From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 9CD351FF15C
	for <inbox@lore.proxmox.com>; Wed, 22 Jan 2025 14:19:10 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id C0AFA1F282;
	Wed, 22 Jan 2025 14:19:07 +0100 (CET)
Message-ID: <396f29b5-f9f3-47d7-bcf4-6e52c94c60c4@proxmox.com>
Date: Wed, 22 Jan 2025 14:18:33 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Fiona Ebner <f.ebner@proxmox.com>,
 Proxmox VE development discussion <pve-devel@lists.proxmox.com>
References: <20240916163839.236908-1-d.kral@proxmox.com>
 <20240916163839.236908-4-d.kral@proxmox.com>
 <97e9a3eb-0a4c-4fe1-90e9-8f9b2cb78fa7@proxmox.com>
Content-Language: en-US
From: Daniel Kral <d.kral@proxmox.com>
In-Reply-To: <97e9a3eb-0a4c-4fe1-90e9-8f9b2cb78fa7@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.012 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [RFC qemu-server 3/9] fix #5284: move_vm: add check
 if target storage supports vm images
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

On 11/29/24 15:23, Fiona Ebner wrote:
> For issues like these, it's often nice to start out with the fix and put
> bigger refactorings later. Then the fix can already be applied up-front
> while discussing the bigger changes.

ACK, I'll move this in front of the other changes.

> 
> Am 16.09.24 um 18:38 schrieb Daniel Kral:
>> diff --git a/PVE/QemuServer/Helpers.pm b/PVE/QemuServer/Helpers.pm
>> index 9d0f24aa..a5f6b328 100644
>> --- a/PVE/QemuServer/Helpers.pm
>> +++ b/PVE/QemuServer/Helpers.pm
>> @@ -11,6 +11,8 @@ use PVE::ProcFSTools;
>>   
>>   use base 'Exporter';
>>   our @EXPORT_OK = qw(
>> +check_storage_alloc
>> +check_volume_alloc
>>   min_version
>>   config_aware_timeout
>>   parse_number_sets
>> @@ -151,6 +153,50 @@ sub check_volume_content_type : prototype($$) {
>>       return check_storage_content_type($storecfg, $storeid, $vtype);
>>   }
>>   
>> +=head3 check_storage_alloc($rpcenv, $user, $storeid)
>> +
>> +Checks whether the C<$user> has the permissions in the C<$rpcenv> to allocate space in the storage
>> +with the identifier C<$storeid>.
>> +
>> +
>> +If the check fails, the subroutine will C<die> with a permission exception inside the subroutine
>> +L<PVE::RPCEnvironment::check>.
>> +
>> +Returns C<1> if the check is successful.
>> +
>> +=cut
>> +
>> +sub check_storage_alloc : prototype($$$) {
> 
> I'd rather call it assert_storage_alloc_permission
> 
>> +    my ($rpcenv, $user, $storeid) = @_;
>> +
>> +    if (defined($rpcenv) && defined($user)) {
> 
> Should we rather assert these? It should not be called in a context
> where we don't have them. In fact, I'd prefer this to be a private
> helper in the API module directly. But I'm not fully convinced we need a
> helper for this to begin with, the actual code is just two lines (or one
> statement).

I agree with all of your points, I'm also in favor of just dropping the 
helper in general for v2.

> 
>> +	$rpcenv->check($user, "/storage/$storeid", ['Datastore.AllocateSpace'])
>> +	    if $user ne 'root@pam';
>> +    }
>> +
>> +    return 1;
>> +}
>> +
>> +=head3 check_volume_alloc($storecfg, $storeid, $node)
>> +
>> +Checks whether the volume with the identifier C<$volid>, that is defined in C<$storecfg> (which
>> +is typically retrieved with L<PVE::Storage::config>), is enabled an supports volume images.
>> +
>> +If the check fails, it will C<die> with an error message.
>> +
>> +Returns C<1> if the check is successful.
>> +
>> +=cut
>> +
>> +sub check_volume_alloc : prototype($$;$) {
> 
> Again, "assert_" and "_permission"

Hm, why did you choose permission here?

There are no permission checks done here, would be a suffix like 
"_allowed" or "_available" also be fine for you?

> 
> should/could also live in the storage library as it does not depend on
> anything else

ACK

> 
>> +    my ($storecfg, $storeid, $node) = @_;
>> +
>> +    PVE::Storage::storage_check_enabled($storecfg, $storeid, $node);
>> +    check_storage_content_type($storecfg, $storeid);
>> +
>> +    return 1;
>> +}
>> +
>>   sub min_version {
>>       my ($verstr, $major, $minor, $pve) = @_;
>>   
> 



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel