Bug 1163105
Summary: | [RFE] Supporting search in User-Level API | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | sefi litmanovich <slitmano> |
Component: | ovirt-engine | Assignee: | Eli Mesika <emesika> |
Status: | CLOSED ERRATA | QA Contact: | Karolína Hajná <khajna> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.5.0 | CC: | aburden, bazulay, emesika, iheim, juan.hernandez, khajna, lpeer, lsurette, nicolas, pstehlik, rbalakri, Rhev-m-bugs, sherold, slitmano, yeylon, ykaul |
Target Milestone: | ovirt-3.6.0-rc | Keywords: | FutureFeature |
Target Release: | 3.6.0 | Flags: | sherold:
Triaged+
|
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: |
Search query filtering has been added to the REST API to match functionality of the Web Admin Portal.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-03-09 20:51:06 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1213937, 1132506 |
Description
sefi litmanovich
2014-11-12 12:06:17 UTC
The RESTAPI doesn't process the queries itself, it just sends them to the backend, so if something needs to be changed in query syntax or processing it should be in the backend. Note also that the RESTAPI does respect URL encoding (%20 and similar), in fact this is done by the application server way before the value of the "search" parameter is given to the RESTAPI. So it is up to the backend to process the resulting characters (a space in this case). Looks like for the backend a space signals the end of a search term, not an space embedded in a search term. If you want to search for strings containing spaces you will probably need to use quotes, and encode them correctly. For example: ...?search=%22separated%20by%20spaces%22 Which will result in sending to the backend the string "separated by spaces" (including the quotes). *** Bug 1155967 has been marked as a duplicate of this bug. *** I couldn't find source of the "Host {host_name} was started by Engine" event to test this. How did you have to do to get it? *** Bug 1212483 has been marked as a duplicate of this bug. *** Search still doesn't work properly. I tried to search for "User" in "User admin@internal logged in." event. This doesn't work. However, when searching for "ser" only it works fine. Second case is when searching for name of one of my hosts - "host1" in "Installing Host host1. Stage: Setup validation." event. Just as in the first case, it finds nothing. Works fine while searching for "ost". Searching for string with space works correctly when quoted: ...?search=%22separated%20string%22 The reason for the failure with "User" is that "User" has a special meaning when searching events, it means that you want the events of a particular user, and then you need to specify some matching criteria. For example: ?search=User%3dadmin That should search for the events where some of the properties of the user is "admin". Unfortunately this seems to trigger a database error in the current master. It generates the following SQL query: ---8<--- SELECT * FROM (SELECT * FROM audit_log WHERE (audit_log_id IN (SELECT distinct audit_log.audit_log_id FROM audit_log LEFT OUTER JOIN vdc_users_with_tags ON audit_log.user_id=vdc_users_with_tags.user_id WHERE ( vdc_users_with_tags.department LIKE '%admin%' OR vdc_users_with_tags.domain LIKE '%admin%' OR vdc_users_with_tags.groups LIKE '%admin%' OR vdc_users_with_tags.mla_role LIKE '%admin%' OR vdc_users_with_tags.name LIKE '%admin%' OR vdc_users_with_tags.role LIKE '%admin%' OR vdc_users_with_tags.surname LIKE '%admin%' OR vdc_users_with_tags.tag_name LIKE '%admin%' OR vdc_users_with_tags.username LIKE '%admin%' OR vdc_users_with_tags.vm_pool_name LIKE '%admin%' ) AND not deleted)) ORDER BY audit_log_id DESC ) as T1 OFFSET (1 -1) LIMIT 2147483647 --->8--- And when executed that query generates the following error: ---8<--- statementcallback; bad sql grammar [select * from (select * from audit log where ( audit log id in (select distinct audit log.audit log id from audit log left outer join vdc users with tags on audit log.user id=vdc users with tags.user id where ( vdc users with tags.department like '%admin%' or vdc users with tags.domain like '%admin%' or vdc users with tags.groups like '%admin%' or vdc users with tags.mla role like '%admin%' or vdc users with tags.name like '%admin%' or vdc users with tags.role like '%admin%' or vdc users with tags.surname like '%admin%' or vdc users with tags.tag name like '%admin%' or vdc users with tags.username like '%admin%' or vdc users with tags.vm pool name like '%admin%' ) and not deleted)) order by audit log id desc ) as t1 offset (1 -1) limit 2147483647]; nested exception is org.postgresql.util.psqlexception: error: column vdc users with tags.groups does not exist position: 318 --->8--- Alternatively, instead of search inside all the properties of the user you can search in a specific one, for example the name: ?search=user.name%3dadmin Finally, if what you want to do is search in the message of the event, then you can use the "message" property. For example, if you want to search the events that have the form "User whatever logged in" you can use the following search query: message="User * logged in." That needs to be URL encoded, and it will look like this: ?search=message%3D%22User%20*%20logged%20in.%22 Based on last comment by Juan, can we move this to modified? Yes, this can be moved to modified. Except the database error Juan posted everything work fine. (In reply to Karolína Hajná from comment #8) > Yes, this can be moved to modified. > Except the database error Juan posted everything work fine. I meant verified. Not modified. My bad. Can you move it to verified? On 3.6.0-0.0.master.20150427173543.git61dec8c.el6 searching for ...events\;from\=\?search\=User%3dadmin still causes following error: HTTP/1.1 400 Bad Request Date: Wed, 29 Apr 2015 06:27:42 GMT Content-Type: application/xml Content-Length: 1073 Vary: Accept-Encoding Connection: close <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <fault> <reason>Operation Failed</reason> <detail>statementcallback; bad sql grammar [select * from (select * from audit log where ( audit log id in (select distinct audit log.audit log id from audit log left outer join vdc users with tags on audit log.user id=vdc users with tags.user id where ( vdc users with tags.department like '%admin%' or vdc users with tags.domain like '%admin%' or vdc users with tags.groups like '%admin%' or vdc users with tags.mla role like '%admin%' or vdc users with tags.name like '%admin%' or vdc users with tags.role like '%admin%' or vdc users with tags.surname like '%admin%' or vdc users with tags.tag name like '%admin%' or vdc users with tags.username like '%admin%' or vdc users with tags.vm pool name like '%admin%' ) and not deleted)) order by audit log id desc ) as t1 offset (1 -1) limit 2147483647]; nested exception is org.postgresql.util.psqlexception: error: column vdc users with tags.groups does not exist position: 316</detail> </fault> Since the user "admin" exists and events related to this user as well, this is a bug. (In reply to Oved Ourfali from comment #9) IMO , bug reported in comment 10 should be opened separately and this RFE should be moved to verify Please verify this one and open a new BZ on the unrelated BZ reported in comment 10 The search doesn't work for user roles. I added a user to engine and set it's roles to UserRole and PowerUserRole (but assigned user role seem to have no effect on result). The I used curl -k -u {user@domain} -i -H "Accept: application/xml" https://{engine_ip}/api/vms\;from\=\?search\=* which returned <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <fault> <reason>Operation Failed</reason> <detail>query execution failed due to insufficient permissions.</detail> </fault> For VMs this should return listed user's VMs. For any administrator role the search works correctly. The reason is that you are using a user query without setting the Filter to true in the header, that makes you get the permission error. You must set "Filter: true" in the header as follows curl -k -u {user@domain} -i -H "Accept: application/xml" -H "Filter: true" https://{engine_ip}/api/vms\;from\=\?search\=* Moving this back to ON_QA Verified on 3.6.0-0.0.master.20150519172222.git9a2e2b3.el7 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-0376.html (In reply to Eli Mesika from comment #14) > The reason is that you are using a user query without setting the Filter to > true in the header, that makes you get the permission error. > > You must set "Filter: true" in the header as follows > > > curl -k -u {user@domain} -i -H "Accept: application/xml" -H "Filter: true" > https://{engine_ip}/api/vms\;from\=\?search\=* > > Moving this back to ON_QA Hi Eli, My colleague discovered that when using fence_rhevm as 'admin@internal', nothing is returned when querying the status of a VM. Tweaking the code of fence_rhevm, forcing the filter header to 'true', allows to get the correct data. AFAIK, the filter header was mandatory only for users : how comes it seems to matter also for admin? Thank you. Nicolas, what version of ovirt-engine are you using exactly? I ask because if you are using version 4 of the engine then the default version of the API is also version 4, and the current fence_rhevm code doesn't work correctly with version 4 of the API, it needs to be fixed: Explicitly use version 3 of the oVirt API https://github.com/ClusterLabs/fence-agents/pull/71 (In reply to Juan Hernández from comment #19) > Nicolas, what version of ovirt-engine are you using exactly? Hello, I'm using fence-agents-rhevm-4.0.11-66.el7_4.3.x86_64 to query guests on oVirt 3.6.7. |