Bug 1545716 - empty groups in domain users element
Summary: empty groups in domain users element
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: RestAPI
Version: 4.2.1
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ovirt-4.2.2
: ---
Assignee: Ondra Machacek
QA Contact: Petr Matyáš
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-15 14:17 UTC by Lucie Leistnerova
Modified: 2018-03-29 11:11 UTC (History)
4 users (show)

Fixed In Version: ovirt-engine-4.2.2.4
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-29 11:11:42 UTC
oVirt Team: Infra
Embargoed:
rule-engine: ovirt-4.2+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 88037 0 master MERGED Add service to list user groups 2018-02-26 12:09:01 UTC
oVirt gerrit 88038 0 master MERGED restapi: Add link to user to list its groups 2018-03-05 13:02:51 UTC
oVirt gerrit 88175 0 model_4.2 MERGED Add service to list user groups 2018-02-26 12:19:16 UTC
oVirt gerrit 88470 0 master MERGED restapi: Update to model 4.3.8 2018-03-05 13:02:48 UTC
oVirt gerrit 88481 0 ovirt-engine-4.2 MERGED restapi: Update to model 4.2.30 2018-03-05 17:06:23 UTC
oVirt gerrit 88482 0 ovirt-engine-4.2 MERGED restapi: Add link to user to list its groups 2018-03-05 17:06:29 UTC

Description Lucie Leistnerova 2018-02-15 14:17:19 UTC 
Description of problem:
List users in domain returns <groups/> even when the user is member of some group.

Version-Release number of selected component (if applicable):
ovirt-engine-restapi-4.2.1.6-0.1.el7.noarch

How reproducible: always


Steps to Reproduce:
1. create user test
# ovirt-aaa-jdbc-tool user add test
2. create group test_group
# ovirt-aaa-jdbc-tool group add test_group
3. add user to group
# ovirt-aaa-jdbc-tool group-manage useradd test_group --user=test
4. user added
# ovirt-aaa-jdbc-tool group-manage show test_group
Group: test_group(78cd8436-a2ff-4d5e-a72f-698a27277b6a) members:
  User: test
5. get domain users from rest-api (link in result from /domains)
e.g.:
# curl -k -u admin@internal:passwd -H "Prefer: persistent-auth" https://engine/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users

Actual results: empty element <groups>
    <user href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users/32383034373933612D633366662D346438612D386435652D303633343361643834353330" id="32383034373933612D633366662D346438612D386435652D303633343361643834353330">
        <name></name>
        <department></department>
        <email></email>
        <last_name></last_name>
        <namespace>*</namespace>
        <principal>test</principal>
        <user_name>test@internal-authz</user_name>
        <domain href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A" id="696E7465726E616C2D617574687A">
            <name>internal-authz</name>
        </domain>
        <groups/>
    </user>



Expected results: test_group is in <groups> something like:
...
<groups>
  <group><name>test_group</name>...</group>
</groups>
...

Additional info:
no error in log
Comment 1 Petr Matyáš 2018-03-16 15:56:05 UTC 
Using ovirt-engine-4.2.2.4-0.1.el7.noarch

I still get empty groups element even though user is in a group.

I did steps from description, but with:

curl -v -u "admin@internal:passwd" -H "Content-type: application/xml" --insecure -X GET https://engine_url/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users

I still get:

<users>
    <user href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users/63643062333561622D656331302D343562642D623136312D336234636162353734613139" id="63643062333561622D656331302D343562642D623136312D336234636162353734613139">
        <name></name>
        <department></department>
        <email></email>
        <last_name></last_name>
        <namespace>*</namespace>
        <principal>test</principal>
        <user_name>test@internal-authz</user_name>
        <domain href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A" id="696E7465726E616C2D617574687A">
            <name>internal-authz</name>
        </domain>
        <groups/>
    </user>
    <user href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users/31333738303532302D653737382D346264382D613465312D356461653635623331363663" id="31333738303532302D653737382D346264382D613465312D356461653635623331363663">
        <name>admin</name>
        <department></department>
        <email></email>
        <last_name></last_name>
        <namespace>*</namespace>
        <principal>admin</principal>
        <user_name>admin@internal-authz</user_name>
        <domain href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A" id="696E7465726E616C2D617574687A">
            <name>internal-authz</name>
        </domain>
        <groups/>
    </user>
</users>
Comment 2 Ondra Machacek 2018-03-16 16:20:44 UTC 
It was decided to add link to external groups to the /api/users endpoint, so now user can query groups of the users in the system. We didn't decide to fill <groups> element in /api/domain/123/users endpoint as it would be too time consuming.
Comment 3 Petr Matyáš 2018-03-16 16:24:17 UTC 
In that case let's verify this one. I used ovirt-engine-4.2.2.4-0.1.el7.noarch and can list groups correctly from api/users/123/groups, although you need to add the user to RHV to view his groups.
Comment 4 Sandro Bonazzola 2018-03-29 11:11:42 UTC 
This bugzilla is included in oVirt 4.2.2 release, published on March 28th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.2 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.