[ovirt-devel] Important change in UI plugins REST API integration
Vojtech Szocs
vszocs at redhat.com
Wed Dec 3 15:54:33 UTC 2014
----- Original Message -----
> From: "Einav Cohen" <ecohen at redhat.com>
> To: "Yaniv Dary" <ydary at redhat.com>
> Cc: "Vojtech Szocs" <vszocs at redhat.com>, devel at ovirt.org
> Sent: Wednesday, December 3, 2014 3:56:00 PM
> Subject: Re: [ovirt-devel] Important change in UI plugins REST API integration
>
> > ----- Original Message -----
> > From: "Yaniv Dary" <ydary at redhat.com>
> > Sent: Wednesday, December 3, 2014 5:02:19 AM
> >
> > Does this affect any 3rd parties that implemented UI plugins?
>
> this affects any UI plugin that utilizes the rest-api-session *generated
> by the ui-plugins infrastructure* outside the context of the client/browser;
> I.e., plugins that send the ui-plugins-infra-generated-rest-api-session-id
> to some (3rd party) server-side (which is not aware of the client's browser/
> web-admin status at all) that performs communication with the engine's rest-
> api based on that rest-api-session-id.
To explain a bit about REST integration for UI plugins: right upon each
successful WebAdmin GUI login, WebAdmin's UI plugin infra will acquire
new REST session and pass the REST session ID to all UI plugins through
"RestApiSessionAcquired" callback [1].
[1] http://www.ovirt.org/Features/UIPlugins#REST_API_integration
Any UI plugin can register "RestApiSessionAcquired" callback handler
and be notified of REST session ID. Typically, UI plugin itself can
talk with Engine REST API. I assume this covers the majority of all
UI plugins utilizing the "RestApiSessionAcquired" callback. These
plugins do NOT need to be modified at all.
However, passing this (UI plugin & WebAdmin GUI user specific) REST
session ID to any 3rd party is generally discouraged since as of 3.5
the REST session won't be usable after WebAdmin GUI user logs out [2].
When GUI user logs in again, new REST session ID will be passed to UI
plugins.
[2] http://gerrit.ovirt.org/#/c/35185/
>
> > Will they need to change anything or is this change more a behaviour change
> > only?
>
> for the plugins that I mentioned above: assuming these plugins would like
> retain their functionality and have their server-side perform communication
> with the engine's rest-api regardless of the current status of the client's
> browser/web-admin (active/logged-in/logged-out/...), they will need to change
> their code to obtain their own rest-api-session (to be used by the server-
> side), rather than rely on the rest-api-session that was obtained by the ui-
> plugins infrastructure for them; the latter should be used *only* for the
> plugin's *client*-side communication with the engine's rest-api.
Yes. In other words, REST session ID obtained via "RestApiSessionAcquired"
callback is scoped to current WebAdmin GUI user. Any 3rd party (outside of
UI plugin context) should manage its "own" REST session.
>
> if these plugins will not change their code as described above - these
> plugins' server-side communication with the engine's rest-api will break
> upon web-admin logout (which may be an acceptable 'breakage' for some
> plugins - this is really up to each ui-plugin author to make this decision).
>
> all other plugins (i.e. plugins that use the ui-plugins-infra-generated-rest-
> api-session only within the client context, plugins that don't use this rest-
> api-session at all, etc.) can remain as-is - they will not be affected.
>
> >
> >
> >
> > Yaniv
> >
> > ----- Original Message -----
> > > From: "Vojtech Szocs" <vszocs at redhat.com>
> > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > Cc: devel at ovirt.org
> > > Sent: Tuesday, December 2, 2014 7:12:21 PM
> > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API
> > > integration
> > >
> > >
> > >
> > > ----- Original Message -----
> > > > From: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > To: "Sven Kieske" <s.kieske at mittwald.de>
> > > > Cc: devel at ovirt.org
> > > > Sent: Tuesday, December 2, 2014 9:43:18 AM
> > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API
> > > > integration
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > > From: "Sven Kieske" <s.kieske at mittwald.de>
> > > > > To: devel at ovirt.org
> > > > > Sent: Tuesday, December 2, 2014 10:41:00 AM
> > > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API
> > > > > integration
> > > > >
> > > > >
> > > > >
> > > > > On 01/12/14 20:26, Vojtech Szocs wrote:
> > > > > > In other words, usability of REST session ID is now strictly
> > > > > > scoped to GUI user being authenticated. If the user logs in,
> > > > > > (always) new REST session ID will be passed to all UI plugins.
> > > > > > If the user logs out, REST session ID will not work anymore.
> > > > >
> > > > > What if I use just REST for logging in and doing something
> > > > > without any GUI interaction at all?
> > >
> > > This announcement was about UI plugins in WebAdmin. If you use
> > > Engine REST API without any GUI interaction involved, you aren't
> > > affected in any way.
> > >
> > > > >
> > > > > this reads a little like: you always need an open web gui
> > > > > to be able to use REST, which does not make sense at all.
> > >
> > > Sorry if my email confused you. It should read like: if you're
> > > an author of oVirt UI plugin for WebAdmin, please beware that
> > > REST API session ID (automatically acquired by UI plugin infra
> > > on behalf of all UI plugins) will not work after GUI logout.
> > >
> > > >
> > > > If you provide your own credentials nothing changed.
> > > >
> > > > The change is only effecting RESTAPI usage within the user interface
> > > > using
> > > > the credentials obtained interactively from the user within login page.
> > > >
> > > > > So I guess I'm misreading this?
> > > > >
> > > > > --
> > > > > Mit freundlichen Grüßen / Regards
> > > > >
> > > > > Sven Kieske
> > > > >
> > > > > Systemadministrator
> > > > > Mittwald CM Service GmbH & Co. KG
> > > > > Königsberger Straße 6
> > > > > 32339 Espelkamp
> > > > > T: +49-5772-293-100
> > > > > F: +49-5772-293-333
> > > > > https://www.mittwald.de
> > > > > Geschäftsführer: Robert Meyer
> > > > > St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad
> > > > > Oeynhausen
> > > > > Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad
> > > > > Oeynhausen
> > > > > _______________________________________________
> > > > > Devel mailing list
> > > > > Devel at ovirt.org
> > > > > http://lists.ovirt.org/mailman/listinfo/devel
> > > > _______________________________________________
> > > > Devel mailing list
> > > > Devel at ovirt.org
> > > > http://lists.ovirt.org/mailman/listinfo/devel
> > > _______________________________________________
> > > Devel mailing list
> > > Devel at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/devel
> > _______________________________________________
> > Devel mailing list
> > Devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/devel
>
More information about the Devel
mailing list