From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH manager v4 1/1] api: add guest profile api endpoint
Date: Fri, 17 Nov 2023 12:45:48 +0100 [thread overview]
Message-ID: <20231117114548.3208470-10-d.csapak@proxmox.com> (raw)
In-Reply-To: <20231117114548.3208470-1-d.csapak@proxmox.com>
basic CRUD for the profile section config
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
PVE/API2/Cluster.pm | 7 +
PVE/API2/Cluster/Makefile | 1 +
PVE/API2/Cluster/Profiles.pm | 239 +++++++++++++++++++++++++++++++++++
3 files changed, 247 insertions(+)
create mode 100644 PVE/API2/Cluster/Profiles.pm
diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index 04387ab4..d628df85 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -30,6 +30,7 @@ use PVE::API2::Cluster::Mapping;
use PVE::API2::Cluster::Jobs;
use PVE::API2::Cluster::MetricServer;
use PVE::API2::Cluster::Notifications;
+use PVE::API2::Cluster::Profiles;
use PVE::API2::ClusterConfig;
use PVE::API2::Firewall::Cluster;
use PVE::API2::HAConfig;
@@ -103,6 +104,11 @@ __PACKAGE__->register_method ({
path => 'mapping',
});
+__PACKAGE__->register_method ({
+ subclass => "PVE::API2::Cluster::Profiles",
+ path => 'profiles',
+});
+
if ($have_sdn) {
__PACKAGE__->register_method ({
subclass => "PVE::API2::Network::SDN",
@@ -158,6 +164,7 @@ __PACKAGE__->register_method ({
{ name => 'notifications' },
{ name => 'nextid' },
{ name => 'options' },
+ { name => 'profiles' },
{ name => 'replication' },
{ name => 'resources' },
{ name => 'status' },
diff --git a/PVE/API2/Cluster/Makefile b/PVE/API2/Cluster/Makefile
index b109e5cb..35a3f871 100644
--- a/PVE/API2/Cluster/Makefile
+++ b/PVE/API2/Cluster/Makefile
@@ -9,6 +9,7 @@ PERLSOURCE= \
MetricServer.pm \
Mapping.pm \
Notifications.pm \
+ Profiles.pm \
Jobs.pm \
Ceph.pm
diff --git a/PVE/API2/Cluster/Profiles.pm b/PVE/API2/Cluster/Profiles.pm
new file mode 100644
index 00000000..1631f4bd
--- /dev/null
+++ b/PVE/API2/Cluster/Profiles.pm
@@ -0,0 +1,239 @@
+package PVE::API2::Cluster::Profiles;
+
+use warnings;
+use strict;
+
+use PVE::Tools qw(extract_param extract_sensitive_params);
+use PVE::Exception qw(raise_perm_exc raise_param_exc);
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::RPCEnvironment;
+
+use PVE::Profiles::Plugin;
+use PVE::Profiles::VM;
+use PVE::Profiles::CT;
+
+PVE::Profiles::VM->register();
+PVE::Profiles::CT->register();
+PVE::Profiles::Plugin->init(1);
+
+use PVE::RESTHandler;
+
+use base qw(PVE::RESTHandler);
+
+__PACKAGE__->register_method ({
+ name => 'profile_index',
+ path => '',
+ method => 'GET',
+ description => "List configured guest profiles.",
+ permissions => {
+ user => 'all',
+ description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or".
+ " 'Mapping.Audit' permissions on 'mapping/guest-profile/<id>'.",
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ type => {
+ type => 'string',
+ description => "If set, return only profiles of this type.",
+ optional => 1,
+ enum => ['vm', 'ct'],
+ },
+ },
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => "object",
+ properties => {
+ id => {
+ description => "The ID of the entry.",
+ type => 'string'
+ },
+ type => {
+ description => "Plugin type.",
+ type => 'string',
+ },
+ },
+ },
+ links => [ { rel => 'child', href => "{id}" } ],
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my $res = [];
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+ my $can_see_mapping_privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit'];
+
+ for my $id (sort keys $cfg->{ids}->%*) {
+ next if !$rpcenv->check_any($authuser, "/mapping/guest-profile/$id", $can_see_mapping_privs, 1);
+ my $plugin_config = $cfg->{ids}->{$id};
+ next if defined($param->{type}) && $plugin_config->{type} ne $param->{type};
+ push @$res, {
+ id => $id,
+ type => $plugin_config->{type},
+ 'profile-description' => $plugin_config->{'profile-description'},
+ };
+ }
+
+ return $res;
+ }});
+
+__PACKAGE__->register_method ({
+ name => 'read',
+ path => '{id}',
+ method => 'GET',
+ description => "Read profile configuration.",
+ permissions => {
+ check =>['or',
+ ['perm', '/mapping/guest-profile/{id}', ['Mapping.Use']],
+ ['perm', '/mapping/guest-profile/{id}', ['Mapping.Modify']],
+ ['perm', '/mapping/guest-profile/{id}', ['Mapping.Audit']],
+ ],
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ id => {
+ type => 'string',
+ format => 'pve-configid',
+ },
+ },
+ },
+ returns => { type => 'object' },
+ code => sub {
+ my ($param) = @_;
+
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+ my $id = $param->{id};
+
+ raise_param_exc({id => "no such profile '$id'"}) if !defined($cfg->{ids}->{$id});
+
+ return $cfg->{ids}->{$id};
+ }});
+
+__PACKAGE__->register_method ({
+ name => 'create',
+ path => '{id}',
+ protected => 1,
+ method => 'POST',
+ description => "Create a new profile.",
+ permissions => {
+ check => ['perm', '/mapping/guest-profile', ['Mapping.Modify']],
+ },
+ parameters => PVE::Profiles::Plugin->createSchema(),
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my $type = extract_param($param, 'type');
+ my $plugin = PVE::Profiles::Plugin->lookup($type);
+ my $id = extract_param($param, 'id');
+
+ PVE::Cluster::cfs_lock_file('virtual-guest/profiles.cfg', undef, sub {
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+
+ raise_param_exc({id => "Profile '$id' already exists"})
+ if $cfg->{ids}->{$id};
+
+ my $opts = $plugin->check_config($id, $param, 1, 1);
+
+ $cfg->{ids}->{$id} = $opts;
+
+ PVE::Cluster::cfs_write_file('virtual-guest/profiles.cfg', $cfg);
+ });
+ die $@ if $@;
+
+ return;
+ }});
+
+
+__PACKAGE__->register_method ({
+ name => 'update',
+ protected => 1,
+ path => '{id}',
+ method => 'PUT',
+ description => "Update profile configuration.",
+ permissions => {
+ check => ['perm', '/mapping/guest-profile/{id}', ['Mapping.Modify']],
+ },
+ parameters => PVE::Profiles::Plugin->updateSchema(),
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my $id = extract_param($param, 'id');
+ my $type = extract_param($param, 'type');
+ my $digest = extract_param($param, 'digest');
+ my $delete = extract_param($param, 'delete');
+
+ if ($delete) {
+ $delete = [PVE::Tools::split_list($delete)];
+ }
+
+ PVE::Cluster::cfs_lock_file('virtual-guest/profiles.cfg', undef, sub {
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+
+ PVE::SectionConfig::assert_if_modified($cfg, $digest);
+
+ my $data = $cfg->{ids}->{$id};
+ raise_param_exc({id => "no such profile '$id'"}) if !defined($data);
+ raise_param_exc({type => "wrong type '$type"}) if $type ne $data->{type};
+
+ my $plugin = PVE::Profiles::Plugin->lookup($data->{type});
+ my $opts = $plugin->check_config($id, $param, 0, 1);
+
+ my $options = $plugin->private()->{options}->{$data->{type}};
+ PVE::SectionConfig::delete_from_config($data, $options, $opts, $delete);
+
+ $data->{$_} = $opts->{$_} for keys $opts->%*;
+
+ PVE::Cluster::cfs_write_file('virtual-guest/profiles.cfg', $cfg);
+ });
+ die $@ if $@;
+
+ return;
+ }});
+
+__PACKAGE__->register_method ({
+ name => 'delete',
+ protected => 1,
+ path => '{id}',
+ method => 'DELETE',
+ description => "Remove profile.",
+ permissions => {
+ check => [ 'perm', '/mapping/guest-profile', ['Mapping.Modify']],
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ id => {
+ type => 'string',
+ format => 'pve-configid',
+ },
+ }
+ },
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my $id = $param->{id};
+
+ PVE::Cluster::cfs_lock_file('virtual-guest/profiles.cfg', undef, sub {
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+
+ if ($cfg->{ids}->{$id}) {
+ delete $cfg->{ids}->{$id};
+ }
+
+ PVE::Cluster::cfs_write_file('virtual-guest/profiles.cfg', $cfg);
+ });
+ die $@ if $@;
+
+ return;
+ }});
+
+1;
--
2.30.2
prev parent reply other threads:[~2023-11-17 11:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-17 11:45 [pve-devel] [PATCH cluster/guest-common/qemu-server/container/manager v4] add backend profile support Dominik Csapak
2023-11-17 11:45 ` [pve-devel] [PATCH cluster v4 1/1] add profiles.cfg to cluster fs Dominik Csapak
2023-11-17 13:54 ` [pve-devel] applied: " Thomas Lamprecht
2023-11-17 11:45 ` [pve-devel] [PATCH guest-common v4 1/1] add profiles section config plugin Dominik Csapak
2023-11-17 11:45 ` [pve-devel] [PATCH qemu-server v4 1/3] add the VM profiles plugin Dominik Csapak
2023-11-17 11:45 ` [pve-devel] [PATCH qemu-server v4 2/3] api: add profile option to create vm api call Dominik Csapak
2023-11-17 11:45 ` [pve-devel] [PATCH qemu-server v4 3/3] qm: register and init the profiles plugins Dominik Csapak
2023-11-17 11:45 ` [pve-devel] [PATCH container v4 1/3] add the CT profiles plugin Dominik Csapak
2023-11-17 11:45 ` [pve-devel] [PATCH container v4 2/3] api: add profile option to create ct api call Dominik Csapak
2023-11-17 11:45 ` [pve-devel] [PATCH container v4 3/3] pct: register and init the profiles plugins Dominik Csapak
2023-11-17 11:45 ` Dominik Csapak [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231117114548.3208470-10-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal