From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 872481FF141 for ; Fri, 13 Feb 2026 14:19:43 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2BEE73939; Fri, 13 Feb 2026 14:20:31 +0100 (CET) Content-Type: text/plain; charset=UTF-8 Date: Fri, 13 Feb 2026 14:20:27 +0100 Message-Id: Subject: Re: [PATCH datacenter-manager v3 2/6] server: api: add support to optionally delete token from remote From: "Lukas Wagner" To: "Shan Shaji" , Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 X-Mailer: aerc 0.21.0-0-g5549850facc2-dirty References: <20260211152016.445817-1-s.shaji@proxmox.com> <20260211152016.445817-3-s.shaji@proxmox.com> In-Reply-To: <20260211152016.445817-3-s.shaji@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1770988823994 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.037 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: NL4HD4SZD67CQWSK3ZBWXOYNYIJ6KMV2 X-Message-ID-Hash: NL4HD4SZD67CQWSK3ZBWXOYNYIJ6KMV2 X-MailFrom: l.wagner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hi Shan, thanks for the patch! Some notes inline. On Wed Feb 11, 2026 at 4:20 PM CET, Shan Shaji wrote: > Previously, when removing a remote, the token was still present in the > remote configuration. When users tried to add the remote again, they > received an error because a token with the same name already existed. > To support deleting the token from the remote, add an optional > parameter to the API endpoint. > > Signed-off-by: Shan Shaji > --- > > changes since v2: No changes.=20 > changes since v1: > - nit: inlined the id argument using the format string. > - used `get` instead of `get_mut` inorder to access remote. > - removed unnecessary `&` operator use. > > server/src/api/remotes.rs | 46 +++++++++++++++++++++++++++++++++++++-- > 1 file changed, 44 insertions(+), 2 deletions(-) > > diff --git a/server/src/api/remotes.rs b/server/src/api/remotes.rs > index 298ad13..82b8469 100644 > --- a/server/src/api/remotes.rs > +++ b/server/src/api/remotes.rs > @@ -27,6 +27,7 @@ use crate::api::remote_updates; > use crate::metric_collection; > use crate::{connection, pbs_client}; > =20 > +use super::pbs; > use super::pve; > use super::rrd_common; > use super::rrd_common::DataPoint; > @@ -292,16 +293,57 @@ pub fn update_remote( > input: { > properties: { > id: { schema: REMOTE_ID_SCHEMA }, > + "delete-token": { > + type: bool, > + description: "Optional boolean value to delete the token= from remote.", > + optional: true, You can set 'default: false' and also remove 'type: bool' (since the type is already clear from the handler function signature). Also, I'd slightly rephrase the description to something like: "Remove the API token used by Proxmox Datacenter Manager from the remote" Both, the fact that the value is optional and that it is a bool should be evident from the API schema, so there is no need to mention it again in the description. > + } > }, > }, > access: { > permission: &Permission::Privilege(&["resource"], PRIV_RESOURCE_= MODIFY, false), > }, > )] > -/// List all the remotes this instance is managing. > -pub fn remove_remote(id: String) -> Result<(), Error> { > +/// Remove a remote that this instance is managing. > +pub async fn remove_remote(id: String, delete_token: Option) -> Re= sult<(), Error> { With 'default: false', the parameter just becomes a `bool` instead of `Option` > + let _lock =3D pdm_config::remotes::lock_config()?; > let (mut remotes, _) =3D pdm_config::remotes::config()?; > =20 > + if delete_token.unwrap_or(false) { ... and you can remove this `.unwrap_or(false)` The benefit of setting the default via the schema is that then it is also automatically documented in the API viewer. > + let remote =3D remotes > + .get(&id) > + .ok_or_else(|| http_err!(NOT_FOUND, "no such remote {id:?}")= )?; > + > + let user =3D remote.authid.user(); > + > + let short_delete_err =3D |err: proxmox_client::Error| { > + format_err!("error deleting token: {}", err.source().unwrap_= or(&err)) > + }; Since you copied this helper from `add_remote`, maybe also copy the doc comment from there? Since it somewhat explains why this helper exists in the first place. > + > + let token_name =3D remote > + .authid > + .tokenname() > + .ok_or_else(|| format_err!("Unable to find the token for the= remote {id:?}"))?; > + > + // connect to remote and delete the already existing token. > + match remote.ty { > + RemoteType::Pve =3D> { > + let client =3D pve::connect_or_login(remote).await?; I don't think there is a benefit of using the `_or_login` variant here. It's really only used when initially adding the remote, when one only provides username/password in the wizard.=20 When removing the remote, we should have a token anyways (that we are about to remove) - so rather use `connection::make_{pve,pbs}_client(remote)= ` here. (unless I'm missing something) > + client > + .delete_token(user.as_str(), token_name.as_str()) > + .await > + .map_err(short_delete_err)? > + } > + RemoteType::Pbs =3D> { > + let client =3D pbs::connect_or_login(remote).await?; > + client > + .delete_admin_token(user, token_name.as_str()) > + .await > + .map_err(short_delete_err)? > + } > + }; > + } > + > if remotes.remove(&id).is_none() { > http_bail!(NOT_FOUND, "no such entry {id:?}"); > }