[ovirt-users] api access with poweruser role
Jorick Astrego
j.astrego at netbulae.eu
Wed Oct 28 06:29:01 EDT 2015
On 10/26/2015 03:14 PM, Jorick Astrego wrote:
>
>
> On 10/26/2015 02:57 PM, Ondra Machacek wrote:
>>
>>
>> On 10/26/2015 02:53 PM, Jorick Astrego wrote:
>>> Hi,
>>>
>>> Currently I'm trying to add an ovirt compute resource in forman that
>>> is limited to the VM's of the user.
>>>
>>> When I give this user the PowerUser role, I cannot access the api:
>>>
>>> query execution failed due to insufficient permissions
>>>
>>
>> Are you sending header 'Filter: true' with the request ?
>> If your user is not admin(PowerUserRole is not admin role),
>> you have to use this header.
>>
>>
>
Hmm, not much response on foreman-users..
I checked the code of fog in my foreman install (
/opt/rh/ruby193/root/usr/share/gems/gems/fog-1.32.0/lib/fog/ovirt/compute.rb
) and it appears to have the correct option merged:
connection_opts[:filtered_api] = options[:ovirt_filtered_api]
But I don't know what url the foreman actually generates, is there any
way to capture the login string? I tried setting some DEBUG logging but
don't get the output I'm looking for.
<logger category="org.ovirt.engine.core.bll.SearchQuery">
<level name="DEBUG"/>
</logger>
<logger
category="org.ovirt.engine.core.bll.aaa.LoginUserCommand">
<level name="DEBUG"/>
</logger>
<logger
category="org.ovirt.engine.api.restapi.resource.AbstractBackendResource">
<level name="DEBUG"/>
</logger>
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
----------------
Tel: 053 20 30 270 info at netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
----------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151028/90cc9c27/attachment-0001.html>
More information about the Users
mailing list