wants to merge 10 commits into


None yet

3 participants

zli commented May 2, 2013

Must pull together with some changes in other repository! Please see the comment for instruction.

zli added some commits Feb 25, 2013
@zli zli CI-44: Add an extra field "originator" to session object.
This is a key string used for distinguishing different API users sharing the same login name.

Signed-off-by: Zheng Li <>
@zli zli CI-44: Add the originator param to XAPI session creation
Signed-off-by: Zheng Li <>
@zli zli CI-44: update internal uses of login_with_password with the originato…
…r param

Signed-off-by: Zheng Li <>
@zli zli CI-44: update external components and tests with the new originator p…

Signed-off-by: Zheng Li <>
@zli zli CI-44: Add max_sessions_per_originator config
Signed-off-by: Zheng Li <>
@zli zli CI-44: update session create/destory rbac audit functions
Based on some previous patches from Thomas Sanders.

Signed-off-by: Zheng Li <>
@zli zli CI-44: it seems making better sense to expire tasks before sessions
Signed-off-by: Zheng Li <>
@zli zli CI-44: add max_sessions_per_user_name config variable
Signed-off-by: Zheng Li <>
@zli zli CI-44: expire sessions based on username/originator specific quota
Based on some previous patches by Thomas Sanders.

The current algorithm is implemented as follows:

  * For sessions with their own auth_user_name (other than "root"/""), they will use their independent session quota (Xapi_globs.max_sessions_per_user_name) grouped by their auth_user_name. This can happen in following cases:
    - The session creator uses an external authentication method where the username is not the default
    - The session creator is logged in as local super user (hence no username/password authentication required) but still chooses to pass an independent username argument in purpose (e.g. vmpr, sm)

  * Sessions without independent auth_user_name (e.g. without RBAC, most external API users will have to share the same super user login) can still distiguish themselves using the new "originator" param during session creation. For sessions created with the optional "originator" argument, they will use their independent session quota (Xapi_globs.max_sessions_per_originator) grouped by their originator key.

  * All the rest sessions are in the common session pool, as before, sharing the default session quota (Xapi_globs.max_sessions). Among them, internal sessions will have higher prioirty than the external ones.

Signed-off-by: Zheng Li <>
@zli zli Bump API version number
... due to the incompatible change on the Session.login_with_password signature etc.

Xapi_globs.xencenter_min_verstring is kept unchanged and should probably wait until XenCenter changes get in.

Signed-off-by: Zheng Li <>
zli commented May 2, 2013

This set of changes must be merged in batch with some changes in other repositories, otherwise the build will break. The list of changes to go together with this pull request are as follows (the source is trunk):

  • v6d.git: 7c1462d
  • guest-templates.hg: 7d273885a5d8338e7e79fe6fcedce80220b9fd6d
  • perf-tools.hg: eef7060da576f264645cbf9d0f756cd9506dd6db

Moreover, you'll need to ask Tina to pull up to the tip of api-bindings.hg from trunk to clearwater soon after these changes get in (or sync with her to make the move at the same time).

Sorry about the inconvenience as this is unfortunately an incompatible changes on interface.

zli commented May 10, 2013

Didn't make it into clearwater 👎 , so please leave this one out.


Let's just close it then.

@jonludlam jonludlam closed this May 10, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment