From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E936E99B32 for ; Thu, 16 Nov 2023 15:09:56 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6088C14E9F for ; Thu, 16 Nov 2023 15:09:26 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 16 Nov 2023 15:09:24 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7024243919 for ; Thu, 16 Nov 2023 15:09:24 +0100 (CET) From: Dominik Csapak To: pve-devel@lists.proxmox.com Date: Thu, 16 Nov 2023 15:09:21 +0100 Message-Id: <20231116140921.3854429-10-d.csapak@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231116140921.3854429-1-d.csapak@proxmox.com> References: <20231116140921.3854429-1-d.csapak@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.017 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH manager v3 1/1] api: add guest profile api endpoint X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2023 14:09:57 -0000 basic CRUD for the profile section config Signed-off-by: Dominik Csapak --- changes from v2: * add type parameter so we can filter the list (useful for the ui) PVE/API2/Cluster.pm | 7 + PVE/API2/Cluster/Makefile | 1 + PVE/API2/Cluster/Profiles.pm | 239 +++++++++++++++++++++++++++++++++++ 3 files changed, 247 insertions(+) create mode 100644 PVE/API2/Cluster/Profiles.pm diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm index 04387ab4..d628df85 100644 --- a/PVE/API2/Cluster.pm +++ b/PVE/API2/Cluster.pm @@ -30,6 +30,7 @@ use PVE::API2::Cluster::Mapping; use PVE::API2::Cluster::Jobs; use PVE::API2::Cluster::MetricServer; use PVE::API2::Cluster::Notifications; +use PVE::API2::Cluster::Profiles; use PVE::API2::ClusterConfig; use PVE::API2::Firewall::Cluster; use PVE::API2::HAConfig; @@ -103,6 +104,11 @@ __PACKAGE__->register_method ({ path => 'mapping', }); +__PACKAGE__->register_method ({ + subclass => "PVE::API2::Cluster::Profiles", + path => 'profiles', +}); + if ($have_sdn) { __PACKAGE__->register_method ({ subclass => "PVE::API2::Network::SDN", @@ -158,6 +164,7 @@ __PACKAGE__->register_method ({ { name => 'notifications' }, { name => 'nextid' }, { name => 'options' }, + { name => 'profiles' }, { name => 'replication' }, { name => 'resources' }, { name => 'status' }, diff --git a/PVE/API2/Cluster/Makefile b/PVE/API2/Cluster/Makefile index b109e5cb..35a3f871 100644 --- a/PVE/API2/Cluster/Makefile +++ b/PVE/API2/Cluster/Makefile @@ -9,6 +9,7 @@ PERLSOURCE= \ MetricServer.pm \ Mapping.pm \ Notifications.pm \ + Profiles.pm \ Jobs.pm \ Ceph.pm diff --git a/PVE/API2/Cluster/Profiles.pm b/PVE/API2/Cluster/Profiles.pm new file mode 100644 index 00000000..1631f4bd --- /dev/null +++ b/PVE/API2/Cluster/Profiles.pm @@ -0,0 +1,239 @@ +package PVE::API2::Cluster::Profiles; + +use warnings; +use strict; + +use PVE::Tools qw(extract_param extract_sensitive_params); +use PVE::Exception qw(raise_perm_exc raise_param_exc); +use PVE::JSONSchema qw(get_standard_option); +use PVE::RPCEnvironment; + +use PVE::Profiles::Plugin; +use PVE::Profiles::VM; +use PVE::Profiles::CT; + +PVE::Profiles::VM->register(); +PVE::Profiles::CT->register(); +PVE::Profiles::Plugin->init(1); + +use PVE::RESTHandler; + +use base qw(PVE::RESTHandler); + +__PACKAGE__->register_method ({ + name => 'profile_index', + path => '', + method => 'GET', + description => "List configured guest profiles.", + permissions => { + user => 'all', + description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or". + " 'Mapping.Audit' permissions on 'mapping/guest-profile/'.", + }, + parameters => { + additionalProperties => 0, + properties => { + type => { + type => 'string', + description => "If set, return only profiles of this type.", + optional => 1, + enum => ['vm', 'ct'], + }, + }, + }, + returns => { + type => 'array', + items => { + type => "object", + properties => { + id => { + description => "The ID of the entry.", + type => 'string' + }, + type => { + description => "Plugin type.", + type => 'string', + }, + }, + }, + links => [ { rel => 'child', href => "{id}" } ], + }, + code => sub { + my ($param) = @_; + + my $rpcenv = PVE::RPCEnvironment::get(); + my $authuser = $rpcenv->get_user(); + + my $res = []; + my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg'); + my $can_see_mapping_privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit']; + + for my $id (sort keys $cfg->{ids}->%*) { + next if !$rpcenv->check_any($authuser, "/mapping/guest-profile/$id", $can_see_mapping_privs, 1); + my $plugin_config = $cfg->{ids}->{$id}; + next if defined($param->{type}) && $plugin_config->{type} ne $param->{type}; + push @$res, { + id => $id, + type => $plugin_config->{type}, + 'profile-description' => $plugin_config->{'profile-description'}, + }; + } + + return $res; + }}); + +__PACKAGE__->register_method ({ + name => 'read', + path => '{id}', + method => 'GET', + description => "Read profile configuration.", + permissions => { + check =>['or', + ['perm', '/mapping/guest-profile/{id}', ['Mapping.Use']], + ['perm', '/mapping/guest-profile/{id}', ['Mapping.Modify']], + ['perm', '/mapping/guest-profile/{id}', ['Mapping.Audit']], + ], + }, + parameters => { + additionalProperties => 0, + properties => { + id => { + type => 'string', + format => 'pve-configid', + }, + }, + }, + returns => { type => 'object' }, + code => sub { + my ($param) = @_; + + my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg'); + my $id = $param->{id}; + + raise_param_exc({id => "no such profile '$id'"}) if !defined($cfg->{ids}->{$id}); + + return $cfg->{ids}->{$id}; + }}); + +__PACKAGE__->register_method ({ + name => 'create', + path => '{id}', + protected => 1, + method => 'POST', + description => "Create a new profile.", + permissions => { + check => ['perm', '/mapping/guest-profile', ['Mapping.Modify']], + }, + parameters => PVE::Profiles::Plugin->createSchema(), + returns => { type => 'null' }, + code => sub { + my ($param) = @_; + + my $type = extract_param($param, 'type'); + my $plugin = PVE::Profiles::Plugin->lookup($type); + my $id = extract_param($param, 'id'); + + PVE::Cluster::cfs_lock_file('virtual-guest/profiles.cfg', undef, sub { + my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg'); + + raise_param_exc({id => "Profile '$id' already exists"}) + if $cfg->{ids}->{$id}; + + my $opts = $plugin->check_config($id, $param, 1, 1); + + $cfg->{ids}->{$id} = $opts; + + PVE::Cluster::cfs_write_file('virtual-guest/profiles.cfg', $cfg); + }); + die $@ if $@; + + return; + }}); + + +__PACKAGE__->register_method ({ + name => 'update', + protected => 1, + path => '{id}', + method => 'PUT', + description => "Update profile configuration.", + permissions => { + check => ['perm', '/mapping/guest-profile/{id}', ['Mapping.Modify']], + }, + parameters => PVE::Profiles::Plugin->updateSchema(), + returns => { type => 'null' }, + code => sub { + my ($param) = @_; + + my $id = extract_param($param, 'id'); + my $type = extract_param($param, 'type'); + my $digest = extract_param($param, 'digest'); + my $delete = extract_param($param, 'delete'); + + if ($delete) { + $delete = [PVE::Tools::split_list($delete)]; + } + + PVE::Cluster::cfs_lock_file('virtual-guest/profiles.cfg', undef, sub { + my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg'); + + PVE::SectionConfig::assert_if_modified($cfg, $digest); + + my $data = $cfg->{ids}->{$id}; + raise_param_exc({id => "no such profile '$id'"}) if !defined($data); + raise_param_exc({type => "wrong type '$type"}) if $type ne $data->{type}; + + my $plugin = PVE::Profiles::Plugin->lookup($data->{type}); + my $opts = $plugin->check_config($id, $param, 0, 1); + + my $options = $plugin->private()->{options}->{$data->{type}}; + PVE::SectionConfig::delete_from_config($data, $options, $opts, $delete); + + $data->{$_} = $opts->{$_} for keys $opts->%*; + + PVE::Cluster::cfs_write_file('virtual-guest/profiles.cfg', $cfg); + }); + die $@ if $@; + + return; + }}); + +__PACKAGE__->register_method ({ + name => 'delete', + protected => 1, + path => '{id}', + method => 'DELETE', + description => "Remove profile.", + permissions => { + check => [ 'perm', '/mapping/guest-profile', ['Mapping.Modify']], + }, + parameters => { + additionalProperties => 0, + properties => { + id => { + type => 'string', + format => 'pve-configid', + }, + } + }, + returns => { type => 'null' }, + code => sub { + my ($param) = @_; + + my $id = $param->{id}; + + PVE::Cluster::cfs_lock_file('virtual-guest/profiles.cfg', undef, sub { + my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg'); + + if ($cfg->{ids}->{$id}) { + delete $cfg->{ids}->{$id}; + } + + PVE::Cluster::cfs_write_file('virtual-guest/profiles.cfg', $cfg); + }); + die $@ if $@; + + return; + }}); + +1; -- 2.30.2