From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 552101FF14F for ; Wed, 17 Jun 2026 18:48:00 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8756D2CF7; Wed, 17 Jun 2026 18:47:58 +0200 (CEST) From: Hannes Laimer To: pve-devel@lists.proxmox.com Subject: [RFC http-server/manager 0/2] add pvesh record subcommand Date: Wed, 17 Jun 2026 18:47:47 +0200 Message-ID: <20260617164749.574759-1-h.laimer@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1781714815019 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.086 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [anyevent.pm,pvesh.pm,pveproxy.pm,requestrecorder.pm] Message-ID-Hash: L6EHQHCTUL6XLKZPNX6AUTXKEG4JNP57 X-Message-ID-Hash: L6EHQHCTUL6XLKZPNX6AUTXKEG4JNP57 X-MailFrom: h.laimer@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Implements a new pvesh subcommand that records the API requests a user makes and prints them as the equivalent `pvesh` commands, e.g. to find the CLI/API equivalent of an action done in the web UI. `pvesh record ` creates a `.req` file under /run/pve-api-record/ containing the user and an `all` flag. The http-server (pveproxy) reads it and appends the matching API requests (including data) to a spool file `.events`. The pvesh process reads those entries, translates them into `pvesh ..` and prints them. By default only writing requests (POST/PUT/DELETE) are recorded, `--all` also includes reads (GET). With the pid of the pvesh process as the identifier, this works with multiple, concurrently running recordings. The pvesh process holds a lock on `.req`, so if it is killed without cleaning up, the http-server can reap the stale files once it can take the lock. This spans two repos: the recording hook in pve-http-server and the `record` command in pve-manager that uses it. Note: recorded parameters are verbatim, so any secret submitted in a request (e.g. a password) appears in the printed commands. Turned out to be really handy for testing things, but i could also see how this could be helpful in getting more familiar with the api in general and having a way to map ui intercations to scriptable api requests. also put pre-build packages on sani(`pvesh-record-rfc/`) pve-http-server: Hannes Laimer (1): apiserver: add opt-in recording of api requests src/Makefile | 1 + src/PVE/APIServer/AnyEvent.pm | 17 +++ src/PVE/APIServer/RequestRecorder.pm | 188 +++++++++++++++++++++++++++ 3 files changed, 206 insertions(+) create mode 100644 src/PVE/APIServer/RequestRecorder.pm pve-manager: Hannes Laimer (1): pvesh: add 'record' subcommand to trace user's API requests PVE/CLI/pvesh.pm | 140 ++++++++++++++++++++++++++++++++++++++++ PVE/Service/pveproxy.pm | 1 + 2 files changed, 141 insertions(+) Summary over all repositories: 5 files changed, 347 insertions(+), 0 deletions(-) -- Generated by murpp 0.12.0