3E=3E =3C/logger=3E =3E=3E=3E =3Clogger =3E=3E=3E category=3D=22org=2Eovirt=2Eengine=2Eapi=2Erestapi=2Eresource= =2EAbstractBackendResource=22=3E =3E=3E=3E =3Clevel name=3D=22DEBUG=22/=3E =3E=3E=3E =3C/logger=3E =3E=3E=3E =3E=3E=3E =3E=3E =3E=3E It depends what url foreman client access=2E But you can set=3A =3E=3E =3E=3E =3Clogger category=3D=22org=2Eovirt=2Eengine=2Ecore=2Ebll=22=3E =3E=3E =3Clevel name=3D=22ALL=22/=3E =3E=3E =3C/logger=3E =3E=3E =3E=3E And then you will see what commands was queried with or without the= =3E=3E filtered API=2E =3E=3E =3E=3E 2015-10-29 15=3A45=3A45=2C436 TRACE =3E=3E =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2EGetAllVmsQuery=5D =28ajp-/127= =2E0=2E0=2E1=3A8702-1=29 =5B=5D =3E=3E START=2C GetAllVmsQuery=28VdcQueryParametersBase=3A=7Brefresh=3D=27t= rue=27=2C =3E=3E filtered=3D=27true=27=7D=29=2C log id=3A 53b3c8b9 =3E=3E =3E=3E =5E=5E This is example of running =27Filter=3A true=27 on /api/vms= =28you can see =3E=3E filtered=3D=27true=27=29=2E =3E It appears the filtered tag doesn=27t get set=2E I=27ll continue on the foreman list from now=2E 2015-11-02 10=3A29=3A17=2C126 DEBUG =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginUserCommand=5D =28ajp--127=2E0=2E0=2E1-8702-9=29 Found permission fbcb73a0-226e-49d4-9e7a-01c665127a07 for user when running LoginUser=2C on Bottom with id bbb00000-0000-0000-0000-123456789bbb 2015-11-02 10=3A29=3A17=2C128 DEBUG =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginBaseCommand=5D =28ajp--127=2E0=2E0=2E1-8702-9=29 Checking if user testuser is an admin= =2C result false 2015-11-02 10=3A29=3A17=2C129 INFO=20 =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginUserCommand=5D =28ajp--127=2E0=2E0=2E1-8702-9=29 Running command=3A LoginUserCommand= =28LoginName =3D null=2C ProfileName =3D netbulae=2Etest=2C AuthRecord =3D =7BExtkey=5Bname=3DAAA=5FAUTHN=5FAUTH=5FRECORD=5FPRINCIPAL=3Btype=3Dcla= ss java=2Elang=2EString=3Buuid=3DAAA=5FAUTHN=5FAUTH=5FRECORD=5FPRINCIPAL= =5Bc3498f07-11fe-464c-958c-8bd7490b119a=5D=3B=5D=3Dtestuser=7D=2C IsAdmin =3D false=2C ActionType =3D LoginUser=2C AuthType =3D CREDENTIA= LS=29 internal=3A false=2E 2015-11-02 10=3A29=3A17=2C132 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2EGetConfigurationValueQuery=5D =28ajp--127=2E0=2E0=2E1-8702-9=29 START=2C GetConfigurationValueQuery= =28version=3A general=2C configuration value=3A ApplicationMode=2C refresh=3A false= =2C filtered=3A false=29=2C log id=3A 438b23b5 2015-11-02 10=3A29=3A17=2C134 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2EGetConfigurationValueQuery=5D =28ajp--127=2E0=2E0=2E1-8702-9=29 FINISH=2C GetConfigurationValueQuery= =2C log id=3A 438b23b5 2015-11-02 10=3A29=3A17=2C134 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2EGetValueBySessionQuery=5D= =28ajp--127=2E0=2E0=2E1-8702-9=29 START=2C GetValueBySessionQuery=28ref= resh=3A false=2C *filtered=3A false=29=2C *log id=3A 63d562b7 2015-11-02 10=3A29=3A17=2C135 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2EGetValueBySessionQuery=5D= =28ajp--127=2E0=2E0=2E1-8702-9=29 FINISH=2C GetValueBySessionQuery=2C l= og id=3A 63d562b7 2015-11-02 10=3A29=3A17=2C136 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2ESearchQuery=5D =28ajp--127=2E0= =2E0=2E1-8702-9=29 START=2C SearchQuery=28search type=3A StoragePool=2C search pattern=3A= =5BDatacenter =3A =5D=2C case sensitive=3A true =5Bfrom=3A 0=2C max=3A= -1=5D refresh=3A true=2C filtered=3A false=29=2C log id=3A 4e440f95 2015-11-02 10=3A29=3A17=2C138 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2ESearchQuery=5D =28ajp--127=2E0= =2E0=2E1-8702-9=29 Query execution failed due to insufficient permissions=2E I=27ve updated http=3A//projects=2Etheforeman=2Eorg/issues/6835 Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- --------------030607050102000203050600 Content-Type: text/html; charset="windows-1252" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Chead=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3C/head=3E =3Cbody bgcolor=3D=22=23FFFFFF=22 text=3D=22=23000000=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/29/2015 03=3A58 PM=2C Ondr= a Machacek wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A563233FE=2E1020708=40redhat=2Ecom=22 type= =3D=22cite=22=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/29/2015 03=3A56 PM=2C On= dra Machacek wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A56323394=2E8050800=40redhat=2Ecom=22 ty= pe=3D=22cite=22=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/28/2015 11=3A29 AM=2C= Jorick Astrego wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A5630A36D=2E6000202=40netbulae=2Eeu=22= type=3D=22cite=22=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/26/2015 03=3A14 PM= =2C Jorick Astrego wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A562E355D=2E4030201=40netbulae=2Eeu= =22 type=3D=22cite=22=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22 http-equiv=3D=22Content-Type=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/26/2015 02=3A57 PM= =2C Ondra Machacek wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A562E3143=2E4010600=40redhat=2Ecom= =22 type=3D=22cite=22=3E =3Cmeta content=3D=22text/html=3B charset=3Dwindows-1252=22= http-equiv=3D=22Content-Type=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 10/26/2015 02=3A53= PM=2C Jorick Astrego wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A562E3075=2E5050203=40netbulae= =2Eeu=22 type=3D=22cite=22=3E =3Cmeta http-equiv=3D=22content-type=22 content=3D=22text/h= tml=3B charset=3Dwindows-1252=22=3E Hi=2C=3Cbr=3E =3Cbr=3E Currently I=27m trying to add an ovirt compute resource in= forman that is limited to the VM=27s of the user=2E =3Cbr= =3E =3Cbr=3E When I give this user the PowerUser role=2C I cannot access the api=3A=3Cbr=3E =3Cbr=3E =3Cblockquote=3Equery execution failed due to insufficient= permissions=3Cbr=3E =3C/blockquote=3E =3C/blockquote=3E =3Cbr=3E Are you sending header =27Filter=3A true=27 with the request= =3F=3Cbr=3E If your user is not admin=28PowerUserRole is not admin role=29=2C=3Cbr=3E you have to use this header=2E=3Cbr=3E =3Cbr=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E Hmm=2C not much response on foreman-users=2E=2E =3Cbr=3E =3Cbr=3E I checked the code of fog in my foreman install =28 /opt/rh/ruby193/root/usr/share/gems/gems/fog-1=2E32=2E0/lib/fog/o= virt/compute=2Erb =29 and it appears to have the correct option merged=3A=3Cbr=3E= =3Cbr=3E =3Cblockquote=3E=A0=A0=A0=A0=A0=A0=A0=A0=A0 connection=5Fopts=5B= =3Afiltered=5Fapi=5D=A0 =3D options=5B=3Aovirt=5Ffiltered=5Fapi=5D=3Cbr=3E =3Cbr=3E =3Cbr=3E =3C/blockquote=3E But I don=27t know what url the foreman actually generates=2C is= there any way to capture the login string=3F I tried setting some DEBUG logging but don=27t get the output I=27m looking for= =2E=3Cbr=3E =3Cbr=3E =3Cblockquote=3E=A0=A0=A0=A0=A0=A0=A0 =26lt=3Blogger category=3D=22org=2Eovirt=2Eengine=2Ecore=2Ebll=2ESearchQuery= =22=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =26lt=3Blevel nam= e=3D=22DEBUG=22/=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3B/logger=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3Blogger category=3D=22org=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginUs= erCommand=22=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =26lt=3Blevel nam= e=3D=22DEBUG=22/=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3B/logger=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3Blogger category=3D=22org=2Eovirt=2Eengine=2Eapi=2Erestapi=2Eresource=2EAbstractBac= kendResource=22=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =26lt=3Blevel nam= e=3D=22DEBUG=22/=26gt=3B=3Cbr=3E =A0=A0=A0=A0=A0=A0=A0 =26lt=3B/logger=26gt=3B=3Cbr=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E It depends what url foreman client access=2E But you can set=3A=3Cb= r=3E =3Cbr=3E =26lt=3Blogger category=3D=22org=2Eovirt=2Eengine=2Ecore=2Ebll=22= =26gt=3B=3Cbr=3E =A0=A0=A0 =26lt=3Blevel name=3D=22ALL=22/=26gt=3B=3Cbr=3E =26lt=3B/logger=26gt=3B=3Cbr=3E =3Cbr=3E And then you will see what commands was queried with or without the filtered API=2E=3Cbr=3E =3Cbr=3E 2015-10-29 15=3A45=3A45=2C436 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2EGetAllVmsQuery=5D =28ajp-/127=2E0=2E0=2E1=3A8702-1=29 =5B=5D START=2C GetAllVmsQuery=28VdcQueryParametersBase=3A=7Brefresh=3D=27true=27= =2C filtered=3D=27true=27=7D=29=2C log id=3A 53b3c8b9=3Cbr=3E =3Cbr=3E =5E=5E This is example of running =27Filter=3A true=27 on /api/vms= =28you can see filtered=3D=27true=27=29=2E=3Cbr=3E =3C/blockquote=3E =3Cbr=3E =3C/blockquote=3E =3Cbr=3E =3Cbr=3E It appears the filtered tag doesn=27t get set=2E