Re: [ovirt-devel] Important change in UI plugins REST API integration
- Original Message - > From: "Einav Cohen" > To: "Yaniv Dary" > Cc: "Vojtech Szocs" , devel@ovirt.org > Sent: Wednesday, December 3, 2014 3:56:00 PM > Subject: Re: [ovirt-devel] Important change in UI plugins RESTAPI > integration > > > - Original Message - > > From: "Yaniv Dary" > > Sent: Wednesday, December 3, 2014 5:02:19 AM > > > > Does this affect any 3rd parties that implemented UI plugins? > > this affects any UI plugin that utilizes the rest-api-session *generated > by the ui-plugins infrastructure* outside the context of the client/browser; > I.e., plugins that send the ui-plugins-infra-generated-rest-api-session-id > to some (3rd party) server-side (which is not aware of the client's browser/ > web-admin status at all) that performs communication with the engine's rest- > api based on that rest-api-session-id. To explain a bit about REST integration for UI plugins: right upon each successful WebAdmin GUI login, WebAdmin's UI plugin infra will acquire new REST session and pass the REST session ID to all UI plugins through "RestApiSessionAcquired" callback [1]. [1] http://www.ovirt.org/Features/UIPlugins#REST_API_integration Any UI plugin can register "RestApiSessionAcquired" callback handler and be notified of REST session ID. Typically, UI plugin itself can talk with Engine REST API. I assume this covers the majority of all UI plugins utilizing the "RestApiSessionAcquired" callback. These plugins do NOT need to be modified at all. However, passing this (UI plugin & WebAdmin GUI user specific) REST session ID to any 3rd party is generally discouraged since as of 3.5 the REST session won't be usable after WebAdmin GUI user logs out [2]. When GUI user logs in again, new REST session ID will be passed to UI plugins. [2] http://gerrit.ovirt.org/#/c/35185/ > > > Will they need to change anything or is this change more a behaviour change > > only? > > for the plugins that I mentioned above: assuming these plugins would like > retain their functionality and have their server-side perform communication > with the engine's rest-api regardless of the current status of the client's > browser/web-admin (active/logged-in/logged-out/...), they will need to change > their code to obtain their own rest-api-session (to be used by the server- > side), rather than rely on the rest-api-session that was obtained by the ui- > plugins infrastructure for them; the latter should be used *only* for the > plugin's *client*-side communication with the engine's rest-api. Yes. In other words, REST session ID obtained via "RestApiSessionAcquired" callback is scoped to current WebAdmin GUI user. Any 3rd party (outside of UI plugin context) should manage its "own" REST session. > > if these plugins will not change their code as described above - these > plugins' server-side communication with the engine's rest-api will break > upon web-admin logout (which may be an acceptable 'breakage' for some > plugins - this is really up to each ui-plugin author to make this decision). > > all other plugins (i.e. plugins that use the ui-plugins-infra-generated-rest- > api-session only within the client context, plugins that don't use this rest- > api-session at all, etc.) can remain as-is - they will not be affected. > > > > > > > > > Yaniv > > > > - Original Message - > > > From: "Vojtech Szocs" > > > To: "Alon Bar-Lev" > > > Cc: devel@ovirt.org > > > Sent: Tuesday, December 2, 2014 7:12:21 PM > > > Subject: Re: [ovirt-devel] Important change in UI plugins RESTAPI > > > integration > > > > > > > > > > > > - Original Message - > > > > From: "Alon Bar-Lev" > > > > To: "Sven Kieske" > > > > Cc: devel@ovirt.org > > > > Sent: Tuesday, December 2, 2014 9:43:18 AM > > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > > > integration > > > > > > > > > > > > > > > > - Original Message - > > > > > From: "Sven Kieske" > > > > > To: devel@ovirt.org > > > > > Sent: Tuesday, December 2, 2014 10:41:00 AM > > > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > > > > integration > > > > > > > > > > > > > > > > > > > > On 01/12/14 20:26, Vojtech Szocs wrote: > > &g
Re: [ovirt-devel] Important change in UI plugins REST API integration
