[Engine-devel] UI Plugins: issue with REST API keep-alive heartbeat fixed

[Vojtech Szocs]

Hi guys,

just a quick update, recently we fixed an issue [1] with UI Plugin REST API integration trying to keep-alive the current REST API session, which was causing repeated "User logged in" events in GUI, along with new REST API session created each time the heartbeat request was fired. Please refer to commit message for more details on this issue.

There are some things to be aware of with regard to UI Plugin REST API integration:
- all plugins still receive a single session ID based on WebAdmin user credentials, i.e. keep the current "single-admin-session-for-all-plugins" behavior
- session timeout is set to 6 hours --> 2x more than default REST API session timeout
- WebAdmin will *not* try to keep-alive the session via periodic heartbeat requests, i.e. break the current "keep-session-alive-while-user-stays-authenticated" behavior

In practice, this means that after a user logs into WebAdmin, if no plugin interacts with the REST API session via provided ID for more than 6 hours, the session will time-out eventually. Unfortunately, for now, we can't support the session keep-alive mechanism due to issues with HTTP 'Authorization' header handling in web browsers, but with RFE [2] it would be possible to re-implement the session keep-alive mechanism.

On the other hand, we'll most likely revisit the current "single-admin-session-for-all-plugins" behavior in future, i.e. have special Engine users created for use with UI Plugin REST API integration, with permissions of such users under control by the admin. This would change the current behavior to something like "separate-user-session-for-each-plugin", with individual plugins able to create their own REST API session on demand.

Regards,
Vojtech

[1] http://gerrit.ovirt.org/#/c/14411/