I=27ll continue on the= foreman list from now=2E=3Cbr=3E =3Cblockquote=3E2015-11-02 10=3A29=3A17=2C126 DEBUG =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginUserCommand=5D =28ajp--127=2E0=2E0=2E1-8702-9=29 Found permission fbcb73a0-226e-49d4-9e7a-01c665127a07 for user when running LoginUser=2C on Bottom with id bbb00000-0000-0000-0000-123456789bbb= =3Cbr=3E 2015-11-02 10=3A29=3A17=2C128 DEBUG =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginBaseCommand=5D =28ajp--127=2E0=2E0=2E1-8702-9=29 Checking if user testuser is an adm= in=2C result false=3Cbr=3E 2015-11-02 10=3A29=3A17=2C129 INFO=A0 =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginUserCommand=5D =28ajp--127=2E0=2E0=2E1-8702-9=29 Running command=3A LoginUserCommand=28LoginName =3D null=2C ProfileName =3D netbulae=2Et= est=2C AuthRecord =3D =7BExtkey=5Bname=3DAAA=5FAUTHN=5FAUTH=5FRECORD=5FPRINCIPAL=3Btype=3Dc= lass java=2Elang=2EString=3Buuid=3DAAA=5FAUTHN=5FAUTH=5FRECORD=5FPRINCIPAL= =5Bc3498f07-11fe-464c-958c-8bd7490b119a=5D=3B=5D=3Dtestuser=7D=2C IsAdmin =3D false=2C ActionType =3D LoginUser=2C AuthType =3D CREDENT= IALS=29 internal=3A false=2E=3Cbr=3E 2015-11-02 10=3A29=3A17=2C132 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2EGetConfigurationValueQuery=5D= =28ajp--127=2E0=2E0=2E1-8702-9=29 START=2C GetConfigurationValueQuery= =28version=3A general=2C configuration value=3A ApplicationMode=2C refresh=3A false= =2C filtered=3A false=29=2C log id=3A 438b23b5=3Cbr=3E 2015-11-02 10=3A29=3A17=2C134 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2EGetConfigurationValueQuery=5D= =28ajp--127=2E0=2E0=2E1-8702-9=29 FINISH=2C GetConfigurationValueQuer= y=2C log id=3A 438b23b5=3Cbr=3E 2015-11-02 10=3A29=3A17=2C134 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2EGetValueBySessionQuery= =5D =28ajp--127=2E0=2E0=2E1-8702-9=29 START=2C GetValueBySessionQuery=28r= efresh=3A false=2C =3Cb=3Efiltered=3A false=29=2C =3C/b=3Elog id=3A 63d562b7=3C= br=3E 2015-11-02 10=3A29=3A17=2C135 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2EGetValueBySessionQuery= =5D =28ajp--127=2E0=2E0=2E1-8702-9=29 FINISH=2C GetValueBySessionQuery=2C= log id=3A 63d562b7=3Cbr=3E 2015-11-02 10=3A29=3A17=2C136 TRACE =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2ESearchQuery=5D =28ajp--127=2E0= =2E0=2E1-8702-9=29 START=2C SearchQuery=28search type=3A StoragePool=2C search pattern= =3A =5BDatacenter =3A =5D=2C case sensitive=3A true =5Bfrom=3A 0=2C max= =3A -1=5D refresh=3A true=2C filtered=3A false=29=2C log id=3A 4e440f95=3Cbr=3E 2015-11-02 10=3A29=3A17=2C138 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2ESearchQuery=5D =28ajp--127=2E0= =2E0=2E1-8702-9=29 Query execution failed due to insufficient permissions=2E=3Cbr=3E =3C/blockquote=3E I=27ve updated =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22http= =3A//projects=2Etheforeman=2Eorg/issues/6835=22=3Ehttp=3A//projects=2Ethefo= reman=2Eorg/issues/6835=3C/a=3E=3Cbr=3E =3Cbr=3E =20= =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cbr=3E=3Cspan styl= e=3D=22color=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan sty= le=3D=22mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelij= ke groet=2C With kind regards=2C=3Cbr=3E=3Cbr=3EJorick Astrego=3Cbr=3E=3C/s= pan=3E=3C/font=3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E= Netbulae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3An= one=3Bborder-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 52= 2px=22=3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A= 10px=22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130p= x=3Bfont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D= =22width=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =20= =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td= =3E=3C/tr=3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3EFax=3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfo= nt-size=3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width= =3A 130px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style= =3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E= =3C/tr=3E=3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bb= order-top=3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E --------------030607050102000203050600--
participants (2)
-
Jorick Astrego -
Ondra Machacek