[ovirt-users] api access with poweruser role
Jorick Astrego
j.astrego at netbulae.eu
Mon Oct 26 14:14:53 UTC 2015
On 10/26/2015 02:57 PM, Ondra Machacek wrote:
>
>
> On 10/26/2015 02:53 PM, Jorick Astrego wrote:
>> Hi,
>>
>> Currently I'm trying to add an ovirt compute resource in forman that
>> is limited to the VM's of the user.
>>
>> When I give this user the PowerUser role, I cannot access the api:
>>
>> query execution failed due to insufficient permissions
>>
>
> Are you sending header 'Filter: true' with the request ?
> If your user is not admin(PowerUserRole is not admin role),
> you have to use this header.
>
>
As I'm using forman, I have no control over this. There used to be a
bug, but it should have been patched months ago:
http://projects.theforeman.org/issues/6835
-
------------------------------------------------------------------------
*Description*
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1123676
Description of problem:
When trying to create a rhev compute resource with non-admin RHEV
user, the following error occurs:
"query execution failed due to insufficient permissions."
The reason for this is the RHEV needs to be called with 'Filter:
true' headers
for the api to work correctly with non-admin user.
The rbovirt client library supports to specify the filtered_api
option, but fog and foreman don't have a support for that
https://github.com/abenari/rbovirt/blob/a7c277e3fc5698e55e95a9432997b1a9c8d486ae/lib/rbovirt.rb#L54-L55
History
#1 <http://projects.theforeman.org/issues/6835#note-1>
Updated by Dominic Cleal
<http://projects.theforeman.org/users/3536> about 1 year
<http://projects.theforeman.org/projects/foreman/activity?from=2014-07-30>
ago
* *Category* set to /Compute resources - oVirt/
* *Assigned To* deleted (/Dominic Cleal/)
#2 <http://projects.theforeman.org/issues/6835#note-2>
Updated by Tom Caspy
<http://projects.theforeman.org/users/5429> 10 months
<http://projects.theforeman.org/projects/foreman/activity?from=2015-01-13>
ago
added a pull request to the fog gem:
https://github.com/fog/fog/pull/3393
#3 <http://projects.theforeman.org/issues/6835#note-3>
Updated by Ohad Levy
<http://projects.theforeman.org/users/3> 5 months
<http://projects.theforeman.org/projects/foreman/activity?from=2015-06-09>
ago
Fog PR has been merged a while ago.
The version of rbovirt we have is:
ruby193-rubygem-rbovirt-0.0.35-1.el6.noarch
Kind regards,
Jorick
>>
>> When I give this user the SuperUser role, I can access the api. But I
>> can see all the VM's of all users.
>>
>> How can I grant api access so the user can deploy through forman
>> without giving access to all the vm's in our oVirt environment?
>>
>> Kind regards,
>>
>> Jorick
>>
>>
>>
>>
>> Met vriendelijke groet, With kind regards,
>>
>> Jorick Astrego
>> *
>> Netbulae Virtualization Experts *
>> ------------------------------------------------------------------------
>> Tel: 053 20 30 270 info at netbulae.eu Staalsteden 4-3A KvK 08198180
>> Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW
>> NL821234584B01
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
----------------
Tel: 053 20 30 270 info at netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
----------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151026/1335a798/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: efafgfcc.gif
Type: image/gif
Size: 42 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151026/1335a798/attachment-0001.gif>
More information about the Users
mailing list