Bug 1102801
Summary: | Query execution failed due to insufficient permissions while run GET VM info using user portal credentials | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Yuri Obshansky <yobshans> |
Component: | ovirt-engine-restapi | Assignee: | Juan Hernández <juan.hernandez> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavel Novotny <pnovotny> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.4.0 | CC: | bazulay, gklein, iheim, juan.hernandez, mavital, oramraz, rbalakri, Rhev-m-bugs, shavivi, yeylon |
Target Milestone: | --- | ||
Target Release: | 3.5.0 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | virt | ||
Fixed In Version: | ovirt-3.5.0-beta1.1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-17 08:28:46 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1142923, 1156165 |
Description
Yuri Obshansky
2014-05-29 14:56:14 UTC
I think that we need to make the GetVmsInit query accessible to users, something like this: diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java b/backend/manager/modu index 0480b74..26532a9 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java @@ -26,7 +26,7 @@ public enum VdcQueryType implements Serializable { GetVmsByVnicProfileId, GetTemplatesByVnicProfileId, GetVirtioScsiControllers(VdcQueryAuthType.User), - GetVmsInit, + GetVmsInit(VdcQueryAuthType.User), GetVmNextRunConfiguration(VdcQueryAuthType.User), GetVmUpdatesOnNextRunExists(VdcQueryAuthType.User), Shahar, can you confirm? (In reply to Juan Hernández from comment #1) > Shahar, can you confirm? Ack Note that the attached patch allows access to the query, but that query is only used if the "Filter: true" header is used, so in addition to the fix the caller needs to add that header to the request. The fix for this issue has been merged into the upstream 3.5 branch, so it will be available downstream with the next rebase. Verified upstream in ovirt-engine-3.5.0-0.0.master.20140804172041.git23b558e.el6.noarch (rc1). GET request (see comment 0) as a regular user works. No errors about insufficient permissions to execute query in occured engine log. curl -A "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131023 Firefox/17.0" \ -e "https://instance1.ovirt.org/ovirt-engine/userportal/" \ -H "Connection: keep-alive" \ -H "Session-TTL: 360" \ -H "Accept-Language: en-US,en;q=0.5" \ -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" \ -H "Prefer: persistent-auth" \ -H "Authorization: Basic ***" \ # a user -H "Filter: true" \ https://instance1.ovirt.org/ovirt-engine/api/vms/ Response: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <vms> <vm href="/ovirt-engine/api/vms/5d4f3c8a-7514-400d-a0f7-5c6c51178ba8" id="5d4f3c8a-7514-400d-a0f7-5c6c51178ba8"> ... ... </vms> RHEV-M 3.5.0 has been released |