From: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
To: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH pve-manager 2/4] add permissions management for "local" network zone
Date: Fri, 2 Jun 2023 12:21:15 +0000 [thread overview]
Message-ID: <4e03c5b89c3c7a3b6810bb9f5e4e87e751d3bc4f.camel@groupe-cyllene.com> (raw)
In-Reply-To: <1685703147.w34rasy2o5.astroid@yuna.none>
Le vendredi 02 juin 2023 à 13:39 +0200, Fabian Grünbichler a écrit :
> On May 26, 2023 9:27 am, Alexandre Derumier wrote:
> > add a default virtual zone called 'local' in the ressource tree,
> > and handle permissions like a true sdn zone
> >
> > Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
> > ---
> > PVE/API2/Cluster.pm | 12 ++++++++++++
> > PVE/API2/Network.pm | 5 +++--
> > www/manager6/sdn/ZoneContentView.js | 27
> > ++++++++++++++++++++++++++-
> > 3 files changed, 41 insertions(+), 3 deletions(-)
> >
> > diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
> > index 2e942368..e8f5e06e 100644
> > --- a/PVE/API2/Cluster.pm
> > +++ b/PVE/API2/Cluster.pm
> > @@ -474,6 +474,18 @@ __PACKAGE__->register_method({
> > }
> > }
> >
> > + #add default "local" network zone
> > + foreach my $node (@$nodelist) {
> > + my $local_sdn = {
> > + id => "sdn/$node/local",
> > + sdn => 'local',
> > + node => $node,
> > + type => 'sdn',
> > + status => 'ok',
> > + };
> > + push @$res, $local_sdn;
> > + }
> > +
>
> should this als obe guarded by the type check like below? is there
> anything that ensures that a 'local' zone doesn't already exist as
> regular SDN-managed zone?
I was more thinking to forbid "local" name in sdn code in another
patch,
as sdn it's still in beta anyway, user could still rename zone manually
in cfg.
if not, user will not be able to manage local bridges permissions.
>
> > if ($have_sdn) {
> > if (!$param->{type} || $param->{type} eq 'sdn') {
> >
> > diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm
> > index a43579fa..b3faba1a 100644
> > --- a/PVE/API2/Network.pm
> > +++ b/PVE/API2/Network.pm
> > @@ -209,7 +209,7 @@ __PACKAGE__->register_method({
> > type => {
> > description => "Only list specific interface
> > types.",
> > type => 'string',
> > - enum => [ @$network_type_enum, 'any_bridge' ],
> > + enum => [ @$network_type_enum, 'any_bridge',
> > 'any_local_bridge' ],
> > optional => 1,
> > },
> > },
> > @@ -254,7 +254,8 @@ __PACKAGE__->register_method({
> >
> > for my $k (sort keys $ifaces->%*) {
> > my $type = $ifaces->{$k}->{type};
> > - my $match = $tfilter eq $type || ($tfilter eq
> > 'any_bridge' && ($type eq 'bridge' || $type eq 'OVSBridge'));
> > + my $match = $tfilter eq $type || ($tfilter =~
> > /^any(_local)?_bridge$/ && ($type eq 'bridge' || $type eq
> > 'OVSBridge'));
>
> this line is getting a bit long, maybe it could be reformated or
> refactored?
yes sure.
>
> > +
>
> nit: this blank newline is introduced here and removed in the next
> patch ;)
>
> > delete $ifaces->{$k} if !($match &&
> > $can_access_vnet->($k));
> > }
> >
> > diff --git a/www/manager6/sdn/ZoneContentView.js
> > b/www/manager6/sdn/ZoneContentView.js
> > index 08fa9d81..1a994fc9 100644
> > --- a/www/manager6/sdn/ZoneContentView.js
> > +++ b/www/manager6/sdn/ZoneContentView.js
> > @@ -26,6 +26,9 @@ Ext.define('PVE.sdn.ZoneContentView', {
> > }
> >
> > var baseurl = "/nodes/" + me.nodename + "/sdn/zones/" +
> > me.zone + "/content";
> > + if (me.zone === 'local') {
> > + baseurl = "/nodes/" + me.nodename +
> > "/network?type=any_local_bridge";
> > + }
> > var store = Ext.create('Ext.data.Store', {
> > model: 'pve-sdnzone-content',
> > groupField: 'content',
> > @@ -95,7 +98,29 @@ Ext.define('PVE.sdn.ZoneContentView', {
> > Ext.define('pve-sdnzone-content', {
> > extend: 'Ext.data.Model',
> > fields: [
> > - 'vnet', 'status', 'statusmsg',
> > + {
> > + name: 'iface',
> > + convert: function(value, record) {
> > + //map local vmbr to vnet
> > + if (record.data.iface) {
> > + record.data.vnet = record.data.iface;
> > + }
> > + return value;
> > + },
> > + },
> > + {
> > + name: 'comments',
> > + convert: function(value, record) {
> > + //map local vmbr comments to vnet alias
> > + if (record.data.comments) {
> > + record.data.alias = record.data.comments;
> > + }
> > + return value;
> > + },
> > + },
> > + 'vnet',
> > + 'status',
> > + 'statusmsg',
> > {
> > name: 'text',
> > convert: function(value, record) {
> > --
> > 2.30.2
> >
> >
> > _______________________________________________
> > pve-devel mailing list
> > pve-devel@lists.proxmox.com
> > https://antiphishing.cetsi.fr/proxy/v3?i=Zk92VEFKaGQ4Ums4cnZEUWMTpfHaXFQGRw1_CnOoOH0&r=bHA1dGV3NWJQVUloaWNFUZPu0fK2BfWNnEHaDLDwG0rtDedpluZBIffSL1M5cj3F&f=SlhDbE9uS2laS2JaZFpNWvmsxai1zlJP9llgnl5HIv-4jAji8Dh2BQawzxID5bzr6Uv-3EQd-eluQbsPfcUOTg&u=https%3A//lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel&k=XRKU
> >
> >
> >
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://antiphishing.cetsi.fr/proxy/v3?i=Zk92VEFKaGQ4Ums4cnZEUWMTpfHaXFQGRw1_CnOoOH0&r=bHA1dGV3NWJQVUloaWNFUZPu0fK2BfWNnEHaDLDwG0rtDedpluZBIffSL1M5cj3F&f=SlhDbE9uS2laS2JaZFpNWvmsxai1zlJP9llgnl5HIv-4jAji8Dh2BQawzxID5bzr6Uv-3EQd-eluQbsPfcUOTg&u=https%3A//lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel&k=XRKU
>
next prev parent reply other threads:[~2023-06-02 12:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-26 7:27 [pve-devel] [PATCH pve-manager 0/4] add vnet/localbridge permissions management Alexandre Derumier
2023-05-26 7:27 ` [pve-devel] [PATCH pve-manager 1/4] add vnet permissions panel Alexandre Derumier
2023-05-26 7:27 ` [pve-devel] [PATCH pve-manager 2/4] add permissions management for "local" network zone Alexandre Derumier
2023-06-02 11:39 ` Fabian Grünbichler
2023-06-02 12:21 ` DERUMIER, Alexandre [this message]
2023-06-02 14:18 ` DERUMIER, Alexandre
2023-05-26 7:27 ` [pve-devel] [PATCH pve-manager 3/4] api2: network: check permissions for local bridges Alexandre Derumier
2023-06-02 11:39 ` Fabian Grünbichler
2023-05-26 7:27 ` [pve-devel] [PATCH pve-manager 4/4] api2: network: check vlan " Alexandre Derumier
2023-06-02 11:39 ` Fabian Grünbichler
2023-06-02 12:32 ` DERUMIER, Alexandre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4e03c5b89c3c7a3b6810bb9f5e4e87e751d3bc4f.camel@groupe-cyllene.com \
--to=alexandre.derumier@groupe-cyllene.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox