Bug 1236976 – [RFE] UIPlugins should not use restapi http session

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1236976 - [RFE] UIPlugins should not use restapi http session

Summary:	[RFE] UIPlugins should not use restapi http session

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	ovirt-engine
Classification:	oVirt
Component:	RFEs (Show other bugs)
Sub Component:
Version:	---
Hardware:	Unspecified Unspecified

Priority	high Severity high (vote)
Target Milestone:	ovirt-4.0.0-beta
Target Release:	4.0.0
Assigned To:	vszocs
QA Contact:	Petr Matyáš
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature, Improvement

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2015-06-30 02:01 EDT by Alon Bar-Lev
Modified:	2016-07-31 07:30 EDT (History)
CC List:	15 users (show)

See Also:
Fixed In Version:
Doc Type:	Deprecated Functionality
Doc Text:	The user interface (UI) code is now aligned with the Manager's SSO infrastructure by dropping reliance on the REST webapp's HTTP session mechanism in favor of using SSO tokens. This impacts, and potentially breaks all UI plugins because the "RestApiSessionAcquired" callback has been removed. From now on, UI plugins should use the new "api.ssoToken" function when authenticating Manager (e.g. REST API) requests: var xhr = new XMLHttpRequest(); xhr.open('GET', 'http://example.com/ovirt-engine/api'); xhr.setRequestHeader('Authorization', 'Bearer ' + api.ssoToken()); xhr.setRequestHeader('Accept', 'application/json'); xhr.addEventListener('load', function () { // response loaded OK, parse JSON data var data = JSON.parse(this.responseText); }); xhr.send(); The UI plugins no longer need to use session-specific request headers like "Prefer:persistent-auth" and "JSESSIONID:xxx", which simplifies their code.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-07-05 04:03:46 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	UX
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Flags:	rule-engine: ovirt‑4.0.0+ pstehlik: testing_plan_complete- mgoldboi: planning_ack+ oourfali: devel_ack+ pstehlik: testing_ack+

Attachments	(Terms of Use)
SSO test UI plugin (418 bytes, application/x-gzip) 2016-03-23 10:41 EDT, vszocs	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	49278	master	NEW	webadmin,userportal: Adapt UI code to SSO changes	2016-04-28 09:07 EDT

Groups: None (edit)

Description Alon Bar-Lev 2015-06-30 02:01:08 EDT

Marking as Improvement although this is a bug that could not be resolved in previous versions due to backward compatibility with existing UIPlugins.

The UIPlugins should use the restapi in stateless mode, avoiding the issues introduced by inactivity, credential management, session lifecycle, resource leak (currently we leak sessions for a very long time as they set to hard limit) and similar.

We discussed that many times, and 4.0 is the time to do that.

The UIPlugin should hand over the http request to the infrastructure so it can add custom headers before request is actually performed.

In most cases the infrastructure will just set the authorization header / plain header with the authentication token.

I also suggest the UIPlugin will hand over the response to the infrastructure so it can extract important information out of it if it likes.

Another option: the infrastructure will actually perform the http request.

Comment 1 vszocs 2015-07-01 11:17:56 EDT

> Another option: the infrastructure will actually perform the http request.

I prefer this option, e.g. expose service to UI plugins for talking with REST API that takes care of specific HTTP request details and processing.

Comment 2 Red Hat Bugzilla Rules Engine 2015-10-19 07:03:05 EDT

Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.

Comment 4 Oved Ourfali 2016-03-16 03:33:42 EDT

Vojtech - we already handled this one, right?

Comment 5 vszocs 2016-03-17 10:42:12 EDT

(In reply to Oved Ourfali from comment #4)
> Vojtech - we already handled this one, right?

Following action items (on me) are needed to close this one:

1, update https://gerrit.ovirt.org/#/c/49278/ according to Ravi's feedback & build Engine with patch applied for verification

2, [virt-viewer integration] verify VM console connect using virt-viewer build from https://bugzilla.redhat.com/show_bug.cgi?id=1286696#c17

3, [UI plugin API change] verify `api.ssoToken()` by writing sample UI plugin, attach the sample UI plugin to BZ for reference

4, ask BZ#1286696 assignee (Christophe) to merge relevant virt-viewer changes & update BZ status accordingly

5, merge https://gerrit.ovirt.org/#/c/49278/ and move this BZ to MODIFIED

6, announce on oVirt devel list breaking change in UI plugin API, provide sample code on how to migrate existing UI plugins to use the new API

Comment 6 vszocs 2016-03-23 10:41 EDT

Created attachment 1139621 [details]
SSO test UI plugin

Attaching sample UI plugin to test the newly introduced `api.ssoToken()` function.

Just extract files into $PREFIX/share/ovirt-engine/ui-plugins (where $PREFIX is usually /usr) and reload WebAdmin in your browser. Engine restart is not necessary.

Comment 7 Sandro Bonazzola 2016-05-02 06:09:18 EDT

Moving from 4.0 alpha to 4.0 beta since 4.0 alpha has been already released and bug is not ON_QA.

Comment 8 Oved Ourfali 2016-05-08 03:07:36 EDT

Vojtech - where do we stand with this one?

Comment 9 vszocs 2016-05-09 10:52:21 EDT

(In reply to Oved Ourfali from comment #8)
> Vojtech - where do we stand with this one?

Waiting for Christophe to verify upstream virt-viewer SSO changes.

Once verified, the process should be:
- merge https://gerrit.ovirt.org/#/c/49278/ & move BZ to MODIFIED
- announce on oVirt devel the breaking change in UI plugin API

We should open another BZ -- once the virt-viewer build [1] lands in Fedora/RHEL(/Win?), update "RemoteViewerSupportedVersions" Engine config value according to [2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1286696
[2] https://gerrit.ovirt.org/#/c/56616/

Comment 10 Oved Ourfali 2016-05-10 01:43:41 EDT

(In reply to vszocs from comment #9)
> (In reply to Oved Ourfali from comment #8)
> > Vojtech - where do we stand with this one?
> 
> Waiting for Christophe to verify upstream virt-viewer SSO changes.
> 
> Once verified, the process should be:
> - merge https://gerrit.ovirt.org/#/c/49278/ & move BZ to MODIFIED
> - announce on oVirt devel the breaking change in UI plugin API
> 
> We should open another BZ -- once the virt-viewer build [1] lands in
> Fedora/RHEL(/Win?), update "RemoteViewerSupportedVersions" Engine config
> value according to [2].
> 
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1286696
> [2] https://gerrit.ovirt.org/#/c/56616/

We need to merge that before feature freeze.
I guess this might get an exception if not, but we should try.

Comment 11 vszocs 2016-05-10 12:13:10 EDT

Update: BZ#1324457 is now ON_QA, fixed in version = libgovirt-0.3.3-2.el7

Comment 14 Petr Matyáš 2016-05-26 06:36:16 EDT

Verified on ovirt-engine-4.0.0-0.0.master.20160523171412.git1a7a1f3.el7.centos.noarch

Comment 15 Sandro Bonazzola 2016-07-05 04:03:46 EDT

oVirt 4.0.0 has been released, closing current release.

Note You need to log in before you can comment on or make changes to this bug.