[libvirt] VMware driver: SessionIsActive API / Sessions.ValidateSession permission

The VMware driver currently calls the SessionIsActive API, which requires the vCenter Sessions.ValidateSession permission. https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/esx/esx_vi.c;h=af822b... This causes a problem that you have to give this permission to any libvirt client accessing VMware, and you have to give it from the very top level of vCenter, all the way down through the Cluster, Folder, hypervisor levels. This has caused a bit of pushback from virt-v2v users who consider that the SessionIsActive API is an "admin" API which they don't want to give out to roles using v2v. Is calling SessionIsActive necessary? From my (very limited) understanding, it seems as if we might use 'SessionManager. currentSession' property instead, which doesn't require admin permissions. Actually the code [see link above] already does this when ctx->hasSessionIsActive is false, but that doesn't apply to modern vCenter. See also https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=5699034b65afd49d91d... which doesn't really explain why this was added. Also, why is it even necessary to check if the session is active here? Shouldn't we just log in unconditionally? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org