From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 639EF1FF17E for ; Thu, 13 Nov 2025 17:20:44 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id EFFF622A7E; Thu, 13 Nov 2025 17:20:09 +0100 (CET) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Thu, 13 Nov 2025 17:19:18 +0100 Message-ID: <20251113161926.793020-16-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251113161926.793020-1-s.hanreich@proxmox.com> References: <20251113161926.793020-1-s.hanreich@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.174 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH pve-manager v4 04/10] api: cluster: add support for network resource type X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" pvestatd now broadcasts a new network resource type, instead of the sdn resource type. This commit adds handling for this new network type to the resources endpoint. In order to be able to deal with older nodes, keep support for parsing the old sdn resource type. Upgraded nodes will still broadcast the old format for backwards-compatibility and nodes with this patch applied support handling both formats. With this patch, nodes will check whether a node is sending both formats or only the old one, and parse the resources based on that information. Older nodes will drop the new network resource type, but will still be able to show zones, because the old format still gets broadcast. Newer nodes will take the information from the network store, if available, otherwise fall back to the SDN store. Another reason for keeping the old format around is so we do not break older clients, that rely on the old SDN format - removing it would be a breaking API change. Signed-off-by: Stefan Hanreich --- PVE/API2/Cluster.pm | 106 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 88 insertions(+), 18 deletions(-) diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm index 479803960..eb9ddcc39 100644 --- a/PVE/API2/Cluster.pm +++ b/PVE/API2/Cluster.pm @@ -222,6 +222,32 @@ __PACKAGE__->register_method({ }, }); +my sub can_access_network { + my ($rpcenv, $network) = @_; + my $authuser = $rpcenv->get_user(); + + if ($network->{'network-type'} eq 'fabric') { + return $rpcenv->check_any( + $authuser, + "/sdn/fabrics/$network->{network}", + ['SDN.Audit', 'SDN.Allocate'], + 1, + ); + } elsif ($network->{'network-type'} eq 'zone') { + return $rpcenv->check( + $authuser, + "/sdn/zones/$network->{network}", + ['SDN.Audit'], + 1, + ); + } + + # unknown type, so most likely introduced in a newer + # version - avoid leaking information by suppressing any + # unknown sdn types in the returned array. + return 0; +} + __PACKAGE__->register_method({ name => 'resources', path => 'resources', @@ -251,7 +277,8 @@ __PACKAGE__->register_method({ type => { description => "Resource type.", type => 'string', - enum => ['node', 'storage', 'pool', 'qemu', 'lxc', 'openvz', 'sdn'], + enum => + ['node', 'storage', 'pool', 'qemu', 'lxc', 'openvz', 'sdn', 'network'], }, status => { description => "Resource type dependent status.", @@ -431,6 +458,23 @@ __PACKAGE__->register_method({ optional => 1, default => 0, }, + network => { + description => "The name of a Network entity (for type 'network').", + type => "string", + optional => 1, + }, + 'network-type' => { + description => "The type of network resource (for type 'network').", + type => "string", + enum => ["fabric", "zone"], + optional => 1, + }, + protocol => { + description => + "The protocol of a fabric (for type 'network', network-type 'fabric').", + type => "string", + optional => 1, + }, }, }, }, @@ -584,25 +628,15 @@ __PACKAGE__->register_method({ } if (!$param->{type} || $param->{type} eq 'sdn') { - #add default "localnetwork" zone - if ($rpcenv->check($authuser, "/sdn/zones/localnetwork", ['SDN.Audit'], 1)) { - foreach my $node (@$nodelist) { - my $local_sdn = { - id => "sdn/$node/localnetwork", - sdn => 'localnetwork', - node => $node, - type => 'sdn', - status => 'ok', - }; - push @$res, $local_sdn; - } - } + my $nodes = PVE::Cluster::get_node_kv("sdn"); + my $network_nodes = PVE::Cluster::get_node_kv("network"); - if ($have_sdn) { - my $nodes = PVE::Cluster::get_node_kv("sdn"); + for my $node (sort keys %{$nodes}) { + # host is already sending the new network resource, so ignore + # its sdn resources + next if defined $network_nodes->{$node}; - for my $node (sort keys %{$nodes}) { - my $sdns = decode_json($nodes->{$node}); + my $sdns = decode_json($nodes->{$node}); for my $id (sort keys %{$sdns}) { next if !$rpcenv->check($authuser, "/sdn/zones/$id", ['SDN.Audit'], 1); @@ -620,6 +654,42 @@ __PACKAGE__->register_method({ } } + if (!$param->{type} || $param->{type} eq 'network') { + my $nodes = PVE::Cluster::get_node_kv("network"); + + # add default "localnetwork" zone + if ($rpcenv->check($authuser, "/sdn/zones/localnetwork", ['SDN.Audit'], 1)) { + foreach my $node (@$nodelist) { + my $local_sdn = { + id => "network/$node/zone/localnetwork", + type => 'network', + 'network-type' => 'zone', + network => 'localnetwork', + node => $node, + status => 'ok', + }; + push $res->@*, $local_sdn; + } + } + + for my $node (sort keys $nodes->%*) { + my $node_config = decode_json($nodes->{$node}); + + for my $id (sort keys $node_config->%*) { + my $entry = $node_config->{$id}; + + next if !can_access_network($rpcenv, $entry); + + push $res->@*, + { + "id" => "network/$node/$entry->{'network-type'}/$entry->{network}", + "node" => $node, + $entry->%*, + }; + } + } + } + return $res; }, }); -- 2.47.3 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel