From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path:
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 7BE35984DC
for ; Wed, 15 Nov 2023 10:37:56 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 63F0A2A08
for ; Wed, 15 Nov 2023 10:37:56 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[94.136.29.106])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS
for ; Wed, 15 Nov 2023 10:37:55 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 65A2A42F1A
for ; Wed, 15 Nov 2023 10:37:55 +0100 (CET)
Message-ID: <0c9cd0e3-fecc-453c-9238-8dc249b0a0d0@proxmox.com>
Date: Wed, 15 Nov 2023 10:37:54 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Fiona Ebner ,
Proxmox VE development discussion
References: <20231114142714.27578-1-p.hufnagl@proxmox.com>
From: Philipp Hufnagl
In-Reply-To:
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results: 0
AWL -0.060 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_SCC_BODY_TEXT_LINE -0.01 -
Subject: Re: [pve-devel] [PATCH storage] fix #5008: prevent adding pbs
storage with invalid namespace
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Wed, 15 Nov 2023 09:37:56 -0000
On 11/15/23 09:31, Fiona Ebner wrote:
> Am 14.11.23 um 15:27 schrieb Philipp Hufnagl:
>> Currently, when adding a PBS storage with a namespace that does not
>> exist, the storage gets added normally, but browsing/using it only
>> returns a cryptic error message.
>>
>> This change checks if the namespace entered when adding is valid and
>> prompts an error if it is not. If no namespace is provided, the storage
>> will be added without error.
>
> Does not fully describe the change: It checks if the namespace is valid
> each time the storage is activated, not just when adding.
>
Sorry. Ill try to elaborate more.
>>
>> Signed-off-by: Philipp Hufnagl
>> ---
>> src/PVE/Storage/PBSPlugin.pm | 21 ++++++++++++++++++++-
>> 1 file changed, 20 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/PVE/Storage/PBSPlugin.pm b/src/PVE/Storage/PBSPlugin.pm
>> index 4320974..aceb2c4 100644
>> --- a/src/PVE/Storage/PBSPlugin.pm
>> +++ b/src/PVE/Storage/PBSPlugin.pm
>> @@ -817,6 +817,17 @@ sub scan_datastores {
>> return $response;
>> }
>>
>> +sub scan_namespaces {
>> + my ($scfg, $datastore, $password) = @_;
>> +
>> + my $conn = pbs_api_connect($scfg, $password);
>
> Not super important, but would be nice to have a way to re-use the same
> connection in scan_datastores() and here, since activate_storage() will
> call both of them.
scan_datastores() seem to be called somewhere else as well. I see if I
can find a way to reuse the connection but not break the code there.
>
>> +
>> + my $namespaces = eval { $conn->get("/api2/json/admin/datastore/$datastore/namespace", {}); };
>> + die "error fetching namespaces - $@" if $@;
>> +
>> + return $namespaces;
>> +}
>> +
>> sub activate_storage {
>> my ($class, $storeid, $scfg, $cache) = @_;
>>
>> @@ -826,10 +837,18 @@ sub activate_storage {
>> die "$storeid: $@" if $@;
>>
>> my $datastore = $scfg->{datastore};
>> + my $namespace = $scfg->{namespace};
>>
>> for my $ds (@$datastores) {
>> if ($ds->{store} eq $datastore) {
>> - return 1;
>> + return 1 if !defined($namespace);
>> + my $namespaces = eval { scan_namespaces($scfg, $datastore, $password) };
>
> Why use eval and ignore the error here? Like that users (and we) won't
> know if the api request or connection failed and just get the error
> message from below about permissions/existence then.
I tried to mimic the behavior from scan_datastores(). Did I make a
mistake there? Is the way of scan_datastores() deprecated or bad practice?
>
>> + for my $ns (@$namespaces) {
>> + if ($ns->{ns} eq $namespace) {
>> + return 1;
>> + }
>> + }
>> + die "$storeid: Cannot find namespace '$namespace', check permissions and existence!\n";
>> }
>> }
>>