Description of problem: List users in domain returns <groups/> even when the user is member of some group. Version-Release number of selected component (if applicable): ovirt-engine-restapi-4.2.1.6-0.1.el7.noarch How reproducible: always Steps to Reproduce: 1. create user test # ovirt-aaa-jdbc-tool user add test 2. create group test_group # ovirt-aaa-jdbc-tool group add test_group 3. add user to group # ovirt-aaa-jdbc-tool group-manage useradd test_group --user=test 4. user added # ovirt-aaa-jdbc-tool group-manage show test_group Group: test_group(78cd8436-a2ff-4d5e-a72f-698a27277b6a) members: User: test 5. get domain users from rest-api (link in result from /domains) e.g.: # curl -k -u admin@internal:passwd -H "Prefer: persistent-auth" https://engine/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users Actual results: empty element <groups> <user href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users/32383034373933612D633366662D346438612D386435652D303633343361643834353330" id="32383034373933612D633366662D346438612D386435652D303633343361643834353330"> <name></name> <department></department> <email></email> <last_name></last_name> <namespace>*</namespace> <principal>test</principal> <user_name>test@internal-authz</user_name> <domain href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A" id="696E7465726E616C2D617574687A"> <name>internal-authz</name> </domain> <groups/> </user> Expected results: test_group is in <groups> something like: ... <groups> <group><name>test_group</name>...</group> </groups> ... Additional info: no error in log
Using ovirt-engine-4.2.2.4-0.1.el7.noarch I still get empty groups element even though user is in a group. I did steps from description, but with: curl -v -u "admin@internal:passwd" -H "Content-type: application/xml" --insecure -X GET https://engine_url/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users I still get: <users> <user href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users/63643062333561622D656331302D343562642D623136312D336234636162353734613139" id="63643062333561622D656331302D343562642D623136312D336234636162353734613139"> <name></name> <department></department> <email></email> <last_name></last_name> <namespace>*</namespace> <principal>test</principal> <user_name>test@internal-authz</user_name> <domain href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A" id="696E7465726E616C2D617574687A"> <name>internal-authz</name> </domain> <groups/> </user> <user href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A/users/31333738303532302D653737382D346264382D613465312D356461653635623331363663" id="31333738303532302D653737382D346264382D613465312D356461653635623331363663"> <name>admin</name> <department></department> <email></email> <last_name></last_name> <namespace>*</namespace> <principal>admin</principal> <user_name>admin@internal-authz</user_name> <domain href="/ovirt-engine/api/domains/696E7465726E616C2D617574687A" id="696E7465726E616C2D617574687A"> <name>internal-authz</name> </domain> <groups/> </user> </users>
It was decided to add link to external groups to the /api/users endpoint, so now user can query groups of the users in the system. We didn't decide to fill <groups> element in /api/domain/123/users endpoint as it would be too time consuming.
In that case let's verify this one. I used ovirt-engine-4.2.2.4-0.1.el7.noarch and can list groups correctly from api/users/123/groups, although you need to add the user to RHV to view his groups.
This bugzilla is included in oVirt 4.2.2 release, published on March 28th 2018. Since the problem described in this bug report should be resolved in oVirt 4.2.2 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.