From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 5AD841FF15E for ; Mon, 10 Nov 2025 09:45:02 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 90EC3F9FD; Mon, 10 Nov 2025 09:45:47 +0100 (CET) Message-ID: <5a4747a2-6790-4b54-acb2-34c1ad39ada5@proxmox.com> Date: Mon, 10 Nov 2025 09:45:13 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Proxmox Backup Server development discussion , Hannes Laimer References: <20251107132329.42965-1-h.laimer@proxmox.com> <20251107132329.42965-2-h.laimer@proxmox.com> Content-Language: en-US, de-DE From: Christian Ebner In-Reply-To: <20251107132329.42965-2-h.laimer@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1762764291853 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.047 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH proxmox v2 1/3] pbs-api-types: allow traffic-control rules to match users X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Reviewed-by: Christian Ebner On 11/7/25 2:23 PM, Hannes Laimer wrote: > Extend traffic-control rules with an optional list of user IDs so > API traffic can be limited per user in addition to IP-based rules. > > Signed-off-by: Hannes Laimer > --- > pbs-api-types/src/traffic_control.rs | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/pbs-api-types/src/traffic_control.rs b/pbs-api-types/src/traffic_control.rs > index 2a359eda..12fc8c93 100644 > --- a/pbs-api-types/src/traffic_control.rs > +++ b/pbs-api-types/src/traffic_control.rs > @@ -6,6 +6,7 @@ use proxmox_schema::{api, ApiType, Schema, StringSchema, Updater}; > use proxmox_schema::api_types::CIDR_SCHEMA; > > use crate::{DAILY_DURATION_FORMAT, PROXMOX_SAFE_ID_FORMAT, SINGLE_LINE_COMMENT_SCHEMA}; > +use crate::Userid; > > pub const TRAFFIC_CONTROL_TIMEFRAME_SCHEMA: Schema = > StringSchema::new("Timeframe to specify when the rule is active.") > @@ -125,6 +126,11 @@ pub struct ClientRateLimitConfig { > }, > optional: true, > }, > + users: { > + type: Array, > + items: { type: Userid }, > + optional: true, > + }, > }, > )] > #[derive(Clone, Serialize, Deserialize, PartialEq, Updater)] > @@ -146,6 +152,9 @@ pub struct TrafficControlRule { > /// Enable the rule at specific times > #[serde(skip_serializing_if = "Option::is_none")] > pub timeframe: Option>, > + /// Rule applies to authenticated API requests of any of these users (overrides IP-only rules) > + #[serde(skip_serializing_if = "Option::is_none")] > + pub users: Option>, > } > > #[api( _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel