Hi,
We have a service using which we are clearing the alarms. So audit log uses serviceuser as user who cleared the alarm. Can we use the actual user name of the person who triggered the service from UI to clear the alarm? Can the audit log use the actual username instead of service user?
Not directly, I’m afraid.
Can you elaborate a bit? When is a user using the service and when does the service clear the alarm? Is this just one (1) microservice?
We have a custom microservice built on c#. We have some API’s exposed to use by UI. When UI uses it, By default it is using service user as user who triggered any api. I think this is default behaviour. I want to force microservice to use actual username who triggers it.
Please note We are using cumulocity-clients-dotnet
I haven’t used that library.
But what you want to achieve is certainly possible. Basically, you can get the user’s details (including an auth token) from the inbound API request. You can use this info to submit a request to Cumulocity’s REST API on behalf of that user.
I’d assume that the C# library supports doing something like that.
As an illustrative example, same thing using the Python SDK:
c8y = c8yapp.get_user_instance(headers=request.headers, cookies=request.cookies) logging.info(f"Obtained user instance: tenant: {c8y.tenant_id}, user: {c8y.username}")
devices_json = [{'name': d.name,
'id': d.id,
'type': d.type}
for d in c8y.device_inventory.get_all()]
info_json = {'username': c8y.username, 'devices': devices_json}
return info_json
This code builds a connection from the inbound request headers, uses it to read all devices the user knows of and returns a summary JSON response.
Again, I presume the C# library provides a similar mechanism.
Thanks for the hint Christoph. I’ll try that out.
I have implemented similar to this approach in our shared library. Cumulocity api instance was actually using bootstrap credentials by default. I have now added a scoped instance of the cumulocity apis which uses user credentials from the request.