From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 8641D1FF138 for ; Wed, 18 Feb 2026 09:38:29 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 51F831495F; Wed, 18 Feb 2026 09:39:28 +0100 (CET) From: Maximiliano Sandoval To: Shan Shaji Subject: Re: [PATCH datacenter-manager v3 2/6] server: api: add support to optionally delete token from remote In-Reply-To: <20260211152016.445817-3-s.shaji@proxmox.com> (Shan Shaji's message of "Wed, 11 Feb 2026 16:20:11 +0100") References: <20260211152016.445817-1-s.shaji@proxmox.com> <20260211152016.445817-3-s.shaji@proxmox.com> User-Agent: mu4e 1.12.9; emacs 30.1 Date: Wed, 18 Feb 2026 09:38:52 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1771403925404 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.086 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: KTEYXXJKJKW3E5EPRQG3XL7ZJEDCTJ6U X-Message-ID-Hash: KTEYXXJKJKW3E5EPRQG3XL7ZJEDCTJ6U X-MailFrom: m.sandoval@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: pdm-devel@lists.proxmox.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Shan Shaji writes: > Previously, when removing a remote, the token was still present in the > remote configuration. When users tried to add the remote again, they > received an error because a token with the same name already existed. > To support deleting the token from the remote, add an optional > parameter to the API endpoint. > > Signed-off-by: Shan Shaji > --- > > changes since v2: No changes. > changes since v1: > - nit: inlined the id argument using the format string. > - used `get` instead of `get_mut` inorder to access remote. > - removed unnecessary `&` operator use. > > server/src/api/remotes.rs | 46 +++++++++++++++++++++++++++++++++++++-- > 1 file changed, 44 insertions(+), 2 deletions(-) > > diff --git a/server/src/api/remotes.rs b/server/src/api/remotes.rs > index 298ad13..82b8469 100644 > --- a/server/src/api/remotes.rs > +++ b/server/src/api/remotes.rs > @@ -27,6 +27,7 @@ use crate::api::remote_updates; > use crate::metric_collection; > use crate::{connection, pbs_client}; > > +use super::pbs; > use super::pve; > use super::rrd_common; > use super::rrd_common::DataPoint; > @@ -292,16 +293,57 @@ pub fn update_remote( > input: { > properties: { > id: { schema: REMOTE_ID_SCHEMA }, > + "delete-token": { > + type: bool, > + description: "Optional boolean value to delete the token from remote.", Being optional and boolean are already in the schema, please use something along the lines of: - Whether to delete the API token on the remote - If true, deletes the API token on the remote > + optional: true, > + } > }, > }, > access: { > permission: &Permission::Privilege(&["resource"], PRIV_RESOURCE_MODIFY, false), > }, > )] > -/// List all the remotes this instance is managing. > -pub fn remove_remote(id: String) -> Result<(), Error> { > +/// Remove a remote that this instance is managing. > +pub async fn remove_remote(id: String, delete_token: Option) -> Result<(), Error> { > + let _lock = pdm_config::remotes::lock_config()?; > let (mut remotes, _) = pdm_config::remotes::config()?; > > + if delete_token.unwrap_or(false) { > + let remote = remotes > + .get(&id) > + .ok_or_else(|| http_err!(NOT_FOUND, "no such remote {id:?}"))?; > + > + let user = remote.authid.user(); > + > + let short_delete_err = |err: proxmox_client::Error| { > + format_err!("error deleting token: {}", err.source().unwrap_or(&err)) > + }; > + > + let token_name = remote > + .authid > + .tokenname() > + .ok_or_else(|| format_err!("Unable to find the token for the remote {id:?}"))?; > + > + // connect to remote and delete the already existing token. > + match remote.ty { > + RemoteType::Pve => { > + let client = pve::connect_or_login(remote).await?; > + client > + .delete_token(user.as_str(), token_name.as_str()) > + .await > + .map_err(short_delete_err)? > + } > + RemoteType::Pbs => { > + let client = pbs::connect_or_login(remote).await?; > + client > + .delete_admin_token(user, token_name.as_str()) > + .await > + .map_err(short_delete_err)? > + } > + }; > + } > + > if remotes.remove(&id).is_none() { > http_bail!(NOT_FOUND, "no such entry {id:?}"); > } -- Maximiliano