From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pdm-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 8145D1FF187
	for <inbox@lore.proxmox.com>; Mon, 22 Sep 2025 14:56:10 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 8AC751B759;
	Mon, 22 Sep 2025 14:56:39 +0200 (CEST)
Message-ID: <f5de9bf8-60fe-419b-bff5-45bbf35f8ab3@proxmox.com>
Date: Mon, 22 Sep 2025 14:56:36 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Lukas Wagner <l.wagner@proxmox.com>,
 Proxmox Datacenter Manager development discussion
 <pdm-devel@lists.proxmox.com>
References: <20250922110958.369653-1-c.ebner@proxmox.com>
 <DCZCBLEQI1PV.2OD5BIK1OYYVH@proxmox.com>
Content-Language: en-US, de-DE
From: Christian Ebner <c.ebner@proxmox.com>
In-Reply-To: <DCZCBLEQI1PV.2OD5BIK1OYYVH@proxmox.com>
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1758545784968
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.043 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pdm-devel] [PATCH datacenter-manager 0/6] ui/api: implement
 and expose adding PBS remotes via the ui wizard
X-BeenThere: pdm-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Datacenter Manager development discussion
 <pdm-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pdm-devel/>
List-Post: <mailto:pdm-devel@lists.proxmox.com>
List-Help: <mailto:pdm-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Datacenter Manager development discussion
 <pdm-devel@lists.proxmox.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: pdm-devel-bounces@lists.proxmox.com
Sender: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>

On 9/22/25 2:49 PM, Lukas Wagner wrote:
> On Mon Sep 22, 2025 at 1:09 PM CEST, Christian Ebner wrote:
>> While it is already possible to add PBS remote via the cli, the UI currently
>> does not expose this functionality. Most of the required pieces are however
>> already there, so implement the missing api endpoints to check the TLS
>> connection and scan the remote for the PDM api and add the required methods to
>> the PDM client.
>>
>> Finally, make sure the correct PDM implementation for PBS is used based on the
>> remote type as stored in the remote add wizard state and expose the button
>> to add the PBS instance.
>>
>> datacenter-manager:
>>
>> Christian Ebner (6):
>>    server: api: add TLS probe endpoint for PBS
>>    pdm-client: add method to probe TLS connection for PBS remotes
>>    server: api: implement endpoint to scan remote PBS instances
>>    pdm client: add method to scan remote PBS instances
>>    ui: remote: check connection for PBS remotes in remote add wizard
>>    ui: reorganize remote add button as dropdown menu to allow adding PBS
>>
>>   lib/pdm-client/src/lib.rs             |  90 +++++++++++++++-------
>>   server/src/api/pbs/mod.rs             | 107 ++++++++++++++++++++++++--
>>   ui/src/remotes/add_wizard.rs          |   2 +-
>>   ui/src/remotes/config.rs              |  42 +++++-----
>>   ui/src/remotes/wizard_page_connect.rs |  16 ++--
>>   ui/src/remotes/wizard_page_info.rs    |  25 ++++--
>>   6 files changed, 211 insertions(+), 71 deletions(-)
>>
>>
>> Summary over all repositories:
>>    6 files changed, 211 insertions(+), 71 deletions(-)
> 
> Looks good to me. I applied this on the latest master and give it a
> spin.
> 
> Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
> Tested-by: Lukas Wagner <l.wagner@proxmox.com>
> 
> The only thing that I noticed is that when creating a new API token via
> the wizard, further API calls to actually give this new token adequate
> permissions are needed, since PBS enforces privilege-separation for API
> tokens. For PVE this is not a problem, since there we just don't use
> privilege-separation, so the token has the same privs as the user.

Thanks for review and testing!

Noticed the missing privs for the token only after sending the patches. 
Will adapt this as followup patches however, as the privileges will 
depend also on what information should be shown for the PBS hosts. 
`Datastore.Audit` on path `/datastore` should be enough for the initial 
listing of the backup snapshots.


_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel