From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id DA73B1FF165 for ; Thu, 17 Jul 2025 15:37:17 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 972E23B251; Thu, 17 Jul 2025 15:37:50 +0200 (CEST) From: Fiona Ebner To: pve-devel@lists.proxmox.com Date: Thu, 17 Jul 2025 15:36:54 +0200 Message-ID: <20250717133711.84715-7-f.ebner@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250717133711.84715-1-f.ebner@proxmox.com> References: <20250717133711.84715-1-f.ebner@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.028 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH manager 6/9] pve8to9: remove outdated checks for user roles X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" These checks were only relevant for the upgrade to PVE 8 and the messages talking about a new PVE namespace or dropped Permission.Modify privilege do not apply anymore. Keep the infrastructure for checking custom roles intact for future checks. Signed-off-by: Fiona Ebner --- PVE/CLI/pve8to9.pm | 32 ++++++-------------------------- 1 file changed, 6 insertions(+), 26 deletions(-) diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm index eb6d67e5..0c7cb97f 100644 --- a/PVE/CLI/pve8to9.pm +++ b/PVE/CLI/pve8to9.pm @@ -760,41 +760,21 @@ sub check_custom_pool_roles { for my $priv (split_list($privlist)) { $roles->{$role}->{$priv} = 1; } - } elsif ($et eq 'acl') { - my ($propagate, $pathtxt, $uglist, $rolelist) = @data; - for my $role (split_list($rolelist)) { - if ($role eq 'PVESysAdmin' || $role eq 'PVEAdmin') { - log_warn( - "found ACL entry on '$pathtxt' for '$uglist' with role '$role' - this role" - . " will no longer have 'Permissions.Modify' after the upgrade!"); - } - } } } - log_info("Checking custom role IDs for clashes with new 'PVE' namespace.."); - my ($custom_roles, $pve_namespace_clashes) = (0, 0); + log_info("Checking custom role IDs"); + my ($custom_roles, $need_handling) = (0, 0); for my $role (sort keys %{$roles}) { next if PVE::AccessControl::role_is_special($role); $custom_roles++; - - if ($role =~ /^PVE/i) { - log_warn("custom role '$role' clashes with 'PVE' namespace for built-in roles"); - $pve_namespace_clashes++; - } } - if ($pve_namespace_clashes > 0) { - log_fail( - "$pve_namespace_clashes custom role(s) will clash with 'PVE' namespace for built-in roles enforced in Proxmox VE 8" - ); + if ($need_handling > 0) { + log_fail("$need_handling custom role(s) need handling"); } elsif ($custom_roles > 0) { - log_pass( - "none of the $custom_roles custom roles will clash with newly enforced 'PVE' namespace" - ); + log_pass("none of the $custom_roles custom roles need handling"); } else { - log_pass( - "no custom roles defined, so no clash with 'PVE' role ID namespace enforced in Proxmox VE 8" - ); + log_pass("no custom roles defined"); } } -- 2.47.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel