From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 9EBC896C91 for ; Tue, 16 Apr 2024 14:21:28 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 802381A3D2 for ; Tue, 16 Apr 2024 14:20:58 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 16 Apr 2024 14:20:57 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 83B89450BE for ; Tue, 16 Apr 2024 14:20:57 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pve-devel@lists.proxmox.com Date: Tue, 16 Apr 2024 14:20:36 +0200 Message-Id: <20240416122054.733817-2-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240416122054.733817-1-f.gruenbichler@proxmox.com> References: <20240416122054.733817-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.056 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH v2 access-control 1/1] pools: define resource limits X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2024 12:21:28 -0000 and handle them when parsing/writing user.cfg Signed-off-by: Fabian Grünbichler --- Notes: - make limit schema public for pve-guest-common usage src/PVE/AccessControl.pm | 42 +++++++++++++++++++++++++++++++++++++-- src/test/parser_writer.pl | 14 ++++++------- 2 files changed, 47 insertions(+), 9 deletions(-) diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm index 21f93ff..f1863c8 100644 --- a/src/PVE/AccessControl.pm +++ b/src/PVE/AccessControl.pm @@ -72,6 +72,36 @@ sub pve_verify_realm { PVE::Auth::Plugin::pve_verify_realm(@_); } +our $pool_limits_desc = { + "mem-config" => { + type => 'integer', + description => "Sum of memory (in MB) guests in this pools can be configured with.", + optional => 1, + }, + "mem-run" => { + type => 'integer', + description => "Sum of memory (in MB) guests in this pools can be started with.", + optional => 1, + }, + "cpu-config" => { + type => 'integer', + description => "Sum of (virtual) cores guests in this pools can be configured with.", + optional => 1, + }, + "cpu-run" => { + type => 'integer', + description => "Sum of (virtual) cores guests in this pools can be started with.", + optional => 1, + }, +}; + +PVE::JSONSchema::register_format('pve-pool-limits', $pool_limits_desc); +PVE::JSONSchema::register_standard_option('pve-pool-limits', { + type => 'string', + format => $pool_limits_desc, + optional => 1, +}); + # Locking both config files together is only ever allowed in one order: # 1) tfa config # 2) user config @@ -1524,7 +1554,7 @@ sub parse_user_config { warn "user config - ignore invalid path in acl '$pathtxt'\n"; } } elsif ($et eq 'pool') { - my ($pool, $comment, $vmlist, $storelist) = @data; + my ($pool, $comment, $vmlist, $storelist, $limits) = @data; if (!verify_poolname($pool, 1)) { warn "user config - ignore pool '$pool' - invalid characters in pool name\n"; @@ -1575,6 +1605,13 @@ sub parse_user_config { } $cfg->{pools}->{$pool}->{storage}->{$storeid} = 1; } + + if ($limits) { + my $parsed_limits = eval { PVE::JSONSchema::parse_property_string($pool_limits_desc, $limits) }; + warn "Failed to parse pool limits for '$pool' - $@\n" if $@; + + $cfg->{pools}->{$pool}->{limits} = $parsed_limits; + } } elsif ($et eq 'token') { my ($tokenid, $expire, $privsep, $comment) = @data; @@ -1656,7 +1693,8 @@ sub write_user_config { my $vmlist = join (',', sort keys %{$d->{vms}}); my $storelist = join (',', sort keys %{$d->{storage}}); my $comment = $d->{comment} ? PVE::Tools::encode_text($d->{comment}) : ''; - $data .= "pool:$pool:$comment:$vmlist:$storelist:\n"; + my $limits = $d->{limits} ? PVE::JSONSchema::print_property_string($d->{limits}, $pool_limits_desc) : ''; + $data .= "pool:$pool:$comment:$vmlist:$storelist:$limits:\n"; } $data .= "\n"; diff --git a/src/test/parser_writer.pl b/src/test/parser_writer.pl index 80c346b..2e6eb61 100755 --- a/src/test/parser_writer.pl +++ b/src/test/parser_writer.pl @@ -431,12 +431,12 @@ my $default_raw = { 'test_role_privs_invalid' => 'role:testrole:VM.Invalid,Datastore.Audit,VM.Allocate:', }, pools => { - 'test_pool_empty' => 'pool:testpool::::', - 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d:', - 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs:', - 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234::', - 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms::::', - 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs:', + 'test_pool_empty' => 'pool:testpool:::::', + 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d::', + 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs::', + 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234:::', + 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms:::::', + 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs::', }, acl => { 'acl_simple_user' => 'acl:1:/:test@pam:PVEVMAdmin:', @@ -1018,7 +1018,7 @@ my $tests = [ 'user:test@pam:0:0::::::'."\n". 'token:test@pam!test:0:0::'."\n\n". 'group:testgroup:::'."\n\n". - 'pool:testpool::::'."\n\n". + 'pool:testpool:::::'."\n\n". 'role:testrole::'."\n\n", }, ]; -- 2.39.2