From: Hannes Laimer <h.laimer@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup/proxmox 0/6] ACL removal on user/token deletion + token regeneration
Date: Thu, 20 Mar 2025 14:57:42 +0100 [thread overview]
Message-ID: <20250320135748.205614-1-h.laimer@proxmox.com> (raw)
If a user is deleted all its permissions and tokens
will now be deleted with it. If a token is deleted
all its permissions will now be deleted.
Until now neither of those two happened[1].
The last two commits add the possibility to regenerate
tokens, basically revoking the old and generating a
new secret while keeping all the set permissions.
This is all in the same series since just adding the
removal of permissions would kill the currently only
way to keep the permissions but change the secret of
a token(deleting it and creating it again with the
same name[2]).
-> pbs-api-types dep has to be bumped since we need the schema added in #4
for #5.
[1] https://bugzilla.proxmox.com/show_bug.cgi?id=4382
[2] https://bugzilla.proxmox.com/show_bug.cgi?id=3887
* proxmox
Hannes Laimer (1):
pbs-api-types: add REGENERATE_TOKEN_SCHEMA
pbs-api-types/src/user.rs | 6 ++++++
1 file changed, 6 insertions(+)
* proxmox-backup
Hannes Laimer (5):
pbs-config: move secret generation into token_shadow
fix #4382: api: access: remove permissions of token on deletion
fix #4382: api: remove permissions and tokens of user on deletion
fix #3887: api: access: allow secret regeneration
fix #3887: ui: add regenerate token button
pbs-config/Cargo.toml | 1 +
pbs-config/src/token_shadow.rs | 10 ++++-
src/api2/access/user.rs | 80 +++++++++++++++++++++++++++-------
www/config/TokenView.js | 29 ++++++++++++
4 files changed, 104 insertions(+), 16 deletions(-)
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next reply other threads:[~2025-03-20 13:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-20 13:57 Hannes Laimer [this message]
2025-03-20 13:57 ` [pbs-devel] [PATCH proxmox-backup 1/6] pbs-config: move secret generation into token_shadow Hannes Laimer
2025-03-20 13:57 ` [pbs-devel] [PATCH proxmox-backup 2/6] fix #4382: api: access: remove permissions of token on deletion Hannes Laimer
2025-03-20 13:57 ` [pbs-devel] [PATCH proxmox-backup 3/6] fix #4382: api: remove permissions and tokens of user " Hannes Laimer
2025-04-04 15:06 ` Christian Ebner
2025-04-04 15:23 ` Hannes Laimer
2025-03-20 13:57 ` [pbs-devel] [PATCH proxmox 4/6] pbs-api-types: add REGENERATE_TOKEN_SCHEMA Hannes Laimer
2025-04-02 13:04 ` [pbs-devel] applied: " Thomas Lamprecht
2025-03-20 13:57 ` [pbs-devel] [PATCH proxmox-backup 5/6] fix #3887: api: access: allow secret regeneration Hannes Laimer
2025-03-20 13:57 ` [pbs-devel] [PATCH proxmox-backup 6/6] fix #3887: ui: add regenerate token button Hannes Laimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250320135748.205614-1-h.laimer@proxmox.com \
--to=h.laimer@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal