From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 25C391FF183 for ; Wed, 30 Jul 2025 20:02:04 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1E17B17690; Wed, 30 Jul 2025 20:01:31 +0200 (CEST) From: Daniel Kral To: pve-devel@lists.proxmox.com Date: Wed, 30 Jul 2025 19:59:47 +0200 Message-ID: <20250730175957.386674-21-d.kral@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250730175957.386674-1-d.kral@proxmox.com> References: <20250730175957.386674-1-d.kral@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1753898389514 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.014 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [RFC ha-manager v5 20/23] api: groups: disallow calls to ha groups endpoints if fully migrated X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Disallow calls to the HA groups API endpoints as soon as the HA groups config has been migrated (i.e. no entries or deleted), because HA groups are deprecated and new users are pushed to use the new HA rules feature instead. Signed-off-by: Daniel Kral --- should we die for the reading api endpoints here? src/PVE/API2/HA/Groups.pm | 25 ++++++++++++++++++++----- src/PVE/HA/Config.pm | 9 +++++++++ 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/src/PVE/API2/HA/Groups.pm b/src/PVE/API2/HA/Groups.pm index 32350df9..4412d542 100644 --- a/src/PVE/API2/HA/Groups.pm +++ b/src/PVE/API2/HA/Groups.pm @@ -36,7 +36,7 @@ __PACKAGE__->register_method({ name => 'index', path => '', method => 'GET', - description => "Get HA groups.", + description => "Get HA groups. (deprecated in favor of HA rules)", permissions => { check => ['perm', '/', ['Sys.Audit']], }, @@ -57,6 +57,9 @@ __PACKAGE__->register_method({ my $cfg = PVE::HA::Config::read_group_config(); + die "cannot index groups: ha groups have been migrated to rules\n" + if PVE::HA::Config::have_groups_been_migrated($cfg); + my $res = []; foreach my $group (keys %{ $cfg->{ids} }) { my $scfg = &$api_copy_config($cfg, $group); @@ -72,7 +75,7 @@ __PACKAGE__->register_method({ name => 'read', path => '{group}', method => 'GET', - description => "Read ha group configuration.", + description => "Read ha group configuration. (deprecated in favor of HA rules)", permissions => { check => ['perm', '/', ['Sys.Audit']], }, @@ -91,6 +94,9 @@ __PACKAGE__->register_method({ my $cfg = PVE::HA::Config::read_group_config(); + die "cannot read group: ha groups have been migrated to rules\n" + if PVE::HA::Config::have_groups_been_migrated($cfg); + return &$api_copy_config($cfg, $param->{group}); }, }); @@ -100,7 +106,7 @@ __PACKAGE__->register_method({ protected => 1, path => '', method => 'POST', - description => "Create a new HA group.", + description => "Create a new HA group. (deprecated in favor of HA rules)", permissions => { check => ['perm', '/', ['Sys.Console']], }, @@ -109,6 +115,9 @@ __PACKAGE__->register_method({ code => sub { my ($param) = @_; + die "cannot create group: ha groups have been migrated to rules\n" + if PVE::HA::Config::have_groups_been_migrated(); + # create /etc/pve/ha directory PVE::Cluster::check_cfs_quorum(); mkdir("/etc/pve/ha"); @@ -151,7 +160,7 @@ __PACKAGE__->register_method({ protected => 1, path => '{group}', method => 'PUT', - description => "Update ha group configuration.", + description => "Update ha group configuration. (deprecated in favor of HA rules)", permissions => { check => ['perm', '/', ['Sys.Console']], }, @@ -160,6 +169,9 @@ __PACKAGE__->register_method({ code => sub { my ($param) = @_; + die "cannot update group: ha groups have been migrated to rules\n" + if PVE::HA::Config::have_groups_been_migrated(); + my $digest = extract_param($param, 'digest'); my $delete = extract_param($param, 'delete'); @@ -216,7 +228,7 @@ __PACKAGE__->register_method({ protected => 1, path => '{group}', method => 'DELETE', - description => "Delete ha group configuration.", + description => "Delete ha group configuration. (deprecated in favor of HA rules)", permissions => { check => ['perm', '/', ['Sys.Console']], }, @@ -233,6 +245,9 @@ __PACKAGE__->register_method({ code => sub { my ($param) = @_; + die "cannot delete group: ha groups have been migrated to rules\n" + if PVE::HA::Config::have_groups_been_migrated(); + my $group = extract_param($param, 'group'); PVE::HA::Config::lock_ha_domain( diff --git a/src/PVE/HA/Config.pm b/src/PVE/HA/Config.pm index 92d04443..5faa557b 100644 --- a/src/PVE/HA/Config.pm +++ b/src/PVE/HA/Config.pm @@ -234,6 +234,15 @@ sub read_group_config { return cfs_read_file($ha_groups_config); } +sub have_groups_been_migrated { + my ($groups) = @_; + + $groups = read_group_config() if !$groups; + + return 1 if !$groups; + return keys $groups->{ids}->%* < 1; +} + sub delete_group_config { unlink "/etc/pve/$ha_groups_config" or die "failed to remove group config: $!\n"; -- 2.47.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel