Bug 1236976
Summary: | [RFE] UIPlugins should not use restapi http session | ||||||
---|---|---|---|---|---|---|---|
Product: | [oVirt] ovirt-engine | Reporter: | Alon Bar-Lev <alonbl> | ||||
Component: | RFEs | Assignee: | Vojtech Szocs <vszocs> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Petr Matyáš <pmatyas> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | --- | CC: | bgraveno, bmcclain, bugs, gklein, iheim, lsurette, mgoldboi, michal.skrivanek, oourfali, pstehlik, rbalakri, sbonazzo, srevivo, vszocs, ykaul | ||||
Target Milestone: | ovirt-4.0.0-beta | Keywords: | FutureFeature, Improvement | ||||
Target Release: | 4.0.0 | Flags: | rule-engine:
ovirt-4.0.0+
pstehlik: testing_plan_complete- mgoldboi: planning_ack+ oourfali: devel_ack+ pstehlik: testing_ack+ |
||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Deprecated Functionality | |||||
Doc Text: |
The user interface (UI) code is now aligned with the Manager's SSO infrastructure by dropping reliance on the REST webapp's HTTP session mechanism in favor of using SSO tokens.
This impacts, and potentially breaks all UI plugins because the "RestApiSessionAcquired" callback has been removed.
From now on, UI plugins should use the new "api.ssoToken" function when authenticating Manager (e.g. REST API) requests:
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://example.com/ovirt-engine/api');
xhr.setRequestHeader('Authorization', 'Bearer ' + api.ssoToken());
xhr.setRequestHeader('Accept', 'application/json');
xhr.addEventListener('load', function () {
// response loaded OK, parse JSON data
var data = JSON.parse(this.responseText);
});
xhr.send();
The UI plugins no longer need to use session-specific request headers like "Prefer:persistent-auth" and "JSESSIONID:xxx", which simplifies their code.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-07-05 08:03:46 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | UX | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Alon Bar-Lev
2015-06-30 06:01:08 UTC
> Another option: the infrastructure will actually perform the http request.
I prefer this option, e.g. expose service to UI plugins for talking with REST API that takes care of specific HTTP request details and processing.
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release. Vojtech - we already handled this one, right? (In reply to Oved Ourfali from comment #4) > Vojtech - we already handled this one, right? Following action items (on me) are needed to close this one: 1, update https://gerrit.ovirt.org/#/c/49278/ according to Ravi's feedback & build Engine with patch applied for verification 2, [virt-viewer integration] verify VM console connect using virt-viewer build from https://bugzilla.redhat.com/show_bug.cgi?id=1286696#c17 3, [UI plugin API change] verify `api.ssoToken()` by writing sample UI plugin, attach the sample UI plugin to BZ for reference 4, ask BZ#1286696 assignee (Christophe) to merge relevant virt-viewer changes & update BZ status accordingly 5, merge https://gerrit.ovirt.org/#/c/49278/ and move this BZ to MODIFIED 6, announce on oVirt devel list breaking change in UI plugin API, provide sample code on how to migrate existing UI plugins to use the new API Created attachment 1139621 [details]
SSO test UI plugin
Attaching sample UI plugin to test the newly introduced `api.ssoToken()` function.
Just extract files into $PREFIX/share/ovirt-engine/ui-plugins (where $PREFIX is usually /usr) and reload WebAdmin in your browser. Engine restart is not necessary.
Moving from 4.0 alpha to 4.0 beta since 4.0 alpha has been already released and bug is not ON_QA. Vojtech - where do we stand with this one? (In reply to Oved Ourfali from comment #8) > Vojtech - where do we stand with this one? Waiting for Christophe to verify upstream virt-viewer SSO changes. Once verified, the process should be: - merge https://gerrit.ovirt.org/#/c/49278/ & move BZ to MODIFIED - announce on oVirt devel the breaking change in UI plugin API We should open another BZ -- once the virt-viewer build [1] lands in Fedora/RHEL(/Win?), update "RemoteViewerSupportedVersions" Engine config value according to [2]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1286696 [2] https://gerrit.ovirt.org/#/c/56616/ (In reply to vszocs from comment #9) > (In reply to Oved Ourfali from comment #8) > > Vojtech - where do we stand with this one? > > Waiting for Christophe to verify upstream virt-viewer SSO changes. > > Once verified, the process should be: > - merge https://gerrit.ovirt.org/#/c/49278/ & move BZ to MODIFIED > - announce on oVirt devel the breaking change in UI plugin API > > We should open another BZ -- once the virt-viewer build [1] lands in > Fedora/RHEL(/Win?), update "RemoteViewerSupportedVersions" Engine config > value according to [2]. > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1286696 > [2] https://gerrit.ovirt.org/#/c/56616/ We need to merge that before feature freeze. I guess this might get an exception if not, but we should try. Update: BZ#1324457 is now ON_QA, fixed in version = libgovirt-0.3.3-2.el7 Verified on ovirt-engine-4.0.0-0.0.master.20160523171412.git1a7a1f3.el7.centos.noarch oVirt 4.0.0 has been released, closing current release. |