Bug 1472418 - [RFE] Allow user to get user ID in REST API
Summary: [RFE] Allow user to get user ID in REST API
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: RestAPI
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ovirt-4.2.0
: 4.2.0
Assignee: Ori Liel
QA Contact: samuel macko
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-18 16:43 UTC by jniederm
Modified: 2017-12-20 11:03 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-20 11:03:17 UTC
oVirt Team: Infra
Embargoed:
mperina: ovirt-4.2?
pstehlik: testing_plan_complete-
rule-engine: planning_ack?
mperina: devel_ack+
pstehlik: testing_ack+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 83477 0 master MERGED restapi: Add link to authenticated user 2017-11-13 09:46:05 UTC
oVirt gerrit 83752 0 master MERGED restapi: Update to model 4.2.24 and metamodel 1.2.12 2017-11-08 11:02:43 UTC
oVirt gerrit 83762 0 master MERGED Update to model 4.2.24 2017-11-08 10:52:39 UTC

Description jniederm 2017-07-18 16:43:58 UTC 
It would be nice to allow REST API users to get their user ID. It can come handy for example when managing own ssh public keys (http://ovirt.github.io/ovirt-engine-api-model/master/#types/user).

It may be represented for example like a link

GET /api

...
<link href="/api/users/{currentUserId}" rel="currentUser" />
...

or magic user id

GET /api/users/me
Comment 1 Juan Hernández 2017-07-18 16:55:41 UTC 
This makes sense to me, as it has been requested already more than once. I'd suggest to implement it as an attribute inside the 'Api' type:

  GET /ovirt-engine/api

  <api>
    <authenticated_user href="/ovirt-engine/api/users/123"/>
    ...
  </api>

Note that we will probably want to support user impersonation in the future. This should be clearly documented as the user that was authenticated. If/when we implement impersonation, then we can add another link:

  <api>
    <authenticated_user href="/ovirt-engine/api/users/123"/>
    <effective_user href="/ovirt-engine/api/users/456"/>
    ...
  </api>

In this potential future scenario the actual permissions in effect will be those of user 456, not of user 123, so it may be better to add both attributes from the very beginning, even if they will initially have the same value.
Comment 2 Juan Hernández 2017-07-18 16:57:34 UTC 
Jakub, can you elaborate a bit on what is the use case for this? I mean, why it is needed or convenient. That would help when deciding if/when this should be implemented.
Comment 3 jniederm 2017-07-18 17:48:15 UTC 
Sure. We come across the issue of (not) having a user ID while trying to implement public ssh keys management in web-ui project (a userportal replacement, https://github.com/oVirt/ovirt-web-ui/). The id is necessary to manage any resources linked from user entity: sshpublickeys, permissions, tags, roles. According to documentation (http://ovirt.github.io/ovirt-engine-api-model/master/#types/user) it's also domain and groups.
Comment 5 samuel macko 2017-12-06 15:38:55 UTC 
Verified in ovirt version 4.2.0-0.5.master.el7.

Tested with:
  GET /ovirt-engine/api/

Result:
<api>
  ...
  <authenticated_user href="/ovirt-engine/api/users/..." id="..."/>
  <effective_user href="/ovirt-engine/api/users/..." id="..."/>
</api>
Comment 6 Sandro Bonazzola 2017-12-20 11:03:17 UTC 
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017.

Since the problem described in this bug report should be
resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.