From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 2D50D1FF15C
	for <inbox@lore.proxmox.com>; Fri, 14 Nov 2025 16:03:54 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 3B4241695D;
	Fri, 14 Nov 2025 16:04:49 +0100 (CET)
Message-ID: <0d6234fa-ed0c-4a52-8776-afe0ea2c09ed@proxmox.com>
Date: Fri, 14 Nov 2025 16:04:16 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird Beta
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Dominik Csapak <d.csapak@proxmox.com>
References: <20251114144225.3639124-1-d.csapak@proxmox.com>
 <20251114144225.3639124-3-d.csapak@proxmox.com>
Content-Language: en-US
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
In-Reply-To: <20251114144225.3639124-3-d.csapak@proxmox.com>
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1763132629518
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.023 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH common v3 1/1] json schema/rest environment:
 add 'expose_credentials' option
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Am 14.11.25 um 15:42 schrieb Dominik Csapak:
> this is used to mark api calls to have access to the credentials
> of the connection (token/ticket/etc.).
> 
> For that we also expose a 'set/get_credentials' call on the
> RESTEnvironment.
> 
> This must be set in the http/cli handler.
> 

Many thanks for fleshing this out!

Some generic workflow thing:
Not that I have a need for my name to turn up even more in git log, I'd
strongly recommend to add trailers like co-authored or originally-by when
taking over such code/ideas. Partially its to pay credits, but more
importantly (at least for me) it's to know the ones that where involved
with coming up with this, and thus one can, e.g., ask about and
potentially also know about the original/other use cases, and these
reference, while not very often needed, can be worth a lot once they
are needed.

Depending on the changes it doesn't have to be a trailer, one might also
include a link to e.g. the mailing list discussion or a simple "this was
suggested by ... as they wanted to have it for ...".
Not a big thing (especially not for me for this specific case ;)), I
just would like us all to pay a bit more attention to these details, it
gets more relevant the more devs we become.

> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
> new in v3
>  src/PVE/JSONSchema.pm      |  8 ++++++++
>  src/PVE/RESTEnvironment.pm | 14 ++++++++++++++
>  2 files changed, 22 insertions(+)
> 
> diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
> index c6e0f36..8278899 100644
> --- a/src/PVE/JSONSchema.pm
> +++ b/src/PVE/JSONSchema.pm
> @@ -1850,6 +1850,14 @@ my $method_schema = {
>              description => "Method needs special privileges - only pvedaemon can execute it",
>              optional => 1,
>          },
> +        expose_credentials => {
> +            type => 'boolean',
> +            description => "Method needs access to the connecting users credentials (ticker or"
> +                . " token), so it will be exposed through the RPC environment. Useful to avoid"
> +                . " setting 'protected' when one needs to (manually) proxy to other cluster nodes."
> +                . " nodes in the handler.",
> +            optional => 1,
> +        },
>          allowtoken => {
>              type => 'boolean',
>              description => "Method is available for clients authenticated using an API token.",
> diff --git a/src/PVE/RESTEnvironment.pm b/src/PVE/RESTEnvironment.pm
> index 7695850..d597557 100644
> --- a/src/PVE/RESTEnvironment.pm
> +++ b/src/PVE/RESTEnvironment.pm
> @@ -235,6 +235,20 @@ sub get_user {
>      die "user name not set\n";
>  }
>  
> +sub set_credentials {
> +    my ($self, $credentials) = @_;
> +
> +    $self->{credentials} = $credentials;
> +}
> +
> +sub get_credentials {
> +    my ($self, $noerr) = @_;
> +
> +    return $self->{credentials} if defined($self->{credentials}) || $noerr;
> +
> +    die "credentials not set\n";
> +}
> +
>  sub set_u2f_challenge {
>      my ($self, $challenge) = @_;
>  



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel