From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 9CD351FF15C for <inbox@lore.proxmox.com>; Wed, 22 Jan 2025 14:19:10 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C0AFA1F282; Wed, 22 Jan 2025 14:19:07 +0100 (CET) Message-ID: <396f29b5-f9f3-47d7-bcf4-6e52c94c60c4@proxmox.com> Date: Wed, 22 Jan 2025 14:18:33 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Fiona Ebner <f.ebner@proxmox.com>, Proxmox VE development discussion <pve-devel@lists.proxmox.com> References: <20240916163839.236908-1-d.kral@proxmox.com> <20240916163839.236908-4-d.kral@proxmox.com> <97e9a3eb-0a4c-4fe1-90e9-8f9b2cb78fa7@proxmox.com> Content-Language: en-US From: Daniel Kral <d.kral@proxmox.com> In-Reply-To: <97e9a3eb-0a4c-4fe1-90e9-8f9b2cb78fa7@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.012 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [RFC qemu-server 3/9] fix #5284: move_vm: add check if target storage supports vm images X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/> List-Post: <mailto:pve-devel@lists.proxmox.com> List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com> On 11/29/24 15:23, Fiona Ebner wrote: > For issues like these, it's often nice to start out with the fix and put > bigger refactorings later. Then the fix can already be applied up-front > while discussing the bigger changes. ACK, I'll move this in front of the other changes. > > Am 16.09.24 um 18:38 schrieb Daniel Kral: >> diff --git a/PVE/QemuServer/Helpers.pm b/PVE/QemuServer/Helpers.pm >> index 9d0f24aa..a5f6b328 100644 >> --- a/PVE/QemuServer/Helpers.pm >> +++ b/PVE/QemuServer/Helpers.pm >> @@ -11,6 +11,8 @@ use PVE::ProcFSTools; >> >> use base 'Exporter'; >> our @EXPORT_OK = qw( >> +check_storage_alloc >> +check_volume_alloc >> min_version >> config_aware_timeout >> parse_number_sets >> @@ -151,6 +153,50 @@ sub check_volume_content_type : prototype($$) { >> return check_storage_content_type($storecfg, $storeid, $vtype); >> } >> >> +=head3 check_storage_alloc($rpcenv, $user, $storeid) >> + >> +Checks whether the C<$user> has the permissions in the C<$rpcenv> to allocate space in the storage >> +with the identifier C<$storeid>. >> + >> + >> +If the check fails, the subroutine will C<die> with a permission exception inside the subroutine >> +L<PVE::RPCEnvironment::check>. >> + >> +Returns C<1> if the check is successful. >> + >> +=cut >> + >> +sub check_storage_alloc : prototype($$$) { > > I'd rather call it assert_storage_alloc_permission > >> + my ($rpcenv, $user, $storeid) = @_; >> + >> + if (defined($rpcenv) && defined($user)) { > > Should we rather assert these? It should not be called in a context > where we don't have them. In fact, I'd prefer this to be a private > helper in the API module directly. But I'm not fully convinced we need a > helper for this to begin with, the actual code is just two lines (or one > statement). I agree with all of your points, I'm also in favor of just dropping the helper in general for v2. > >> + $rpcenv->check($user, "/storage/$storeid", ['Datastore.AllocateSpace']) >> + if $user ne 'root@pam'; >> + } >> + >> + return 1; >> +} >> + >> +=head3 check_volume_alloc($storecfg, $storeid, $node) >> + >> +Checks whether the volume with the identifier C<$volid>, that is defined in C<$storecfg> (which >> +is typically retrieved with L<PVE::Storage::config>), is enabled an supports volume images. >> + >> +If the check fails, it will C<die> with an error message. >> + >> +Returns C<1> if the check is successful. >> + >> +=cut >> + >> +sub check_volume_alloc : prototype($$;$) { > > Again, "assert_" and "_permission" Hm, why did you choose permission here? There are no permission checks done here, would be a suffix like "_allowed" or "_available" also be fine for you? > > should/could also live in the storage library as it does not depend on > anything else ACK > >> + my ($storecfg, $storeid, $node) = @_; >> + >> + PVE::Storage::storage_check_enabled($storecfg, $storeid, $node); >> + check_storage_content_type($storecfg, $storeid); >> + >> + return 1; >> +} >> + >> sub min_version { >> my ($verstr, $major, $minor, $pve) = @_; >> > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel