all lists on lists.proxmox.com
 help / color / mirror / Atom feed
From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH manager 6/9] pve8to9: remove outdated checks for user roles
Date: Thu, 17 Jul 2025 15:36:54 +0200	[thread overview]
Message-ID: <20250717133711.84715-7-f.ebner@proxmox.com> (raw)
In-Reply-To: <20250717133711.84715-1-f.ebner@proxmox.com>

These checks were only relevant for the upgrade to PVE 8 and the
messages talking about a new PVE namespace or dropped
Permission.Modify privilege do not apply anymore.

Keep the infrastructure for checking custom roles intact for future
checks.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 PVE/CLI/pve8to9.pm | 32 ++++++--------------------------
 1 file changed, 6 insertions(+), 26 deletions(-)

diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm
index eb6d67e5..0c7cb97f 100644
--- a/PVE/CLI/pve8to9.pm
+++ b/PVE/CLI/pve8to9.pm
@@ -760,41 +760,21 @@ sub check_custom_pool_roles {
             for my $priv (split_list($privlist)) {
                 $roles->{$role}->{$priv} = 1;
             }
-        } elsif ($et eq 'acl') {
-            my ($propagate, $pathtxt, $uglist, $rolelist) = @data;
-            for my $role (split_list($rolelist)) {
-                if ($role eq 'PVESysAdmin' || $role eq 'PVEAdmin') {
-                    log_warn(
-                        "found ACL entry on '$pathtxt' for '$uglist' with role '$role' - this role"
-                            . " will no longer have 'Permissions.Modify' after the upgrade!");
-                }
-            }
         }
     }
 
-    log_info("Checking custom role IDs for clashes with new 'PVE' namespace..");
-    my ($custom_roles, $pve_namespace_clashes) = (0, 0);
+    log_info("Checking custom role IDs");
+    my ($custom_roles, $need_handling) = (0, 0);
     for my $role (sort keys %{$roles}) {
         next if PVE::AccessControl::role_is_special($role);
         $custom_roles++;
-
-        if ($role =~ /^PVE/i) {
-            log_warn("custom role '$role' clashes with 'PVE' namespace for built-in roles");
-            $pve_namespace_clashes++;
-        }
     }
-    if ($pve_namespace_clashes > 0) {
-        log_fail(
-            "$pve_namespace_clashes custom role(s) will clash with 'PVE' namespace for built-in roles enforced in Proxmox VE 8"
-        );
+    if ($need_handling > 0) {
+        log_fail("$need_handling custom role(s) need handling");
     } elsif ($custom_roles > 0) {
-        log_pass(
-            "none of the $custom_roles custom roles will clash with newly enforced 'PVE' namespace"
-        );
+        log_pass("none of the $custom_roles custom roles need handling");
     } else {
-        log_pass(
-            "no custom roles defined, so no clash with 'PVE' role ID namespace enforced in Proxmox VE 8"
-        );
+        log_pass("no custom roles defined");
     }
 }
 
-- 
2.47.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


  parent reply	other threads:[~2025-07-17 13:37 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-17 13:36 [pve-devel] [PATCH-SERIES access-control/qemu-server/manager/docs] replace ambiguously named VM.Monitor privilege Fiona Ebner
2025-07-17 13:36 ` [pve-devel] [PATCH access-control 1/9] add VM.GuestAgent privileges Fiona Ebner
2025-07-17 13:36 ` [pve-devel] [PATCH access-control 2/9] privileges: drop VM.Monitor Fiona Ebner
2025-07-17 13:36 ` [pve-devel] [PATCH qemu-server 3/9] api: agent: use more specific guest agent privileges Fiona Ebner
2025-07-17 13:36 ` [pve-devel] [PATCH qemu-server 4/9] api: monitor: improve permission handling Fiona Ebner
2025-07-17 13:36 ` [pve-devel] [PATCH qemu-server 5/9] api: monitor: require Sys.Audit or Sys.Modify privilege Fiona Ebner
2025-07-17 13:36 ` Fiona Ebner [this message]
2025-07-17 13:36 ` [pve-devel] [PATCH manager 7/9] pve8to9: check for to-be-dropped VM.Monitor privilege in custom roles Fiona Ebner
2025-07-17 13:36 ` [pve-devel] [PATCH docs 8/9] user management: privileges: document new VM guest agent privileges Fiona Ebner
2025-07-17 13:36 ` [pve-devel] [PATCH docs 9/9] user management: privileges: remove reference to dropped VM.Monitor privilege Fiona Ebner
2025-07-17 21:26 ` [pve-devel] applied-series: [PATCH-SERIES access-control/qemu-server/manager/docs] replace ambiguously named " Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250717133711.84715-7-f.ebner@proxmox.com \
    --to=f.ebner@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal