Who is the customer behind the request? Account: name (acct #) Richard Davis (PGDS UK Limited) / 947978 TAM customer: no/yes no SRM customer: no/yes Yes Strategic: no/yes Yes What is the nature and description of the request? Currently API calls generate a login/logout event for every call. Customer would like to be able to configure this logging (enable/disable). Why does the customer need this? (List the business requirements here) To prevent spamming the Event log with login/logout event every time we interact with RHEV using the APIs. How would the customer like to achieve this? (List the functional requirements here) Either be able to disable this logging or, ideally according to the customer, have a readonly account that can make API calls but not have the login/logout messages logged Is there already an existing RFE upstream or in Red Hat Bugzilla? Not for this explicitly, however BZ1036896 is open for the readonly admin account feature Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? They would like this in 3.3, however I have explained that this is unlikely given 3.3 is in the latter stages of public beta Is the sales team involved in this request and do they have any additional input? No Would the customer be able to assist in testing this functionality if implemented? Yes
API calls generate a login/logout event only if not using persistent authentication. If using the Python or Java SDKs this should happen automatically. If the customer is accessing the RESTAPI in some other ways then solution to this problem is to explicitly use persistent authentication. The first request sent by the client should contain the "Prefer" header and the authentication details: GET /api HTTP/1.1 Prefer: persistent-auth Content-type: application/xml Accept: application/xml Authorization: Basic YWRtaW5AaW50ZXJuYWw6cmVkaGF0MTIz The server will return the response, including a session cookie: HTTP/1.1 200 OK Header: Date: Fri, 10 Jan 2014 15:32:20 GMT Set-Cookie: JSESSIONID=4RNIBiN40YTHC61APsDL-1Tx; Path=/api; Secure Further requests should send again the "Prefer" header and the session cookie: GET /api/vms HTTP/1.1 Prefer: persistent-auth Cookie: JSESSIONID=4RNIBiN40YTHC61APsDL-1Tx Content-type: application Accept: application This will generate only one session in the server side, and only one login message in the log. For more details see here: http://www.ovirt.org/Features/RESTSessionManagement I would suggest to use one of the SDKs, as they provide this for free, and simplify the development. If this is enough for the customer I would suggest to close the bug as NOTABUG.
Closing this as NOTABUG per C#1