From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <d.csapak@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id B4F3FDDF2
 for <pve-devel@lists.proxmox.com>; Tue,  6 Dec 2022 12:06:38 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 9A0882E183
 for <pve-devel@lists.proxmox.com>; Tue,  6 Dec 2022 12:06:38 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Tue,  6 Dec 2022 12:06:36 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id AB28A44DE5
 for <pve-devel@lists.proxmox.com>; Tue,  6 Dec 2022 12:06:36 +0100 (CET)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Tue,  6 Dec 2022 12:06:29 +0100
Message-Id: <20221206110635.1885744-1-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.064 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [jobs.pm, realmsync.pm, accesscontrol.pm, job.pm, plugin.pm]
Subject: [pve-devel] [PATCH access-control/wt/manager v2] add realm sync jobs
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2022 11:06:38 -0000

with this, users now can schedule realm sync jobs, instead of manually
pressing 'sync' or configuring a cronjob for 'pveum realm sync'

the access-control patch needs special care, since i try to sync
independent pve-scheduler calls across the cluster. in my tests here
it worked, but that does not mean i didn't overlook some things.

pve-manager depends on the new access-control and widget-toolkit

i tried to find a way to not add two levels of directories there,
while keeping the suggested 'PVE::API2::AccessControl::Job::RealmSync'
path, but the only other method i saw was to put all the code into
'Job.pm' which felt weird. So we introduce two levels of dirs
to properly split the perl packages.

the first patch of access-control and manager could be applied without
the rest, it clears up the confusion for using the checkboxes
and the realm default

the result is that now the user always gets what he sees when using
the sync window or realm sync job edit and never implicitly falling
back to the realm defaults. If we want that, i can do that and
send a v3 (basically i'd have to add a 'use default' checkbox
for the remove-vanished option)

since PVE::Jobs::Registry lives in pve-common now, there is no
cyclic dependency between manager/access control anymore

changes from v1:
* include thomas suggestions
* add patches to allow 'none' for remove-vanished
* add patch for wt that allows filtering for the realm combobox
* load the default values (if any) from the realm on sync job create,
  but not on edit

pve-access-control:

Dominik Csapak (2):
  realm: sync: allow 'none' for 'remove-vanished' option
  add realmsync plugin for jobs and CRUD api for domainsync-jobs

 src/PVE/API2/AccessControl.pm               |   6 +
 src/PVE/API2/AccessControl/Job.pm           |  47 +++
 src/PVE/API2/AccessControl/Job/Makefile     |   6 +
 src/PVE/API2/AccessControl/Job/RealmSync.pm | 324 ++++++++++++++++++++
 src/PVE/API2/AccessControl/Makefile         |   9 +
 src/PVE/API2/Makefile                       |   4 +
 src/PVE/Auth/Plugin.pm                      |   8 +-
 src/PVE/Jobs/Makefile                       |   6 +
 src/PVE/Jobs/RealmSync.pm                   | 193 ++++++++++++
 src/PVE/Makefile                            |   1 +
 10 files changed, 601 insertions(+), 3 deletions(-)
 create mode 100644 src/PVE/API2/AccessControl/Job.pm
 create mode 100644 src/PVE/API2/AccessControl/Job/Makefile
 create mode 100644 src/PVE/API2/AccessControl/Job/RealmSync.pm
 create mode 100644 src/PVE/API2/AccessControl/Makefile
 create mode 100644 src/PVE/Jobs/Makefile
 create mode 100644 src/PVE/Jobs/RealmSync.pm

proxmox-widget-toolkit:

Dominik Csapak (1):
  RealmComboBox: add custom store filters for callers

 src/form/RealmComboBox.js | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

pve-manager:

Dominik Csapak (3):
  ui: realm: sync: don't use realm defaults for remove-vanished
  Jobs: add RealmSync Plugin and register it
  ui: add Realm Sync panel

 PVE/Jobs.pm                     |   2 +
 www/manager6/Makefile           |   1 +
 www/manager6/dc/Config.js       |   7 +
 www/manager6/dc/RealmSyncJob.js | 380 ++++++++++++++++++++++++++++++++
 www/manager6/dc/SyncWindow.js   |   2 +
 5 files changed, 392 insertions(+)
 create mode 100644 www/manager6/dc/RealmSyncJob.js

-- 
2.30.2