From: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
To: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>,
"t.lamprecht@proxmox.com" <t.lamprecht@proxmox.com>,
"aderumier@odiso.com" <aderumier@odiso.com>
Subject: Re: [pve-devel] applied: Re: [PATCH v4 qemu-server 1/1] api2: add check_bridge_access for create/update/clone/restore vm
Date: Fri, 9 Jun 2023 08:28:08 +0000 [thread overview]
Message-ID: <d7965952bff050e72b6ab4269ae649bf1ec83ca2.camel@groupe-cyllene.com> (raw)
In-Reply-To: <ceb308a2-ff55-26bf-0b6f-d30edf67c0e8@proxmox.com>
Le vendredi 09 juin 2023 à 09:29 +0200, Thomas Lamprecht a écrit :
> On 09/06/2023 09:14, DERUMIER, Alexandre wrote:
> > Or Maybe, we should simply warn && remove the netX from the restore
> > config ? (I'm thinking about old backup with older non existing
> > bridge anymore or coming from another cluster, where user couldn't
> > have any permissions)
>
> I think the whole UX of this new check can definitively be improved
> for,
> at least for restore and clone.
>
> Once we expose nicely overriding also network for the original
> config,
> we can highlight vnets/briges that either do not exist, or the user
> has no access to, already as invalid in the web UI.
> Then the user can override it with one that exists and that they have
> access too in the UI.
Yes, I was thinking about that too.
I just send a patch to warn/remove the net from restore config , I
think it's a good compromise until the gui is implemented ?
https://lists.proxmox.com/pipermail/pve-devel/2023-June/057392.html
>
next prev parent reply other threads:[~2023-06-09 8:28 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-07 12:03 [pve-devel] [PATCH-SERIE pve-access-control/pve-manager/pve-guest-common/qemu-server/pve-network] check permissions on local bridge Alexandre Derumier
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-access-control 1/3] access control: add /sdn/zones/<zone>/<vnet>/<vlan> path Alexandre Derumier
2023-06-07 14:41 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v4 qemu-server 1/1] api2: add check_bridge_access for create/update/clone/restore vm Alexandre Derumier
2023-06-07 14:52 ` Fabian Grünbichler
2023-06-07 16:46 ` DERUMIER, Alexandre
2023-06-08 16:02 ` [pve-devel] applied: " Thomas Lamprecht
2023-06-09 7:00 ` DERUMIER, Alexandre
2023-06-09 7:14 ` DERUMIER, Alexandre
2023-06-09 7:29 ` Thomas Lamprecht
2023-06-09 8:28 ` DERUMIER, Alexandre [this message]
2023-06-09 7:26 ` Thomas Lamprecht
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 1/4] api2: network: check permissions for local bridges Alexandre Derumier
2023-06-07 14:45 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH pve-network 1/1] get_local_vnets: fix permission path && perm Alexandre Derumier
2023-06-07 14:56 ` Fabian Grünbichler
2023-06-07 16:27 ` DERUMIER, Alexandre
2023-06-08 1:34 ` DERUMIER, Alexandre
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-guest-common 1/1] helpers : add check_vnet_access Alexandre Derumier
2023-06-07 14:48 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 2/4] api2: cluster: ressources: add "localnetwork" zone Alexandre Derumier
2023-06-07 14:44 ` Fabian Grünbichler
2023-06-07 17:18 ` DERUMIER, Alexandre
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-access-control 2/3] rpcenvironnment: add check_sdn_bridge Alexandre Derumier
2023-06-07 14:41 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-access-control 3/3] add new SDN.use privilege in PVESDNUser role Alexandre Derumier
2023-06-07 14:42 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 3/4] ui: add vnet permissions panel Alexandre Derumier
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 4/4] ui: add permissions management for "localnetwork" zone Alexandre Derumier
2023-06-12 14:39 ` [pve-devel] applied-series: [PATCH-SERIE pve-access-control/pve-manager/pve-guest-common/qemu-server/pve-network] check permissions on local bridge Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d7965952bff050e72b6ab4269ae649bf1ec83ca2.camel@groupe-cyllene.com \
--to=alexandre.derumier@groupe-cyllene.com \
--cc=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
--cc=t.lamprecht@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.