[ovirt-devel] Important change in UI plugins REST API integration

Vojtech Szocs vszocs at redhat.com
Mon Dec 1 19:26:13 UTC 2014

Hi guys,

an important change in UI plugins REST API integration landed
in both master [1] and 3.5 [2] branches of oVirt Engine repo.

[1] http://gerrit.ovirt.org/#/c/35185/
[2] http://gerrit.ovirt.org/#/c/35248/

Below is a short overview of this change and how it affects
existing UI plugins. Please refer to commit message for more

Situation before

WebAdmin login caused two separate Engine user sessions to
be created: one for WebAdmin GUI itself, one for UI plugins
(using same credentials as entered in WebAdmin login form).
This resulted in two separate "user {user}@{domain} logged"
entries in Engine log.

REST session ID which maps to second Engine user session was
broadcasted to all UI plugins via "RestApiSessionAcquired"
event handler function.

Upon WebAdmin logout, the second Engine user session was not
closed; this was intentional so that any potential 3rd party
systems using above mentioned REST session ID would still work.

Situation after

WebAdmin login causes one Engine user session to be created.
When acquiring REST session for UI plugins, existing Engine
user session is reused via OVIRT-INTERNAL-ENGINE-AUTH-TOKEN
header [3]. There is now only one "user {user}@{domain} logged"
entry in Engine log.

[3] http://gerrit.ovirt.org/#/c/35069/

Acquired REST session ID therefore maps to existing Engine
user session. "RestApiSessionAcquired" API still works as

The only (possibly breaking) change is that upon WebAdmin
logout, REST session ID previously passed to all UI plugins
(upon last login) will not work anymore. While the physical
session (REST webapp HttpSession) might still be active, the
logical session (Engine user / SessionDataContainer) will be
dead, therefore the physical REST session won't work after
WebAdmin logout.

In other words, usability of REST session ID is now strictly
scoped to GUI user being authenticated. If the user logs in,
(always) new REST session ID will be passed to all UI plugins.
If the user logs out, REST session ID will not work anymore.

This is in line with the general concept of UI plugins where
each plugin is "active" (receives API callbacks) *only* when
the GUI user is authenticated. See [4,5] for details.

[4] http://www.ovirt.org/Features/UIPlugins#Plugin_lifecycle
    "Plugin invocation context starts when user logs into WebAdmin and ends when user logs out."

[5] http://www.ovirt.org/Features/UIPlugins#Application_event_reference

Let me know if you have any questions.


More information about the Devel mailing list