Re: [pve-devel] [PATCH manager v2] api: implement node-independent bulk actions

From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>,
	"Fabian Grünbichler" <f.gruenbichler@proxmox.com>,
	"Dominik Csapak" <d.csapak@proxmox.com>
Subject: Re: [pve-devel] [PATCH manager v2] api: implement node-independent bulk actions
Date: Fri, 14 Nov 2025 10:08:46 +0100	[thread overview]
Message-ID: <d76edcd5-0815-493e-9883-1c76f00cefd2@proxmox.com> (raw)
In-Reply-To: <176310914957.64802.13109309341568645230@yuna.proxmox.com>

Am 14.11.25 um 09:32 schrieb Fabian Grünbichler:
>> +sub create_client {
>> +    my ($authuser, $request_timeout) = @_;
>> +    my ($user, undef) = PVE::AccessControl::split_tokenid($authuser, 1);
>> +
>> +    # TODO: How to handle Tokens?
> not like below for sure 😉 we'd need to make it queriable using the
> RPCEnvironment (and store it there) I guess? maybe opt-in so the storing only
> happens for certain API handlers (e.g., these ones here for a start)?
> 
> this basically escalates from the token to a ticket of the user, which is a
> nogo even if you duplicate the current set of privilege checks here, as that is
> just waiting to get out of sync

This would be nice to have for the export-metrics too, and I started a rough
early draft as:

pve-common:

diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index d765533..f6687ce 100644
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@ -1845,6 +1845,16 @@ my $method_schema = {
         protected => {
             type => 'boolean',
             description => "Method needs special privileges - only pvedaemon can execute it",
+            default => 0,
+            optional => 1,
+        },
+        expose_credentials => {
+            type => 'boolean',
+            description => "Method needs access to the connecting users credentials (ticker or"
+                ." token), so it will be exposed through the RPC environment. Useful to avoid"
+                ." setting 'protected' when one needs to (manually) proxy to other cluster nodes."
+                ." nodes in the handler.",
+            default => 0,
             optional => 1,
         },
         allowtoken => {

diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 62b53fc74..78da33b11 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -128,6 +128,10 @@ sub auth_handler {
     };
 }

pve-manager:
 
+my sub assemble_credentials {
+    my ($auth) = @_;
+}
+
 sub rest_handler {
     my ($self, $clientip, $method, $rel_uri, $auth, $params) = @_;
 
@@ -183,6 +187,11 @@ sub rest_handler {
             return;
         }
 
+        if ($info->{expose_credentials}) {
+            my $credentials = {};
+            $rpcenv->set_credentials(undef);
+        }
+
         $resp = {
             data => $handler->handle($info, $uri_param),
             info => $info, # useful to format output
@@ -200,6 +209,7 @@ sub rest_handler {
     my $err = $@;
 
     $rpcenv->set_user(undef); # clear after request
+    $rpcenv->set_credentials(undef); # clear after request
 
     if ($err) {
         $resp = { info => $info };


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
