Bug 1403161

Summary:	Missing <certificate> node in ovirt-engine/api/vms/$vmid
Product:	[oVirt] ovirt-engine	Reporter:	Christophe Fergeau <cfergeau>
Component:	BLL.Virt	Assignee:	Tomasz Barański <tbaransk>
Status:	CLOSED CURRENTRELEASE	QA Contact:	meital avital <mavital>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	---	CC:	bugs, cfergeau, elima, lsurette, michal.skrivanek, mtessun, rbarry, Rhev-m-bugs, srevivo, tbaransk, tjelinek
Target Milestone:	ovirt-4.3.2	Keywords:	Reopened
Target Release:	---	Flags:	pm-rhel: ovirt-4.3+ pm-rhel: ovirt-4.4+ pm-rhel: devel_ack+
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	ovirt-engine-4.3.2.1	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2019-03-19 10:03:18 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	Virt	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1402909, 1792231

Description Christophe Fergeau 2016-12-09 10:15:36 UTC

I'm looking at ovirt-engine/api/vms/$vmid on a RHV instance, in particular at the /vms/vm/display/ node. The instance I'm testing with has REST CA != SPICE CA, so I would expect to have find a /vms/vm/display/certificate node as described in https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/paged/rest-api-guide/chapter-6-types#types-certificate

The node is not there, so I cannot know the CA to use to connect to the VM.

Comment 2 Christophe Fergeau 2016-12-09 10:51:13 UTC

Actually the certificate node is there if I access ovirt-engine/api/vms/$vmid rather than ovirt-engine/api/vms/
However, it does not have any of the other nodes described in https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/paged/rest-api-guide/chapter-6-types#types-certificate
Not sure if one of these should contain the CA certificate or not.

Comment 3 Oved Ourfali 2017-09-12 09:46:06 UTC

This is on the VM collection.
Moving to virt.

Comment 4 Tomas Jelinek 2017-11-24 13:32:19 UTC

You can get this info from API using:
POST: .../ovirt-engine/api/vms/<vm id>/graphicsconsoles/<console id>/remoteviewerconnectionfile

hence, postponing.

Comment 5 Michal Skrivanek 2018-08-15 11:47:07 UTC

(In reply to Tomas Jelinek from comment #4)
> You can get this info from API using:
> POST: .../ovirt-engine/api/vms/<vm id>/graphicsconsoles/<console
> id>/remoteviewerconnectionfile
> 
> hence, postponing.

Christophe, is that good enough?
just a doc update?

Comment 6 Christophe Fergeau 2018-08-16 09:54:19 UTC

(In reply to Michal Skrivanek from comment #5)
> (In reply to Tomas Jelinek from comment #4)
> > You can get this info from API using:
> > POST: .../ovirt-engine/api/vms/<vm id>/graphicsconsoles/<console
> > id>/remoteviewerconnectionfile
> > 
> > hence, postponing.
> 
> Christophe, is that good enough?
> just a doc update?

This really looks like a workaround to me than a proper way of getting the CA data. By that reasoning, the whole <vm><display> node could go away and be replaced by <vm><graphicsconsoles>.

Comment 7 Michal Skrivanek 2018-08-16 10:22:09 UTC

that's true:)

Comment 8 Ryan Barry 2018-11-14 11:23:56 UTC

This will not make it in a reasonable time. Please re-open if you still feel this should be fixed

Comment 9 Christophe Fergeau 2018-11-14 12:12:56 UTC

(In reply to Ryan Barry from comment #8)
> This will not make it in a reasonable time. Please re-open if you still feel
> this should be fixed

Without this, one cannot establish a secure SPICE connection to a RHV VM through the REST API, so yes this should be fixed.

Comment 10 Ryan Barry 2019-01-03 12:49:31 UTC

This will not be addressed in a reasonable timeframe. Please re-open if it's still important.

Comment 11 Christophe Fergeau 2019-01-03 14:57:25 UTC

I've already reopened it less than 2 months ago, has there been any changes which would make this less important than at that time?

Comment 12 Ryan Barry 2019-01-03 15:00:48 UTC

Sorry, Christophe, I forgot to clear the flag before, so it got caught again

Comment 14 Sandro Bonazzola 2019-03-13 15:50:13 UTC

This seems to be fixed in ovirt-engine-4.3.2.1.
Can you please check target milestone for this bug?

Comment 15 meital avital 2019-03-14 12:29:07 UTC

Verification version:
ovirt-engine-4.3.2.1-0.0.master.20190310172919.git0b3fbad.el7
vdsm-4.40.0-59.git5533158.el7.x86_64
qemu-kvm-ev-2.12.0-18.el7_6.3.1.x86_64
libvirt-client-4.5.0-10.el7_6.4.x86_64

Verification scenario:
1. Open REST client and verify <certificate> node (with <content>) is present under: https://engine-fqdn.redhat.com/ovirt-engine/api/vms/
and also under: https://engine-fqdn.redhat.com/ovirt-engine/api/vms/{id}

Comment 16 Sandro Bonazzola 2019-03-19 10:03:18 UTC

This bugzilla is included in oVirt 4.3.2 release, published on March 19th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.2 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.