> - Original Message - > From: "Yaniv Dary" > Sent: Wednesday, December 3, 2014 5:02:19 AM > > Does this affect any 3rd parties that implemented UI plugins? this affects any UI plugin that utilizes the rest-api-session *generated by the ui-plugins infrastructure* outside the context of the client/browser; I.e., plugins that send the ui-plugins-infra-generated-rest-api-session-id to some (3rd party) server-side (which is not aware of the client's browser/ web-admin status at all) that performs communication with the engine's rest- api based on that rest-api-session-id. > Will they need to change anything or is this change more a behaviour change > only? for the plugins that I mentioned above: assuming these plugins would like retain their functionality and have their server-side perform communication with the engine's rest-api regardless of the current status of the client's browser/web-admin (active/logged-in/logged-out/...), they will need to change their code to obtain their own rest-api-session (to be used by the server- side), rather than rely on the rest-api-session that was obtained by the ui- plugins infrastructure for them; the latter should be used *only* for the plugin's *client*-side communication with the engine's rest-api. if these plugins will not change their code as described above - these plugins' server-side communication with the engine's rest-api will break upon web-admin logout (which may be an acceptable 'breakage' for some plugins - this is really up to each ui-plugin author to make this decision). all other plugins (i.e. plugins that use the ui-plugins-infra-generated-rest- api-session only within the client context, plugins that don't use this rest- api-session at all, etc.) can remain as-is - they will not be affected. > > > > Yaniv > > - Original Message - > > From: "Vojtech Szocs" > > To: "Alon Bar-Lev" > > Cc: devel@ovirt.org > > Sent: Tuesday, December 2, 2014 7:12:21 PM > > Subject: Re: [ovirt-devel] Important change in UI plugins RESTAPI > > integration > > > > > > > > - Original Message ----- > > > From: "Alon Bar-Lev" > > > To: "Sven Kieske" > > > Cc: devel@ovirt.org > > > Sent: Tuesday, December 2, 2014 9:43:18 AM > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > > integration > > > > > > > > > > > > - Original Message - > > > > From: "Sven Kieske" > > > > To: devel@ovirt.org > > > > Sent: Tuesday, December 2, 2014 10:41:00 AM > > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > > > integration > > > > > > > > > > > > > > > > On 01/12/14 20:26, Vojtech Szocs wrote: > > > > > In other words, usability of REST session ID is now strictly > > > > > scoped to GUI user being authenticated. If the user logs in, > > > > > (always) new REST session ID will be passed to all UI plugins. > > > > > If the user logs out, REST session ID will not work anymore. > > > > > > > > What if I use just REST for logging in and doing something > > > > without any GUI interaction at all? > > > > This announcement was about UI plugins in WebAdmin. If you use > > Engine REST API without any GUI interaction involved, you aren't > > affected in any way. > > > > > > > > > > this reads a little like: you always need an open web gui > > > > to be able to use REST, which does not make sense at all. > > > > Sorry if my email confused you. It should read like: if you're > > an author of oVirt UI plugin for WebAdmin, please beware that > > REST API session ID (automatically acquired by UI plugin infra > > on behalf of all UI plugins) will not work after GUI logout. > > > > > > > > If you provide your own credentials nothing changed. > > > > > > The change is only effecting RESTAPI usage within the user interface > > > using > > > the credentials obtained interactively from the user within login page. > > > > > > > So I guess I'm misreading this? > > > > > > > > -- > > > > Mit freundlichen Grüßen / Regards > > > > > > > > Sven Kieske > > > > > > > > Systemadministrator > > > > Mittwald CM Service GmbH & Co. KG > > > > K
Re: [ovirt-devel] Important change in UI plugins REST API integration
Does this affect any 3rd parties that implemented UI plugins? Will they need to change anything or is this change more a behaviour change only? Yaniv - Original Message - > From: "Vojtech Szocs" > To: "Alon Bar-Lev" > Cc: devel@ovirt.org > Sent: Tuesday, December 2, 2014 7:12:21 PM > Subject: Re: [ovirt-devel] Important change in UI plugins RESTAPI > integration > > > > - Original Message - > > From: "Alon Bar-Lev" > > To: "Sven Kieske" > > Cc: devel@ovirt.org > > Sent: Tuesday, December 2, 2014 9:43:18 AM > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > integration > > > > > > > > - Original Message - > > > From: "Sven Kieske" > > > To: devel@ovirt.org > > > Sent: Tuesday, December 2, 2014 10:41:00 AM > > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > > integration > > > > > > > > > > > > On 01/12/14 20:26, Vojtech Szocs wrote: > > > > In other words, usability of REST session ID is now strictly > > > > scoped to GUI user being authenticated. If the user logs in, > > > > (always) new REST session ID will be passed to all UI plugins. > > > > If the user logs out, REST session ID will not work anymore. > > > > > > What if I use just REST for logging in and doing something > > > without any GUI interaction at all? > > This announcement was about UI plugins in WebAdmin. If you use > Engine REST API without any GUI interaction involved, you aren't > affected in any way. > > > > > > > this reads a little like: you always need an open web gui > > > to be able to use REST, which does not make sense at all. > > Sorry if my email confused you. It should read like: if you're > an author of oVirt UI plugin for WebAdmin, please beware that > REST API session ID (automatically acquired by UI plugin infra > on behalf of all UI plugins) will not work after GUI logout. > > > > > If you provide your own credentials nothing changed. > > > > The change is only effecting RESTAPI usage within the user interface using > > the credentials obtained interactively from the user within login page. > > > > > So I guess I'm misreading this? > > > > > > -- > > > Mit freundlichen Grüßen / Regards > > > > > > Sven Kieske > > > > > > Systemadministrator > > > Mittwald CM Service GmbH & Co. KG > > > Königsberger Straße 6 > > > 32339 Espelkamp > > > T: +49-5772-293-100 > > > F: +49-5772-293-333 > > > https://www.mittwald.de > > > Geschäftsführer: Robert Meyer > > > St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad > > > Oeynhausen > > > Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad > > > Oeynhausen > > > ___ > > > Devel mailing list > > > Devel@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/devel > > ___ > > Devel mailing list > > Devel@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/devel > ___ > Devel mailing list > Devel@ovirt.org > http://lists.ovirt.org/mailman/listinfo/devel ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] Important change in UI plugins REST API integration
Thanks for your clarification! -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] Important change in UI plugins REST API integration
- Original Message - > From: "Alon Bar-Lev" > To: "Sven Kieske" > Cc: devel@ovirt.org > Sent: Tuesday, December 2, 2014 9:43:18 AM > Subject: Re: [ovirt-devel] Important change in UI plugins RESTAPI > integration > > > > - Original Message - > > From: "Sven Kieske" > > To: devel@ovirt.org > > Sent: Tuesday, December 2, 2014 10:41:00 AM > > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > > integration > > > > > > > > On 01/12/14 20:26, Vojtech Szocs wrote: > > > In other words, usability of REST session ID is now strictly > > > scoped to GUI user being authenticated. If the user logs in, > > > (always) new REST session ID will be passed to all UI plugins. > > > If the user logs out, REST session ID will not work anymore. > > > > What if I use just REST for logging in and doing something > > without any GUI interaction at all? This announcement was about UI plugins in WebAdmin. If you use Engine REST API without any GUI interaction involved, you aren't affected in any way. > > > > this reads a little like: you always need an open web gui > > to be able to use REST, which does not make sense at all. Sorry if my email confused you. It should read like: if you're an author of oVirt UI plugin for WebAdmin, please beware that REST API session ID (automatically acquired by UI plugin infra on behalf of all UI plugins) will not work after GUI logout. > > If you provide your own credentials nothing changed. > > The change is only effecting RESTAPI usage within the user interface using > the credentials obtained interactively from the user within login page. > > > So I guess I'm misreading this? > > > > -- > > Mit freundlichen Grüßen / Regards > > > > Sven Kieske > > > > Systemadministrator > > Mittwald CM Service GmbH & Co. KG > > Königsberger Straße 6 > > 32339 Espelkamp > > T: +49-5772-293-100 > > F: +49-5772-293-333 > > https://www.mittwald.de > > Geschäftsführer: Robert Meyer > > St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen > > Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen > > ___ > > Devel mailing list > > Devel@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/devel > ___ > Devel mailing list > Devel@ovirt.org > http://lists.ovirt.org/mailman/listinfo/devel ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] Important change in UI plugins REST API integration
- Original Message - > From: "Sven Kieske" > To: devel@ovirt.org > Sent: Tuesday, December 2, 2014 10:41:00 AM > Subject: Re: [ovirt-devel] Important change in UI plugins REST API > integration > > > > On 01/12/14 20:26, Vojtech Szocs wrote: > > In other words, usability of REST session ID is now strictly > > scoped to GUI user being authenticated. If the user logs in, > > (always) new REST session ID will be passed to all UI plugins. > > If the user logs out, REST session ID will not work anymore. > > What if I use just REST for logging in and doing something > without any GUI interaction at all? > > this reads a little like: you always need an open web gui > to be able to use REST, which does not make sense at all. If you provide your own credentials nothing changed. The change is only effecting RESTAPI usage within the user interface using the credentials obtained interactively from the user within login page. > So I guess I'm misreading this? > > -- > Mit freundlichen Grüßen / Regards > > Sven Kieske > > Systemadministrator > Mittwald CM Service GmbH & Co. KG > Königsberger Straße 6 > 32339 Espelkamp > T: +49-5772-293-100 > F: +49-5772-293-333 > https://www.mittwald.de > Geschäftsführer: Robert Meyer > St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen > Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen > ___ > Devel mailing list > Devel@ovirt.org > http://lists.ovirt.org/mailman/listinfo/devel ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] Important change in UI plugins REST API integration
On 01/12/14 20:26, Vojtech Szocs wrote: > In other words, usability of REST session ID is now strictly > scoped to GUI user being authenticated. If the user logs in, > (always) new REST session ID will be passed to all UI plugins. > If the user logs out, REST session ID will not work anymore. What if I use just REST for logging in and doing something without any GUI interaction at all? this reads a little like: you always need an open web gui to be able to use REST, which does not make sense at all. So I guess I'm misreading this? -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
[ovirt-devel] Important change in UI plugins REST API integration
Hi guys,
an important change in UI plugins REST API integration landed
in both master [1] and 3.5 [2] branches of oVirt Engine repo.
[1] http://gerrit.ovirt.org/#/c/35185/
[2] http://gerrit.ovirt.org/#/c/35248/
Below is a short overview of this change and how it affects
existing UI plugins. Please refer to commit message for more
details.
Situation before
WebAdmin login caused two separate Engine user sessions to
be created: one for WebAdmin GUI itself, one for UI plugins
(using same credentials as entered in WebAdmin login form).
This resulted in two separate "user {user}@{domain} logged"
entries in Engine log.
REST session ID which maps to second Engine user session was
broadcasted to all UI plugins via "RestApiSessionAcquired"
event handler function.
Upon WebAdmin logout, the second Engine user session was not
closed; this was intentional so that any potential 3rd party
systems using above mentioned REST session ID would still work.
Situation after
===
WebAdmin login causes one Engine user session to be created.
When acquiring REST session for UI plugins, existing Engine
user session is reused via OVIRT-INTERNAL-ENGINE-AUTH-TOKEN
header [3]. There is now only one "user {user}@{domain} logged"
entry in Engine log.
[3] http://gerrit.ovirt.org/#/c/35069/
Acquired REST session ID therefore maps to existing Engine
user session. "RestApiSessionAcquired" API still works as
expected.
The only (possibly breaking) change is that upon WebAdmin
logout, REST session ID previously passed to all UI plugins
(upon last login) will not work anymore. While the physical
session (REST webapp HttpSession) might still be active, the
logical session (Engine user / SessionDataContainer) will be
dead, therefore the physical REST session won't work after
WebAdmin logout.
In other words, usability of REST session ID is now strictly
scoped to GUI user being authenticated. If the user logs in,
(always) new REST session ID will be passed to all UI plugins.
If the user logs out, REST session ID will not work anymore.
This is in line with the general concept of UI plugins where
each plugin is "active" (receives API callbacks) *only* when
the GUI user is authenticated. See [4,5] for details.
[4] http://www.ovirt.org/Features/UIPlugins#Plugin_lifecycle
"Plugin invocation context starts when user logs into WebAdmin and ends
when user logs out."
[5] http://www.ovirt.org/Features/UIPlugins#Application_event_reference
Let me know if you have any questions.
Regards,
Vojtech
___
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel
