From: Hannes Laimer <h.laimer@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup v3 0/5] ACL removal on user/token deletion + token regeneration
Date: Fri, 4 Apr 2025 17:32:05 +0200 [thread overview]
Message-ID: <20250404153210.48017-1-h.laimer@proxmox.com> (raw)
If a user is deleted, all its permissions and tokens
will now be deleted with it. If a token is deleted
all its permissions will now be deleted.
Until now neither of those two happened[1].
The last two commits add the possibility to regenerate
tokens, basically revoking the old and generating a
new secret while keeping all the set permissions.
This is all in the same series since just adding the
removal of permissions would kill the currently only
way to keep the permissions but change the secret of
a token(deleting it and creating it again with the
same name[2]).
-> pbs-api-types dep has to be bumped since we need the schema added in #4
for #5.
v3, thanks @Chris:
- fix problem in where user/acl config wasn't saved on user deletion
v2:
- rebase onto master
[1] https://bugzilla.proxmox.com/show_bug.cgi?id=4382
[2] https://bugzilla.proxmox.com/show_bug.cgi?id=3887
Hannes Laimer (5):
pbs-config: move secret generation into token_shadow
fix #4382: api: access: remove permissions of token on deletion
fix #4382: api: remove permissions and tokens of user on deletion
fix #3887: api: access: allow secret regeneration
fix #3887: ui: add regenerate token button
pbs-config/Cargo.toml | 1 +
pbs-config/src/token_shadow.rs | 10 +++-
src/api2/access/user.rs | 83 ++++++++++++++++++++++++++++------
www/config/TokenView.js | 29 ++++++++++++
4 files changed, 107 insertions(+), 16 deletions(-)
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next reply other threads:[~2025-04-04 15:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-04 15:32 Hannes Laimer [this message]
2025-04-04 15:32 ` [pbs-devel] [PATCH proxmox-backup v3 1/5] pbs-config: move secret generation into token_shadow Hannes Laimer
2025-04-04 15:32 ` [pbs-devel] [PATCH proxmox-backup v3 2/5] fix #4382: api: access: remove permissions of token on deletion Hannes Laimer
2025-04-04 15:32 ` [pbs-devel] [PATCH proxmox-backup v3 3/5] fix #4382: api: remove permissions and tokens of user " Hannes Laimer
2025-04-04 15:32 ` [pbs-devel] [PATCH proxmox-backup v3 4/5] fix #3887: api: access: allow secret regeneration Hannes Laimer
2025-04-04 15:32 ` [pbs-devel] [PATCH proxmox-backup v3 5/5] fix #3887: ui: add regenerate token button Hannes Laimer
2025-04-05 17:12 ` [pbs-devel] applied-series: [PATCH proxmox-backup v3 0/5] ACL removal on user/token deletion + token regeneration Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250404153210.48017-1-h.laimer@proxmox.com \
--to=h.laimer@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal