From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7BE35984DC for ; Wed, 15 Nov 2023 10:37:56 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 63F0A2A08 for ; Wed, 15 Nov 2023 10:37:56 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 15 Nov 2023 10:37:55 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 65A2A42F1A for ; Wed, 15 Nov 2023 10:37:55 +0100 (CET) Message-ID: <0c9cd0e3-fecc-453c-9238-8dc249b0a0d0@proxmox.com> Date: Wed, 15 Nov 2023 10:37:54 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Fiona Ebner , Proxmox VE development discussion References: <20231114142714.27578-1-p.hufnagl@proxmox.com> From: Philipp Hufnagl In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.060 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pve-devel] [PATCH storage] fix #5008: prevent adding pbs storage with invalid namespace X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2023 09:37:56 -0000 On 11/15/23 09:31, Fiona Ebner wrote: > Am 14.11.23 um 15:27 schrieb Philipp Hufnagl: >> Currently, when adding a PBS storage with a namespace that does not >> exist, the storage gets added normally, but browsing/using it only >> returns a cryptic error message. >> >> This change checks if the namespace entered when adding is valid and >> prompts an error if it is not. If no namespace is provided, the storage >> will be added without error. > > Does not fully describe the change: It checks if the namespace is valid > each time the storage is activated, not just when adding. > Sorry. Ill try to elaborate more. >> >> Signed-off-by: Philipp Hufnagl >> --- >> src/PVE/Storage/PBSPlugin.pm | 21 ++++++++++++++++++++- >> 1 file changed, 20 insertions(+), 1 deletion(-) >> >> diff --git a/src/PVE/Storage/PBSPlugin.pm b/src/PVE/Storage/PBSPlugin.pm >> index 4320974..aceb2c4 100644 >> --- a/src/PVE/Storage/PBSPlugin.pm >> +++ b/src/PVE/Storage/PBSPlugin.pm >> @@ -817,6 +817,17 @@ sub scan_datastores { >> return $response; >> } >> >> +sub scan_namespaces { >> + my ($scfg, $datastore, $password) = @_; >> + >> + my $conn = pbs_api_connect($scfg, $password); > > Not super important, but would be nice to have a way to re-use the same > connection in scan_datastores() and here, since activate_storage() will > call both of them. scan_datastores() seem to be called somewhere else as well. I see if I can find a way to reuse the connection but not break the code there. > >> + >> + my $namespaces = eval { $conn->get("/api2/json/admin/datastore/$datastore/namespace", {}); }; >> + die "error fetching namespaces - $@" if $@; >> + >> + return $namespaces; >> +} >> + >> sub activate_storage { >> my ($class, $storeid, $scfg, $cache) = @_; >> >> @@ -826,10 +837,18 @@ sub activate_storage { >> die "$storeid: $@" if $@; >> >> my $datastore = $scfg->{datastore}; >> + my $namespace = $scfg->{namespace}; >> >> for my $ds (@$datastores) { >> if ($ds->{store} eq $datastore) { >> - return 1; >> + return 1 if !defined($namespace); >> + my $namespaces = eval { scan_namespaces($scfg, $datastore, $password) }; > > Why use eval and ignore the error here? Like that users (and we) won't > know if the api request or connection failed and just get the error > message from below about permissions/existence then. I tried to mimic the behavior from scan_datastores(). Did I make a mistake there? Is the way of scan_datastores() deprecated or bad practice? > >> + for my $ns (@$namespaces) { >> + if ($ns->{ns} eq $namespace) { >> + return 1; >> + } >> + } >> + die "$storeid: Cannot find namespace '$namespace', check permissions and existence!\n"; >> } >> } >>