Re: [pve-devel] New API endpoint to manage snippets / bugzilla 2208 / updated patch but missing something, need help

[Laurent GUERBY <laurent@guerby.net>]

On Thu, 2022-04-07 at 12:27 +0200, Patryk Ściborek wrote:
> Hi Guys!
> 
> I'm using Terraform to manage VMs running on Proxmox. I need to be
> able to
> upload snippets with custom cloud-init configuration. Right now I
> have to
> use scp/sftp to upload snippets so I have to use a system account. It
> looks
> that I'm not the only one having this issue:
> https://bugzilla.proxmox.com/show_bug.cgi?id=2208
> 
> So I thought that I could implement a new API endpoint which would
> allow to
> create, read, update and delete snippets so other tools like
> Terraform
> would be able to use it.
> 
> What do you think about this idea?
> 
> Best regards,
> Patryk

Hi,

I've tried to adapt the patch to current PVE 7.1-12 (see below) but I
still get

proxmoxer.core.ResourceException: 501 Not Implemented: upload failed -
{'errors': b''}

When I try to upload a snippet.

My proxmoxer setup works for iso, the following succeeds:

proxmox.nodes(h).storage(s).upload.post(content="iso",filename=f)

But the following fails (f being read "rb" from some xxx.yaml)

proxmox.nodes(h).storage(s).upload.post(content="snippets",filename=f)

Not having snippet upload makes it impossible to use PVE auth realm
tokens to control permissions, you have to give a priviledged system
account to users *just* to be able to do cloud init with a yaml which
is not great security wise (and not practical).

I'm probably missing a few things to have a patch that works, I'm
willing to put some time on it if someone gives me directions.

Thanks!

Sincerely,

Laurent (paying PVE+PBS customer at work)

root@test:/usr/share/perl5# diff -u PVE/Storage.pm{-orig,}
--- PVE/Storage.pm-orig	2022-04-08 09:15:52.443943197 +0200
+++ PVE/Storage.pm	2022-04-08 09:17:23.457073570 +0200
@@ -412,6 +412,15 @@
     return $plugin->get_subdir($scfg, 'iso');
 }
 
+sub get_snippet_dir {
+    my ($cfg, $storeid) = @_;
+
+    my $scfg = storage_config($cfg, $storeid);
+    my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
+
+    return $plugin->get_subdir($scfg, 'snippets');
+}
+
 sub get_vztmpl_dir {
     my ($cfg, $storeid) = @_;
 
root@test:/usr/share/perl5# diff -u ./PVE/API2/Storage/Status.pm{-orig,}
--- ./PVE/API2/Storage/Status.pm-orig	2022-04-08 09:15:43.883836880 +0200
+++ ./PVE/API2/Storage/Status.pm	2022-04-08 10:23:43.914401204 +0200
@@ -381,7 +381,7 @@
 	    content => {
 		description => "Content type.",
 		type => 'string', format => 'pve-storage-content',
-		enum => ['iso', 'vztmpl'],
+		enum => ['iso', 'vztmpl', 'snippets'],
 	    },
 	    filename => {
 		description => "The name of the file to create. Caution: This will be normalized!",
@@ -446,8 +446,10 @@
 		raise_param_exc({ filename => "wrong file extension" });
 	    }
 	    $path = PVE::Storage::get_vztmpl_dir($cfg, $param->{storage});
-	} else {
-	    raise_param_exc({ content => "upload content type '$content' not allowed" });
+	} elsif ($content eq 'snippets') {
+	    $path = PVE::Storage::get_snippet_dir($cfg, $param->{storage});
+        } else {
+            raise_param_exc({ content => "upload content type '$content' not allowed" });
 	}
 
 	die "storage '$param->{storage}' does not support '$content' content\n"
@@ -564,7 +566,7 @@
 	    content => {
 		description => "Content type.", # TODO: could be optional & detected in most cases
 		type => 'string', format => 'pve-storage-content',
-		enum => ['iso', 'vztmpl'],
+		enum => ['iso', 'vztmpl', 'snippets'],
 	    },
 	    filename => {
 		description => "The name of the file to create. Caution: This will be normalized!",
@@ -627,6 +629,8 @@
 		raise_param_exc({ filename => "wrong file extension" });
 	    }
 	    $path = PVE::Storage::get_vztmpl_dir($cfg, $storage);
+	} elsif ($content eq 'snippets') {
+	    $path = PVE::Storage::get_snippet_dir($cfg, $storage);    
 	} else {
 	    raise_param_exc({ content => "upload content-type '$content' is not allowed" });
 	}