From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id C41361FF179 for ; Wed, 15 Oct 2025 14:47:08 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8D8931B0DC; Wed, 15 Oct 2025 14:47:23 +0200 (CEST) From: Lukas Wagner To: pdm-devel@lists.proxmox.com Date: Wed, 15 Oct 2025 14:47:03 +0200 Message-ID: <20251015124711.312943-5-l.wagner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251015124711.312943-1-l.wagner@proxmox.com> References: <20251015124711.312943-1-l.wagner@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1760532437083 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.124 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pdm-devel] [PATCH proxmox-datacenter-manager 04/12] api: add API for retrieving/refreshing the remote update summary X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" This commit adds two new endpoints, namely GET /remote-updates/summary POST /remote-updates/refresh The first one is used to retrieve the update summary (the data is taken from the cache), the second one can be used to proactively refresh the summary in the cache (starts a worker task, since this could take a while). Note that we only retrieve the up-to-date list of packages from the remote, but do *not* trigger an `apt update` right now. Could make sense to do the latter as well, but then we probably should stream/forward the task logs for the upgrade task from the node to the native PDM task; something we can rather implement later. Signed-off-by: Lukas Wagner --- server/src/api/mod.rs | 3 + server/src/api/remote_updates.rs | 108 +++++++++++++++++++++++++++++++ 2 files changed, 111 insertions(+) create mode 100644 server/src/api/remote_updates.rs diff --git a/server/src/api/mod.rs b/server/src/api/mod.rs index 02ee0ecf..6a7a65a2 100644 --- a/server/src/api/mod.rs +++ b/server/src/api/mod.rs @@ -14,6 +14,7 @@ pub mod nodes; pub mod pbs; pub mod pve; pub mod remote_tasks; +pub mod remote_updates; pub mod remotes; pub mod resources; mod rrd_common; @@ -31,6 +32,8 @@ const SUBDIRS: SubdirMap = &sorted!([ ("resources", &resources::ROUTER), ("nodes", &nodes::ROUTER), ("remote-tasks", &remote_tasks::ROUTER), + // TODO: There might be a better place for this endpoint. + ("remote-updates", &remote_updates::ROUTER), ("sdn", &sdn::ROUTER), ("version", &Router::new().get(&API_METHOD_VERSION)), ]); diff --git a/server/src/api/remote_updates.rs b/server/src/api/remote_updates.rs new file mode 100644 index 00000000..724b705a --- /dev/null +++ b/server/src/api/remote_updates.rs @@ -0,0 +1,108 @@ +//! API for getting a remote update update summary. + +use anyhow::Error; + +use pdm_api_types::remote_updates::UpdateSummary; +use pdm_api_types::remotes::Remote; +use pdm_api_types::{PRIV_RESOURCE_MODIFY, UPID}; +use proxmox_access_control::CachedUserInfo; +use proxmox_rest_server::WorkerTask; +use proxmox_router::{ + http_bail, list_subdirs_api_method, Permission, Router, RpcEnvironment, SubdirMap, +}; +use proxmox_schema::api; +use proxmox_sortable_macro::sortable; + +use crate::remote_updates; + +pub const ROUTER: Router = Router::new() + .get(&list_subdirs_api_method!(SUBDIRS)) + .subdirs(SUBDIRS); + +#[sortable] +const SUBDIRS: SubdirMap = &sorted!([ + ("summary", &Router::new().get(&API_METHOD_UPDATE_SUMMARY)), + ( + "refresh", + &Router::new().post(&API_METHOD_REFRESH_REMOTE_UPDATE_SUMMARIES) + ), +]); + +#[api( + access: { + permission: &Permission::Anybody, + description: "Resource.Modify privileges are needed on /resource/{remote}", + }, +)] +/// Return available update summary for managed remote nodes. +pub fn update_summary(rpcenv: &mut dyn RpcEnvironment) -> Result { + let auth_id = rpcenv.get_auth_id().unwrap().parse()?; + let user_info = CachedUserInfo::new()?; + + if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? { + http_bail!(UNAUTHORIZED, "user has no access to resources"); + } + + let mut update_summary = remote_updates::get_available_updates_summary()?; + + update_summary.remotes.retain(|remote_name, _| { + user_info + .check_privs( + &auth_id, + &["resource", remote_name], + PRIV_RESOURCE_MODIFY, + false, + ) + .is_ok() + }); + + Ok(update_summary) +} + +#[api( + access: { + permission: &Permission::Anybody, + description: "Resource.Modify privileges are needed on /resource/{remote}", + }, +)] +/// Refresh the update summary of all remotes. +pub fn refresh_remote_update_summaries(rpcenv: &mut dyn RpcEnvironment) -> Result { + let (config, _digest) = pdm_config::remotes::config()?; + + let auth_id = rpcenv.get_auth_id().unwrap().parse()?; + let user_info = CachedUserInfo::new()?; + + if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? { + http_bail!(UNAUTHORIZED, "user has no access to resources"); + } + + let remotes: Vec = config + .into_iter() + .filter_map(|(remote_name, remote)| { + user_info + .check_privs( + &auth_id, + &["resource", &remote_name], + PRIV_RESOURCE_MODIFY, + false, + ) + .is_ok() + .then_some(remote) + }) + .collect(); + + let upid_str = WorkerTask::spawn( + "refresh-remote-updates", + None, + auth_id.to_string(), + true, + |_worker| async { + // TODO: Add more verbose logging per remote/node, so we can actually see something + // interesting in the task log. + remote_updates::refresh_update_summary_cache(remotes).await?; + Ok(()) + }, + )?; + + upid_str.parse() +} -- 2.47.3 _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel