From: "Shannon Sterz" <s.sterz@proxmox.com>
To: "Dominik Csapak" <d.csapak@proxmox.com>, <pdm-devel@lists.proxmox.com>
Subject: Re: [PATCH datacenter-manager v3 2/6] lib/api: add 'location-info' api call with cached information
Date: Fri, 22 May 2026 15:30:38 +0200 [thread overview]
Message-ID: <DIP8P9P4BI14.28R47627T7P1K@proxmox.com> (raw)
In-Reply-To: <20260522083412.1223719-8-d.csapak@proxmox.com>
On Fri May 22, 2026 at 10:34 AM CEST, Dominik Csapak wrote:
> PVE and PBS remotes can have a location configured, and we want to query
> that, so add a cache for this location info and an API call to query it.
>
> Modeled after the other resource api calls (status/subscription) but
> lets the location info be optional since this is a relatively new
> feature.
>
> The biggest difference is that we try to get a location at all costs, so
> if there is no new enough location in the cache we try to update it.
>
> If that fails (e.g. because the remote is offline) we retry the cache
> with unlimited 'max-age'. Otherwise there could be a situation where the
> location info is so old that offline remotes won't be shown.
>
> Refactor some permission checks from the subscription api call so we can
> reuse that.
>
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
> lib/pdm-api-types/src/lib.rs | 34 ++++++++
> server/src/api/resources.rs | 120 +++++++++++++++++++++-----
> server/src/lib.rs | 1 +
> server/src/location_cache.rs | 160 +++++++++++++++++++++++++++++++++++
> 4 files changed, 294 insertions(+), 21 deletions(-)
> create mode 100644 server/src/location_cache.rs
-->8 snip 8<--
> diff --git a/server/src/api/resources.rs b/server/src/api/resources.rs
> index 1a6a23d9..9ec1ce89 100644
> --- a/server/src/api/resources.rs
> +++ b/server/src/api/resources.rs
> @@ -18,7 +18,7 @@ use pdm_api_types::resource::{
> use pdm_api_types::subscription::{
> NodeSubscriptionInfo, RemoteSubscriptionState, RemoteSubscriptions, SubscriptionLevel,
> };
> -use pdm_api_types::{Authid, PRIV_RESOURCE_AUDIT, VIEW_ID_SCHEMA};
> +use pdm_api_types::{Authid, CachedLocationInfo, PRIV_RESOURCE_AUDIT, VIEW_ID_SCHEMA};
> use pdm_search::{Search, SearchTerm};
> use proxmox_access_control::CachedUserInfo;
> use proxmox_router::{
> @@ -41,6 +41,10 @@ pub const ROUTER: Router = Router::new()
> #[sortable]
> const SUBDIRS: SubdirMap = &sorted!([
> ("list", &Router::new().get(&API_METHOD_GET_RESOURCES)),
> + (
> + "location-info",
> + &Router::new().get(&API_METHOD_GET_LOCATION_INFO)
> + ),
> ("status", &Router::new().get(&API_METHOD_GET_STATUS)),
> (
> "top-entities",
> @@ -214,6 +218,29 @@ impl From<RemoteWithResources> for RemoteResources {
> }
> }
>
> +fn check_remote_priv(user_info: &CachedUserInfo, auth_id: &Authid, remote: &str) -> bool {
> + user_info
> + .check_privs(auth_id, &["resource", remote], PRIV_RESOURCE_AUDIT, false)
> + .is_ok()
> +}
> +
> +/// When returning true, all remotes are allowed and no per-remote permission check should be
> +/// necessary
> +fn check_all_remotes_allowed(
> + user_info: &CachedUserInfo,
> + auth_id: &Authid,
> + view: Option<&str>,
> +) -> Result<bool, Error> {
> + Ok(if let Some(view) = view {
> + user_info.check_privs(auth_id, &["view", view], PRIV_RESOURCE_AUDIT, false)?;
> + false
> + } else {
> + user_info
> + .check_privs(auth_id, &["resource"], PRIV_RESOURCE_AUDIT, false)
> + .is_ok()
> + })
> +}
> +
i wonder if these two sould eventually also take a `privilege` parameter
and maybe be moved to a more central place, but nothing that needs to be
done with this series.
maybe even a helper that combines the `if` statements below as well, as
they are almost identical.
> #[api(
> // FIXME:: see list-like API calls in resource routers, we probably want more fine-grained
> // checks..
> @@ -641,34 +668,16 @@ pub async fn get_subscription_status(
> .parse()?;
> let user_info = CachedUserInfo::new()?;
>
> - let allow_all = if let Some(view) = &view {
> - user_info.check_privs(&auth_id, &["view", view], PRIV_RESOURCE_AUDIT, false)?;
> - false
> - } else {
> - user_info
> - .check_privs(&auth_id, &["resource"], PRIV_RESOURCE_AUDIT, false)
> - .is_ok()
> - };
> + let allow_all = check_all_remotes_allowed(&user_info, &auth_id, view.as_deref())?;
>
> let view = views::get_optional_view(view.as_deref())?;
>
> - let check_priv = |remote_name: &str| -> bool {
> - user_info
> - .check_privs(
> - &auth_id,
> - &["resource", remote_name],
> - PRIV_RESOURCE_AUDIT,
> - false,
> - )
> - .is_ok()
> - };
> -
> for (remote_name, remote) in remotes_config {
> if let Some(view) = &view {
> if view.can_skip_remote(&remote_name) {
> continue;
> }
> - } else if !allow_all && !check_priv(&remote_name) {
> + } else if !allow_all && !check_remote_priv(&user_info, &auth_id, &remote_name) {
> continue;
> }
^ these if statements here
-->8 snip 8<--
next prev parent reply other threads:[~2026-05-22 13:30 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-22 8:33 [PATCH datacenter-manager/proxmox-geojson-data/yew-widget-toolkit/yew-widget-toolkit-assets v3 00/11] add a new map widget for custom views Dominik Csapak
2026-05-22 8:33 ` [PATCH yew-widget-toolkit v3 1/3] js-helper: add client-to-svg-coordinate conversion helper Dominik Csapak
2026-05-22 8:33 ` [PATCH yew-widget-toolkit v3 2/3] widget: charts: add interactive Map with zoom/pan and clustering Dominik Csapak
2026-05-22 13:30 ` Shannon Sterz
2026-05-22 8:33 ` [PATCH yew-widget-toolkit v3 3/3] widget: charts: add WorldMap with GeoJSON rendering Dominik Csapak
2026-05-22 8:34 ` [PATCH yew-widget-toolkit-assets v3 1/1] charts: add necessary classes for Map Dominik Csapak
2026-05-22 8:34 ` [PATCH proxmox-geojson-data v3 1/1] initial commit Dominik Csapak
2026-05-22 13:30 ` Shannon Sterz
2026-05-22 8:34 ` [PATCH datacenter-manager v3 1/6] server: pbs client: add node_config method Dominik Csapak
2026-05-22 8:34 ` [PATCH datacenter-manager v3 2/6] lib/api: add 'location-info' api call with cached information Dominik Csapak
2026-05-22 13:30 ` Shannon Sterz [this message]
2026-05-22 8:34 ` [PATCH datacenter-manager v3 3/6] lib/api: add new 'remote-list' info to the resource status Dominik Csapak
2026-05-22 8:34 ` [PATCH datacenter-manager v3 4/6] server: serve geojson worldmap Dominik Csapak
2026-05-22 8:34 ` [PATCH datacenter-manager v3 5/6] ui: views: refactor required api call info into struct Dominik Csapak
2026-05-22 8:34 ` [PATCH datacenter-manager v3 6/6] ui: views: add map component Dominik Csapak
2026-05-22 13:30 ` Shannon Sterz
2026-05-22 9:38 ` [PATCH datacenter-manager/proxmox-geojson-data/yew-widget-toolkit/yew-widget-toolkit-assets v3 00/11] add a new map widget for custom views Thomas Lamprecht
2026-05-22 13:33 ` Shannon Sterz
2026-05-24 2:31 ` applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DIP8P9P4BI14.28R47627T7P1K@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.