From: Stefan Hanreich <s.hanreich@proxmox.com>
To: Thomas Lamprecht <t.lamprecht@proxmox.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH pve-firewall 10/15] api: add vnet endpoints
Date: Fri, 4 Oct 2024 17:36:31 +0200 [thread overview]
Message-ID: <6ca59f85-6e36-4cc8-b75f-df6d760818e3@proxmox.com> (raw)
In-Reply-To: <a55cfa6e-b332-474a-81df-da982136a6cd@proxmox.com>
On 9/26/24 08:37, Thomas Lamprecht wrote:
> I'd prefer a _hook suffix for such a method for slightly added clarity.
>
> And FWIW, if all you do now is check privileges, and there's nothing you already
> know that's gonna get added here soon, you could just name it after what it does
> and avoid being all to generic, i.e. something like
>
> sub assert_privs_for_method
Thats's probably the better approach for naming this function, since I
don't have any future additions in mind.
>> +my $option_properties = $PVE::Firewall::vnet_option_properties;
>
> might need a clone to avoid modifying the original reference I think
Yes, I think we never write to it - but accidents happen and better safe
than sorry. Might make sense to also do this in the other API modules as
well in a separate patch then.
> Hmm, I'm wondering might it make sense to add a SDN.Firewall privilege to separate
> allowing VNet allocation and allowing to configure a VNet's firewall?
> While adding privs is a bit tricky, this one might be dooable later one too though.
>
> But whatever gets chosen should then be also addressed in a commit message with some
> background reasoning (if it's already then I might have overlooked, I did not checked
> every all too closely yet).
Initial reasoning was that there's not really a privilege like that for
DC / Host / Guests, where it is always tied to the networking permissions.
Maybe it would make sense to create a completely separate Firewall
permission that is then also used for DC / Host / Guests? Of course this
could only happen in the next major release.
Thanks for the review!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-10-04 15:36 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-11 9:31 [pve-devel] [RFC firewall/manager/network/proxmox{-ve-rs, -firewall} 00/15] add forward chain firewalling for hosts and bridges Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH proxmox-ve-rs 01/15] cargo: bump dependencies Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH proxmox-ve-rs 02/15] firewall: add forward direction Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH proxmox-ve-rs 03/15] firewall: add bridge firewall config parser Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH proxmox-ve-rs 04/15] host: add struct representing bridge names Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH proxmox-firewall 05/15] sdn: add support for loading vnet-level firewall config Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH proxmox-firewall 06/15] sdn: create forward firewall rules Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH proxmox-firewall 07/15] use std::mem::take over drain() Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH proxmox-firewall 08/15] cargo: bump dependencies Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH pve-firewall 09/15] sdn: add vnet firewall configuration Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH pve-firewall 10/15] api: add vnet endpoints Stefan Hanreich
2024-09-26 6:37 ` Thomas Lamprecht
2024-10-04 15:36 ` Stefan Hanreich [this message]
2024-09-11 9:31 ` [pve-devel] [PATCH pve-manager 11/15] firewall: add forward direction to rule panel Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH pve-manager 12/15] firewall: add vnet to firewall options component Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH pve-manager 13/15] firewall: make base_url dynamically configurable in " Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH pve-manager 14/15] sdn: add firewall panel Stefan Hanreich
2024-09-11 9:31 ` [pve-devel] [PATCH pve-network 15/15] firewall: add endpoints for vnet-level firewall Stefan Hanreich
2024-09-11 12:31 ` [pve-devel] [RFC firewall/manager/network/proxmox{-ve-rs, -firewall} 00/15] add forward chain firewalling for hosts and bridges Stefan Hanreich
2024-09-11 15:22 ` Gabriel Goller
2024-10-10 16:00 ` Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6ca59f85-6e36-4cc8-b75f-df6d760818e3@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=t.lamprecht@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox