From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 6A27B1FF165 for ; Thu, 22 May 2025 18:24:23 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 70A38B6E4; Thu, 22 May 2025 18:18:53 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Thu, 22 May 2025 18:17:26 +0200 Message-Id: <20250522161731.537011-71-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250522161731.537011-1-s.hanreich@proxmox.com> References: <20250522161731.537011-1-s.hanreich@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.219 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH pve-manager v3 15/18] api: network: add include_sdn / fabric type X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" In order to be able to show SDN networks in the network selector dropdowns, we introduce a new type ('include_sdn') to the API endpoint that lists network interfaces of a node. The return value for existing parameters stays unchanged to preserve backwards-compatibility. Callers have to explicitly pass the new type if they want SDN networks included in the response as well. Only fabrics for which the current user has any SDN permission (Audit/Use/Modify) are listed. There is also a new type that only lists fabrics ('fabric'), which works analogous to the current type filters. There was a separate type for vnets as well, that is not used anywhere but was defunct due to a missing check in the endpoint. This has now been fixed and supplying vnet as the type should now only return vnets. This commit is preparation for integrating the fabrics with several parts in the UI, such as the Ceph installation wizard and the migration settings, which use the pveNetworkSelector component that uses this endpoint to query available network interfaces. Signed-off-by: Stefan Hanreich --- PVE/API2/Network.pm | 41 ++++++++++++++++++++++++++++++++--------- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm index 2ff729f7a..944c1a068 100644 --- a/PVE/API2/Network.pm +++ b/PVE/API2/Network.pm @@ -37,7 +37,7 @@ my $bond_mode_enum = [ 'lacp-balance-tcp', # OVS ]; -my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan', +my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan', 'fabric', 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort', 'vnet']; my $confdesc = { @@ -214,7 +214,7 @@ __PACKAGE__->register_method({ type => { description => "Only list specific interface types.", type => 'string', - enum => [ @$network_type_enum, 'any_bridge', 'any_local_bridge' ], + enum => [ @$network_type_enum, 'any_bridge', 'any_local_bridge', 'include_sdn' ], optional => 1, }, }, @@ -363,22 +363,45 @@ __PACKAGE__->register_method({ if (my $tfilter = $param->{type}) { my $vnets; + my $fabrics; - if ($have_sdn && $tfilter eq 'any_bridge') { + if ($have_sdn && $tfilter =~ /^(any_bridge|include_sdn|vnet)$/) { $vnets = PVE::Network::SDN::get_local_vnets(); # returns already access-filtered } - for my $k (sort keys $ifaces->%*) { - my $type = $ifaces->{$k}->{type}; - my $is_bridge = $type eq 'bridge' || $type eq 'OVSBridge'; - my $bridge_match = $is_bridge && $tfilter =~ /^any(_local)?_bridge$/; - my $match = $tfilter eq $type || $bridge_match; - delete $ifaces->{$k} if !$match; + if ($have_sdn && $tfilter =~ /^(include_sdn|fabric)$/) { + my $local_node = PVE::INotify::nodename(); + + $fabrics = PVE::Network::SDN::Fabrics::config(1) + ->get_interfaces_for_node($local_node); + } + + if ($tfilter ne 'include_sdn') { + for my $k (sort keys $ifaces->%*) { + my $type = $ifaces->{$k}->{type}; + my $is_bridge = $type eq 'bridge' || $type eq 'OVSBridge'; + my $bridge_match = $is_bridge && $tfilter =~ /^any(_local)?_bridge$/; + my $match = $tfilter eq $type || $bridge_match; + delete $ifaces->{$k} if !$match; + } } if (defined($vnets)) { $ifaces->{$_} = $vnets->{$_} for keys $vnets->%* } + + if (defined($fabrics)) { + for my $fabric_id (keys %$fabrics) { + next if !$rpcenv->check_any( + $authuser, + "/sdn/fabrics/$fabric_id", + ['SDN.Audit', 'SDN.Use', 'SDN.Allocate'], + 1 + ); + + $ifaces->{$fabric_id} = $fabrics->{$fabric_id}; + } + } } #always check bridge access -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel