Bug 1472418 - [RFE] Allow user to get user ID in REST API
[RFE] Allow user to get user ID in REST API
Status: CLOSED CURRENTRELEASE
Product: ovirt-engine
Classification: oVirt
Component: RestAPI (Show other bugs)
4.2.0
Unspecified Unspecified
low Severity medium (vote)
: ovirt-4.2.0
: 4.2.0
Assigned To: Ori Liel
samuel macko
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-18 12:43 EDT by jniederm
Modified: 2017-12-20 06:03 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-12-20 06:03:17 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mperina: ovirt‑4.2?
pstehlik: testing_plan_complete-
rule-engine: planning_ack?
mperina: devel_ack+
pstehlik: testing_ack+


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 83477 master MERGED restapi: Add link to authenticated user 2017-11-13 04:46 EST
oVirt gerrit 83752 master MERGED restapi: Update to model 4.2.24 and metamodel 1.2.12 2017-11-08 06:02 EST
oVirt gerrit 83762 master MERGED Update to model 4.2.24 2017-11-08 05:52 EST

  None (edit)
Description jniederm 2017-07-18 12:43:58 EDT
It would be nice to allow REST API users to get their user ID. It can come handy for example when managing own ssh public keys (http://ovirt.github.io/ovirt-engine-api-model/master/#types/user).

It may be represented for example like a link

GET /api

...
<link href="/api/users/{currentUserId}" rel="currentUser" />
...

or magic user id

GET /api/users/me
Comment 1 Juan Hernández 2017-07-18 12:55:41 EDT
This makes sense to me, as it has been requested already more than once. I'd suggest to implement it as an attribute inside the 'Api' type:

  GET /ovirt-engine/api

  <api>
    <authenticated_user href="/ovirt-engine/api/users/123"/>
    ...
  </api>

Note that we will probably want to support user impersonation in the future. This should be clearly documented as the user that was authenticated. If/when we implement impersonation, then we can add another link:

  <api>
    <authenticated_user href="/ovirt-engine/api/users/123"/>
    <effective_user href="/ovirt-engine/api/users/456"/>
    ...
  </api>

In this potential future scenario the actual permissions in effect will be those of user 456, not of user 123, so it may be better to add both attributes from the very beginning, even if they will initially have the same value.
Comment 2 Juan Hernández 2017-07-18 12:57:34 EDT
Jakub, can you elaborate a bit on what is the use case for this? I mean, why it is needed or convenient. That would help when deciding if/when this should be implemented.
Comment 3 jniederm 2017-07-18 13:48:15 EDT
Sure. We come across the issue of (not) having a user ID while trying to implement public ssh keys management in web-ui project (a userportal replacement, https://github.com/oVirt/ovirt-web-ui/). The id is necessary to manage any resources linked from user entity: sshpublickeys, permissions, tags, roles. According to documentation (http://ovirt.github.io/ovirt-engine-api-model/master/#types/user) it's also domain and groups.
Comment 5 samuel macko 2017-12-06 10:38:55 EST
Verified in ovirt version 4.2.0-0.5.master.el7.

Tested with:
  GET /ovirt-engine/api/

Result:
<api>
  ...
  <authenticated_user href="/ovirt-engine/api/users/..." id="..."/>
  <effective_user href="/ovirt-engine/api/users/..." id="..."/>
</api>
Comment 6 Sandro Bonazzola 2017-12-20 06:03:17 EST
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017.

Since the problem described in this bug report should be
resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.