Adding the "Filter:true" header to the curl request doesn't change anything. If the user account is not an admin account, I get a 401 status result. So my question still stands, can the REST API be used by a mere, non-admin "mortal" or is it only for administrative functions?
I'm in the process of trying to hook up a different client to a VM managed by ovirt. I can't use the user portal app. So I was trying to use the REST APIs on behalf of a normal, non-admin user to get the list of the authenticating user's VMs and their connection information. Brian On Oct 2, 2012, at 2:15 AM, Itamar Heim wrote: > On 10/02/2012 06:28 AM, Brian Vetter wrote: >> I've done two different things. First, I associated one of my groups in my >> directory with being a VMUser which gave members access to a particular VM. >> If I login with one of those users via the User portal, I can see their VM >> (or VMs if I do more than one). If I use the REST API (or ovirt-shell) using >> this user's account and password, I get an unauthorized error. >> >> Similarly, I have another group that is assigned the DomainManager role. If >> I add this other user to that group, when I login with that user via the >> user portal, I see the advanced portal. If I use the REST-API (using curl) >> or ovirt-shell and use the user's login information, I now am authorized and >> see a list of VMs returned as XML (in the case of curl). >> >> That said, I see all VMs in the system, not just the one assigned to the >> user that logged in. So this makes me think that either the REST API for >> getting the APIs as suggested by the article is an administrative API and >> there is either (a) a different rest API/uri that returns the logged in >> user's vms (the list that would be returned to the portal) or (b) no way to >> get a particular user's list of VMs authenticated as the user. > > you need to specify to the api you want to view things in "user mode" via the > filter header. > Example: > curl -X GET -H "Filter: true" -u user@domain:password > http://[servername]:PORT/api/vms > > > >> >> Brian >> >> On Oct 1, 2012, at 10:49 PM, Yair Zaslavsky wrote: >> >>> Hi Brian, >>> I looked at the wiki - >>> I assume you're referring to the "showVm" part. >>> Have you assigned any permissions to the user that is supposed to view the >>> VMs? >>> I assume you created the VMs with the administrator user, so any other user >>> will require to have a proper permissions in order to view these VMs >>> >>> Yair >>> >>> >>> On 10/02/2012 05:09 AM, Brian Vetter wrote: >>>> I was trying to use both the rest api to view a user's vm information. I >>>> found that the REST APIs always returned an authentication error if the >>>> account I had logged into was not an ovirt administrator. I am guessing >>>> that either (a) I am using the wrong URL in the REST api or (b) you must >>>> be some kind of admin to access the REST APIs. I noticed the same behavior >>>> when I was using the ovirt-shell tool. >>>> >>>> For example, I was trying to follow the instructions in >>>> http://wiki.ovirt.org/wiki/How_to_Connect_to_SPICE_Console_Without_Portal >>>> to get the list of VMs (presumably for the user that is logging in), I get >>>> an unauthorized error. If the user account I login with in the curl or >>>> ovirt-shell connect statement is an admin, I get the list of VMs. >>>> >>>> So my question here is does the REST-API need admin privileges or am I >>>> using a url that requires admin privileges whereas some others don't. And >>>> if it is the latter, is there somewhere that documents the various rest >>>> api resources? For example, to go back to the "How to connect to Spice >>>> console ..." article, how would one use the REST API to fetch one's >>>> virtual machines, their status, and connection info for them? >>>> >>>> Thanks, >>>> >>>> Brian _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
