public inbox for pdm-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: "Shannon Sterz" <s.sterz@proxmox.com>
To: "Lukas Wagner" <l.wagner@proxmox.com>
Cc: Proxmox Datacenter Manager development discussion
	<pdm-devel@lists.proxmox.com>
Subject: Re: [pdm-devel] [PATCH proxmox-datacenter-manager 04/12] api: add API for retrieving/refreshing the remote update summary
Date: Fri, 17 Oct 2025 12:15:32 +0200	[thread overview]
Message-ID: <DDKIOT3QZDCK.MLOZOPUHQWC3@proxmox.com> (raw)
In-Reply-To: <20251015124711.312943-5-l.wagner@proxmox.com>

On Wed Oct 15, 2025 at 2:47 PM CEST, Lukas Wagner wrote:
> This commit adds two new endpoints, namely
>   GET  /remote-updates/summary
>   POST /remote-updates/refresh
>
> The first one is used to retrieve the update summary (the data is taken
> from the cache), the second one can be used to proactively refresh the
> summary in the cache (starts a worker task, since this could take a
> while). Note that we only retrieve the up-to-date list of packages from
> the remote, but do *not* trigger an `apt update` right now. Could make
> sense to do the latter as well, but then we probably should
> stream/forward the task logs for the upgrade task from the node to the

maybe i'm misunderstanding, but do you mean "update task" here? since
you talk about triggering an `apt update` before. triggering an actual
upgrade here seems a little risky and probably needs extra safe-guards?

> native PDM task; something we can rather implement later.
>
> Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
> ---
>  server/src/api/mod.rs            |   3 +
>  server/src/api/remote_updates.rs | 108 +++++++++++++++++++++++++++++++
>  2 files changed, 111 insertions(+)
>  create mode 100644 server/src/api/remote_updates.rs
>
> diff --git a/server/src/api/mod.rs b/server/src/api/mod.rs
> index 02ee0ecf..6a7a65a2 100644
> --- a/server/src/api/mod.rs
> +++ b/server/src/api/mod.rs
> @@ -14,6 +14,7 @@ pub mod nodes;
>  pub mod pbs;
>  pub mod pve;
>  pub mod remote_tasks;
> +pub mod remote_updates;
>  pub mod remotes;
>  pub mod resources;
>  mod rrd_common;
> @@ -31,6 +32,8 @@ const SUBDIRS: SubdirMap = &sorted!([
>      ("resources", &resources::ROUTER),
>      ("nodes", &nodes::ROUTER),
>      ("remote-tasks", &remote_tasks::ROUTER),
> +    // TODO: There might be a better place for this endpoint.
> +    ("remote-updates", &remote_updates::ROUTER),
>      ("sdn", &sdn::ROUTER),
>      ("version", &Router::new().get(&API_METHOD_VERSION)),
>  ]);
> diff --git a/server/src/api/remote_updates.rs b/server/src/api/remote_updates.rs
> new file mode 100644
> index 00000000..724b705a
> --- /dev/null
> +++ b/server/src/api/remote_updates.rs
> @@ -0,0 +1,108 @@
> +//! API for getting a remote update update summary.
> +
> +use anyhow::Error;
> +
> +use pdm_api_types::remote_updates::UpdateSummary;
> +use pdm_api_types::remotes::Remote;
> +use pdm_api_types::{PRIV_RESOURCE_MODIFY, UPID};
> +use proxmox_access_control::CachedUserInfo;
> +use proxmox_rest_server::WorkerTask;
> +use proxmox_router::{
> +    http_bail, list_subdirs_api_method, Permission, Router, RpcEnvironment, SubdirMap,
> +};
> +use proxmox_schema::api;
> +use proxmox_sortable_macro::sortable;
> +
> +use crate::remote_updates;
> +
> +pub const ROUTER: Router = Router::new()
> +    .get(&list_subdirs_api_method!(SUBDIRS))
> +    .subdirs(SUBDIRS);
> +
> +#[sortable]
> +const SUBDIRS: SubdirMap = &sorted!([
> +    ("summary", &Router::new().get(&API_METHOD_UPDATE_SUMMARY)),
> +    (
> +        "refresh",
> +        &Router::new().post(&API_METHOD_REFRESH_REMOTE_UPDATE_SUMMARIES)
> +    ),
> +]);
> +
> +#[api(
> +    access: {
> +        permission: &Permission::Anybody,
> +        description: "Resource.Modify privileges are needed on /resource/{remote}",
> +    },
> +)]
> +/// Return available update summary for managed remote nodes.
> +pub fn update_summary(rpcenv: &mut dyn RpcEnvironment) -> Result<UpdateSummary, Error> {
> +    let auth_id = rpcenv.get_auth_id().unwrap().parse()?;
> +    let user_info = CachedUserInfo::new()?;
> +
> +    if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? {
> +        http_bail!(UNAUTHORIZED, "user has no access to resources");
> +    }
> +
> +    let mut update_summary = remote_updates::get_available_updates_summary()?;
> +
> +    update_summary.remotes.retain(|remote_name, _| {
> +        user_info
> +            .check_privs(
> +                &auth_id,
> +                &["resource", remote_name],
> +                PRIV_RESOURCE_MODIFY,
> +                false,
> +            )
> +            .is_ok()
> +    });
> +
> +    Ok(update_summary)
> +}
> +
> +#[api(
> +    access: {
> +        permission: &Permission::Anybody,
> +        description: "Resource.Modify privileges are needed on /resource/{remote}",
> +    },
> +)]
> +/// Refresh the update summary of all remotes.
> +pub fn refresh_remote_update_summaries(rpcenv: &mut dyn RpcEnvironment) -> Result<UPID, Error> {
> +    let (config, _digest) = pdm_config::remotes::config()?;
> +
> +    let auth_id = rpcenv.get_auth_id().unwrap().parse()?;
> +    let user_info = CachedUserInfo::new()?;
> +
> +    if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? {
> +        http_bail!(UNAUTHORIZED, "user has no access to resources");
> +    }
> +
> +    let remotes: Vec<Remote> = config
> +        .into_iter()
> +        .filter_map(|(remote_name, remote)| {
> +            user_info
> +                .check_privs(
> +                    &auth_id,
> +                    &["resource", &remote_name],
> +                    PRIV_RESOURCE_MODIFY,
> +                    false,
> +                )
> +                .is_ok()
> +                .then_some(remote)
> +        })
> +        .collect();
> +
> +    let upid_str = WorkerTask::spawn(
> +        "refresh-remote-updates",
> +        None,
> +        auth_id.to_string(),
> +        true,
> +        |_worker| async {
> +            // TODO: Add more verbose logging per remote/node, so we can actually see something
> +            // interesting in the task log.
> +            remote_updates::refresh_update_summary_cache(remotes).await?;
> +            Ok(())
> +        },
> +    )?;
> +
> +    upid_str.parse()
> +}



_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel


  parent reply	other threads:[~2025-10-17 10:15 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-15 12:46 [pdm-devel] [PATCH proxmox-datacenter-manager 00/12] add global remote update view Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 01/12] metric collection task: tests: add missing parameter for cluster_metric_export Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 02/12] pdm-api-types: add types for remote upgrade summary Lukas Wagner
2025-10-17 10:15   ` Shannon Sterz
2025-10-17 11:12     ` Lukas Wagner
2025-10-17 11:52     ` Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 03/12] remote updates: add cache for remote update availability Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 04/12] api: add API for retrieving/refreshing the remote update summary Lukas Wagner
2025-10-17  7:44   ` Lukas Wagner
2025-10-17 10:15   ` Shannon Sterz [this message]
2025-10-17 11:00     ` Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 05/12] unprivileged api daemon: tasks: add remote update refresh task Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 06/12] pdm-client: add API methods for remote update summaries Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 07/12] pbs-client: add bindings for APT-related API calls Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 08/12] task cache: use separate functions for tracking PVE and PBS tasks Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 09/12] remote updates: add support for PBS remotes Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 10/12] api: add APT endpoints " Lukas Wagner
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 11/12] ui: add remote update view Lukas Wagner
2025-10-17 10:15   ` Shannon Sterz
2025-10-15 12:47 ` [pdm-devel] [PATCH proxmox-datacenter-manager 12/12] ui: show new remote update view in the 'Remotes' section Lukas Wagner
2025-10-17 10:15 ` [pdm-devel] [PATCH proxmox-datacenter-manager 00/12] add global remote update view Shannon Sterz
2025-10-17 12:14 ` [pdm-devel] superseded: " Lukas Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DDKIOT3QZDCK.MLOZOPUHQWC3@proxmox.com \
    --to=s.sterz@proxmox.com \
    --cc=l.wagner@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal