From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 070BD1FF13C for ; Thu, 19 Mar 2026 13:26:19 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8396B1D579; Thu, 19 Mar 2026 13:26:33 +0100 (CET) Date: Thu, 19 Mar 2026 13:26:26 +0100 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= Subject: partially-applied: [PATCH proxmox{-backup,,-datacenter-manager} v7 00/11] token-shadow: reduce api token verification overhead To: pbs-devel@lists.proxmox.com, Samuel Rufinatscha References: <20260312103708.125282-1-s.rufinatscha@proxmox.com> In-Reply-To: <20260312103708.125282-1-s.rufinatscha@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.17.0 (https://github.com/astroidmail/astroid) Message-Id: <1773921586.9wosknv4cp.astroid@yuna.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1773923146476 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.055 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 6LEJR5DXFNDF4IKQTVXITMFIRA6QVWIL X-Message-ID-Hash: 6LEJR5DXFNDF4IKQTVXITMFIRA6QVWIL X-MailFrom: f.gruenbichler@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On March 12, 2026 11:36 am, Samuel Rufinatscha wrote: > Hi, > > [..] >=20 > Patch summary >=20 > pbs-config: > 0001 =E2=80=93 pbs-config: add token.shadow generation to ConfigVersionCa= che > 0002 =E2=80=93 pbs-config: cache verified API token secrets > 0003 =E2=80=93 pbs-config: invalidate token-secret cache on token.shadow > changes > 0004 =E2=80=93 pbs-config: add TTL window to token-secret cache applied these, with some follow-ups as discussed off-list > proxmox-access-control: > 0005 =E2=80=93 access-control: extend AccessControlConfig for token.shado= w invalidation > 0006 =E2=80=93 access-control: cache verified API token secrets > 0007 =E2=80=93 access-control: invalidate token-secret cache on token.sha= dow changes > 0008 =E2=80=93 access-control: add TTL window to token-secret cache >=20 > proxmox-datacenter-manager: > 0009 =E2=80=93 pdm-config: add token.shadow generation to ConfigVersionCa= che > 0010 =E2=80=93 docs: document API token-cache TTL effects > 0011 =E2=80=93 pdm-config: wire user+acl cache generation skipped these for now - I think the split between the traits there makes things a bit too intertwined while sort of pretending they are separate. we probably would have noticed earlier that things aren't cleanly separated if PDM had wired up user.cfg/acl.cfg caching ;) we should probably split the two traits completely, instead of nesting: - one for the ACL-related parts needed by the UI, guarded by the `acl` feature - one for the user.cfg/token.shadow and caching related parts, guarded by the `impl` feature with an `init` call each consuming them (or one consuming the acl one, and second impl-one consuming both?). neither of these traits is used by the product code itself, except for implementing them to tell proxmox-access-control about product-specific bits, so having two traits allows properly separating the concerns on the product side. it would probably also make sense to include the follow-ups (which are mostly renaming things) to make it easier to at some point switch the PBS code over to proxmox-access-control.. > Maintainer Notes: > * proxmox-access-control trait split: permissions now live in > AccessControlPermissions, and AccessControlConfig now requires > fn permissions(&self) -> &dyn AccessControlPermissions -> > version bump > * Renames ConfigVersionCache`s pub user_cache_generation and > increase_user_cache_generation -> version bump > * Adds parking_lot::RwLock dependency in PBS and proxmox-access-control >=20 > This version and the version before only incorporate the reviewers' > feedback [4][5][6], also please consider Christian's R-b tag [4]. >=20 > [1] https://bugzilla.proxmox.com/show_bug.cgi?id=3D7017 > [2] attachment 1767 [1]: Flamegraph showing the proxmox_sys::crypt::verif= y_crypt_pw stack > [3] https://bugzilla.proxmox.com/show_bug.cgi?id=3D6049 > [4] https://lore.proxmox.com/pbs-devel/20260121151408.731516-1-s.rufinats= cha@proxmox.com/T/#t > [5] https://lore.proxmox.com/pbs-devel/20260217111229.78661-1-s.rufinatsc= ha@proxmox.com/T/#t > [6] https://lore.proxmox.com/pbs-devel/725687dd-5a35-41ed-af62-6dc9f062cb= d4@proxmox.com/T/#t >=20 > proxmox-backup: >=20 > Samuel Rufinatscha (4): > pbs-config: add token.shadow generation to ConfigVersionCache > pbs-config: cache verified API token secrets > pbs-config: invalidate token-secret cache on token.shadow changes > pbs-config: add TTL window to token secret cache >=20 > Cargo.toml | 1 + > docs/user-management.rst | 4 + > pbs-config/Cargo.toml | 1 + > pbs-config/src/config_version_cache.rs | 18 ++ > pbs-config/src/token_shadow.rs | 314 ++++++++++++++++++++++++- > 5 files changed, 335 insertions(+), 3 deletions(-) >=20 >=20 > proxmox: >=20 > Samuel Rufinatscha (4): > proxmox-access-control: split AccessControlConfig and add token.shadow > gen > proxmox-access-control: cache verified API token secrets > proxmox-access-control: invalidate token-secret cache on token.shadow > changes > proxmox-access-control: add TTL window to token secret cache >=20 > Cargo.toml | 1 + > proxmox-access-control/Cargo.toml | 1 + > proxmox-access-control/src/acl.rs | 10 +- > proxmox-access-control/src/init.rs | 113 ++++++-- > proxmox-access-control/src/token_shadow.rs | 315 ++++++++++++++++++++- > 5 files changed, 413 insertions(+), 27 deletions(-) >=20 >=20 > proxmox-datacenter-manager: >=20 > Samuel Rufinatscha (3): > pdm-config: implement token.shadow generation > docs: document API token-cache TTL effects > pdm-config: wire user+acl cache generation >=20 > cli/admin/src/main.rs | 2 +- > docs/access-control.rst | 4 +++ > lib/pdm-api-types/src/acl.rs | 4 +-- > lib/pdm-config/Cargo.toml | 1 + > lib/pdm-config/src/access_control.rs | 31 ++++++++++++++++++++ > lib/pdm-config/src/config_version_cache.rs | 34 +++++++++++++++++----- > lib/pdm-config/src/lib.rs | 2 ++ > server/src/acl.rs | 3 +- > ui/src/main.rs | 10 ++++++- > 9 files changed, 77 insertions(+), 14 deletions(-) > create mode 100644 lib/pdm-config/src/access_control.rs >=20 >=20 > Summary over all repositories: > 19 files changed, 825 insertions(+), 44 deletions(-) >=20 > --=20 > Generated by git-murpp 0.8.1 >=20 >=20 >=20 >=20 >=20