From: "Lukas Wagner" <l.wagner@proxmox.com>
To: "Dominik Csapak" <d.csapak@proxmox.com>,
"Proxmox Datacenter Manager development discussion"
<pdm-devel@lists.proxmox.com>,
"Lukas Wagner" <l.wagner@proxmox.com>
Subject: Re: [pdm-devel] [PATCH datacenter-manager v2 09/12] api: subscription status: add support for view-filter parameter
Date: Wed, 05 Nov 2025 15:11:18 +0100 [thread overview]
Message-ID: <DE0TLO2UV1VR.2HCAC1IGSFPAE@proxmox.com> (raw)
In-Reply-To: <fd65add3-4191-42c9-8dc1-68b2ca789385@proxmox.com>
On Wed Nov 5, 2025 at 11:08 AM CET, Dominik Csapak wrote:
>> @@ -590,35 +605,62 @@ pub async fn get_subscription_status(
>> };
>>
>> for (remote_name, remote) in remotes_config {
>> - if !allow_all && !check_priv(&remote_name) {
>> + if let Some(filter) = &view_filter {
>> + if filter.can_skip_remote(&remote_name) {
>> + continue;
>> + }
>> + } else if !allow_all && !check_priv(&remote_name) {
>> continue;
>> }
>>
>> + let view_filter_clone = view_filter.clone();
>
> this could just be named 'view_filter' too, no need to postfix it with
> '_clone'
Ack - will do for v3.
>
>> +
>> let future = async move {
>> let (node_status, error) =
>> match get_subscription_info_for_remote(&remote, max_age).await {
>> - Ok(node_status) => (Some(node_status), None),
>> + Ok(mut node_status) => {
>> + node_status.retain(|node, _| {
>> + if let Some(filter) = &view_filter_clone {
>> + filter.is_node_included(&remote.id, node)
>> + } else {
>> + true
>> + }
>> + });
>> + (Some(node_status), None)
>> + }
>> Err(error) => (None, Some(error.to_string())),
>> };
>>
>> - let mut state = RemoteSubscriptionState::Unknown;
>> + let state = if let Some(node_status) = &node_status {
>> + if error.is_some() && view_filter_clone.is_some() {
>> + // Don't leak the existence of failed remotes, since we cannot apply
>> + // view-filters here.
>
> why not? we can check if the remote should be included, that does not
> requires any more info?
>
>
The problem is that we cannot always reliably tell if a remote is
included or not without checking the remote's resources. There is
ViewFilter::can_skip_remote - but since that one only checks
`include/exclude remote:...` rules, it might return false (meaning,
the remote must be considered) even if at the end the data from this
remote might be filtered out due to the other rules (and if no resources
remain, the remote as a whole would then be filtered out from the
response - similar to what I did in patch 6 to which you replied).
Example:
Consider only having `include tag:sometag` in the config. From this
alone, we cannot exclude any remotes from being queried a priori and
must do *all* filtering when we already have the data.
Similar thing here. If we cannot reach the remote, then we don't have a
list of nodes for this remote. Without the list of nodes, we cannot do
any checks with the node resource. This means if we do not filter out
the failed remote, we would leak its existence in a view which
potentially would not match on any of the node's resources.
I hope you could follow this explanation. Do you maybe have an idea on
how to fix this?
Only thing that comes to mind is making the include/exclude
remote:{remote} rules required, so that a view *always* needs to specify
which remotes to (not) consider. If we make these required, we probably
should make these a separate key in the config file again.
>> + return None;
>> + }
>>
>> - if let Some(node_status) = &node_status {
>> - state = map_node_subscription_list_to_state(node_status);
>> - }
>> + if node_status.is_empty() {
>> + return None;
>> + }
>>
>> - RemoteSubscriptions {
>> + map_node_subscription_list_to_state(node_status)
>> + } else {
>> + RemoteSubscriptionState::Unknown
>> + };
>> +
>> + Some(RemoteSubscriptions {
>> remote: remote_name,
>> error,
>> state,
>> node_status: if verbose { node_status } else { None },
>> - }
>> + })
>> };
>>
>> futures.push(future);
>> }
>>
>> - Ok(join_all(futures).await)
>> + let status = join_all(futures).await.into_iter().flatten().collect();
>> +
>> + Ok(status)
>> }
>>
>> // FIXME: make timeframe and count parameters?
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-11-05 14:10 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-03 12:35 [pdm-devel] [PATCH datacenter-manager v2 00/12] backend implementation for view filters Lukas Wagner
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 01/12] pdm-api-types: views: add ViewFilterConfig type Lukas Wagner
2025-11-05 10:07 ` Dominik Csapak
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 02/12] pdm-config: views: add support for view-filters Lukas Wagner
2025-11-05 10:07 ` Dominik Csapak
2025-11-05 10:37 ` Lukas Wagner
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 03/12] acl: add '/view' and '/view/{view-id}' as allowed ACL paths Lukas Wagner
2025-11-05 10:07 ` Dominik Csapak
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 04/12] views: add implementation for view filters Lukas Wagner
2025-11-05 10:08 ` Dominik Csapak
2025-11-05 10:58 ` Lukas Wagner
2025-11-05 11:48 ` Dominik Csapak
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 05/12] views: add tests for view filter implementation Lukas Wagner
2025-11-05 10:08 ` Dominik Csapak
2025-11-05 10:58 ` Lukas Wagner
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 06/12] api: resources: list: add support for view-filter parameter Lukas Wagner
2025-11-05 10:08 ` Dominik Csapak
2025-11-05 14:56 ` Lukas Wagner
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 07/12] api: resources: top entities: " Lukas Wagner
2025-11-05 10:08 ` Dominik Csapak
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 08/12] api: resources: status: " Lukas Wagner
2025-11-05 10:08 ` Dominik Csapak
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 09/12] api: subscription " Lukas Wagner
2025-11-05 10:08 ` Dominik Csapak
2025-11-05 14:11 ` Lukas Wagner [this message]
2025-11-05 14:28 ` Dominik Csapak
2025-11-05 14:35 ` Lukas Wagner
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 10/12] api: remote-tasks: " Lukas Wagner
2025-11-05 10:09 ` Dominik Csapak
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 11/12] pdm-client: resource list: add " Lukas Wagner
2025-11-05 10:11 ` Dominik Csapak
2025-11-03 12:35 ` [pdm-devel] [PATCH datacenter-manager v2 12/12] pdm-client: top entities: " Lukas Wagner
2025-11-05 10:12 ` Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DE0TLO2UV1VR.2HCAC1IGSFPAE@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox