From: "Michael Köppl" <m.koeppl@proxmox.com>
To: "Proxmox Datacenter Manager development discussion"
<pdm-devel@lists.proxmox.com>
Cc: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>
Subject: Re: [pdm-devel] [PATCH datacenter-manager v3 05/11] api: resources: list: add support for view parameter
Date: Tue, 11 Nov 2025 15:31:36 +0100 [thread overview]
Message-ID: <DE5XSHFHJQSF.1W6ZJOGDMED44@proxmox.com> (raw)
In-Reply-To: <20251106134353.263598-6-l.wagner@proxmox.com>
2 comments inline
On Thu Nov 6, 2025 at 2:43 PM CET, Lukas Wagner wrote:
> A view allows one to get filtered subset of all resources, based on
> filter rules defined in a config file. View integrate with the
> permission system - if a user has permissions on /view/{view-id}, then
> these privileges are transitively applied to all resources which are
> matched by the rules. All other permission checks are replaced if
> requesting data through a view.
>
> Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
> ---
> server/src/api/resources.rs | 56 ++++++++++++++++++++++++++++++------
> server/src/resource_cache.rs | 3 +-
> 2 files changed, 50 insertions(+), 9 deletions(-)
>
> diff --git a/server/src/api/resources.rs b/server/src/api/resources.rs
> index dad3e6b6..1b3bfda2 100644
> --- a/server/src/api/resources.rs
> +++ b/server/src/api/resources.rs
> @@ -18,7 +18,7 @@ use pdm_api_types::resource::{
> use pdm_api_types::subscription::{
> NodeSubscriptionInfo, RemoteSubscriptionState, RemoteSubscriptions, SubscriptionLevel,
> };
> -use pdm_api_types::{Authid, PRIV_RESOURCE_AUDIT};
> +use pdm_api_types::{Authid, PRIV_RESOURCE_AUDIT, VIEW_ID_SCHEMA};
> use pdm_search::{Search, SearchTerm};
> use proxmox_access_control::CachedUserInfo;
> use proxmox_router::{
> @@ -30,8 +30,8 @@ use proxmox_sortable_macro::sortable;
> use proxmox_subscription::SubscriptionStatus;
> use pve_api_types::{ClusterResource, ClusterResourceType};
>
> -use crate::connection;
> use crate::metric_collection::top_entities;
> +use crate::{connection, views};
>
> pub const ROUTER: Router = Router::new()
> .get(&list_subdirs_api_method!(SUBDIRS))
> @@ -221,6 +221,10 @@ impl From<RemoteWithResources> for RemoteResources {
> type: ResourceType,
> optional: true,
> },
> + view: {
> + schema: VIEW_ID_SCHEMA,
> + optional: true,
> + },
> }
> },
> returns: {
> @@ -236,10 +240,17 @@ pub async fn get_resources(
> max_age: u64,
> resource_type: Option<ResourceType>,
> search: Option<String>,
> + view: Option<String>,
> rpcenv: &mut dyn RpcEnvironment,
> ) -> Result<Vec<RemoteResources>, Error> {
> - let remotes_with_resources =
> - get_resources_impl(max_age, search, resource_type, Some(rpcenv)).await?;
> + let remotes_with_resources = get_resources_impl(
> + max_age,
> + search,
> + resource_type,
> + view.as_deref(),
> + Some(rpcenv),
> + )
> + .await?;
> let resources = remotes_with_resources.into_iter().map(Into::into).collect();
> Ok(resources)
> }
> @@ -276,6 +287,7 @@ pub(crate) async fn get_resources_impl(
> max_age: u64,
> search: Option<String>,
> resource_type: Option<ResourceType>,
> + view: Option<&str>,
> rpcenv: Option<&mut dyn RpcEnvironment>,
> ) -> Result<Vec<RemoteWithResources>, Error> {
> let user_info = CachedUserInfo::new()?;
> @@ -285,9 +297,15 @@ pub(crate) async fn get_resources_impl(
> .get_auth_id()
> .ok_or_else(|| format_err!("no authid available"))?
> .parse()?;
> - if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_AUDIT)? {
> +
> + // NOTE: Assumption is that the regular permission check is completely replaced by a check
> + // on the view ACL object *if* a view parameter is passed.
> + if let Some(view) = &view {
> + user_info.check_privs(&auth_id, &["view", view], PRIV_RESOURCE_AUDIT, false)?;
> + } else if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_AUDIT)? {
> http_bail!(FORBIDDEN, "user has no access to resources");
> }
> +
> opt_auth_id = Some(auth_id);
> }
>
> @@ -296,12 +314,22 @@ pub(crate) async fn get_resources_impl(
>
> let filters = search.map(Search::from).unwrap_or_default();
>
> + let view = views::get_optional_view(view.as_deref())?;
Is this .as_deref() needed? `view` already is a Option<&str>.
> +
> let remotes_only = is_remotes_only(&filters);
>
> for (remote_name, remote) in remotes_config {
> if let Some(ref auth_id) = opt_auth_id {
> - let remote_privs = user_info.lookup_privs(auth_id, &["resource", &remote_name]);
> - if remote_privs & PRIV_RESOURCE_AUDIT == 0 {
> + if view.is_none() {
> + let remote_privs = user_info.lookup_privs(auth_id, &["resource", &remote_name]);
> + if remote_privs & PRIV_RESOURCE_AUDIT == 0 {
> + continue;
> + }
> + }
> + }
> +
> + if let Some(view) = &view {
> + if view.can_skip_remote(&remote_name) {
> continue;
> }
> }
Wouldn't it make more sense to switch the two if-blocks above?
if let Some(view) = &view {
if view.can_skip_remote(&remote_name) {
continue;
}
}
if let Some(ref auth_id) = opt_auth_id {
if view.is_none() {
let remote_privs = user_info.lookup_privs(auth_id, &["resource", &remote_name]);
if remote_privs & PRIV_RESOURCE_AUDIT == 0 {
continue;
}
}
}
Then view filtering takes precedence over checking the permissions, same
as in get_subscription_status. Might be that I'm misinterpreting this,
though.
> @@ -374,6 +402,17 @@ pub(crate) async fn get_resources_impl(
> }
> }
>
> + if let Some(view) = &view {
> + remote_resources.retain_mut(|r| {
> + r.resources
> + .retain(|resource| view.resource_matches(&r.remote_name, resource));
> +
> + let has_any_matched_resources = !r.resources.is_empty();
> + has_any_matched_resources
> + || (r.error.is_some() && view.is_remote_explicitly_included(&r.remote_name))
> + });
> + }
> +
> Ok(remote_resources)
> }
>
> @@ -405,7 +444,8 @@ pub async fn get_status(
> max_age: u64,
> rpcenv: &mut dyn RpcEnvironment,
> ) -> Result<ResourcesStatus, Error> {
> - let remotes_with_resources = get_resources_impl(max_age, None, None, Some(rpcenv)).await?;
> + let remotes_with_resources =
> + get_resources_impl(max_age, None, None, None, Some(rpcenv)).await?;
> let mut counts = ResourcesStatus::default();
> for remote_with_resources in remotes_with_resources {
> if let Some(err) = remote_with_resources.error {
> diff --git a/server/src/resource_cache.rs b/server/src/resource_cache.rs
> index aa20c54e..dc3cbeaf 100644
> --- a/server/src/resource_cache.rs
> +++ b/server/src/resource_cache.rs
> @@ -21,7 +21,8 @@ pub fn start_task() {
> async fn resource_caching_task() -> Result<(), Error> {
> loop {
> if let Err(err) =
> - crate::api::resources::get_resources_impl(METRIC_POLL_INTERVALL, None, None, None).await
> + crate::api::resources::get_resources_impl(METRIC_POLL_INTERVALL, None, None, None, None)
> + .await
> {
> log::error!("could not update resource cache: {err}");
> }
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-11-11 14:31 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 13:43 [pdm-devel] [PATCH datacenter-manager v3 00/11] backend implementation for view filters Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 01/11] pdm-api-types: views: add ViewConfig type Lukas Wagner
2025-11-11 10:57 ` Michael Köppl
2025-11-12 10:04 ` Lukas Wagner
2025-11-11 10:58 ` Michael Köppl
2025-11-12 10:05 ` Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 02/11] pdm-config: views: add support for views Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 03/11] acl: add '/view' and '/view/{view-id}' as allowed ACL paths Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 04/11] views: add implementation for view resource filtering Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 05/11] api: resources: list: add support for view parameter Lukas Wagner
2025-11-11 14:31 ` Michael Köppl [this message]
2025-11-12 10:14 ` Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 06/11] api: resources: top entities: " Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 07/11] api: resources: status: " Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 08/11] api: subscription " Lukas Wagner
2025-11-11 14:46 ` Michael Köppl
2025-11-12 8:19 ` Shannon Sterz
2025-11-12 10:26 ` Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 09/11] api: remote-tasks: " Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 10/11] pdm-client: resource list: add view-filter parameter Lukas Wagner
2025-11-06 13:43 ` [pdm-devel] [PATCH datacenter-manager v3 11/11] pdm-client: top entities: " Lukas Wagner
2025-11-11 15:00 ` [pdm-devel] [PATCH datacenter-manager v3 00/11] backend implementation for view filters Michael Köppl
2025-11-12 10:37 ` [pdm-devel] superseded: " Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DE5XSHFHJQSF.1W6ZJOGDMED44@proxmox.com \
--to=m.koeppl@proxmox.com \
--cc=pdm-devel-bounces@lists.proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.