From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Jona Draaijer <jcdra1@gmail.com>
Subject: Re: [pve-devel] GET /access/users/{userid} has parameter 'tokens' with 'additionalProperties' containing object definition
Date: Tue, 2 Apr 2024 10:00:54 +0200 [thread overview]
Message-ID: <6jguudqs2dyv265k2pp3nxpwc7i7sxxnnh7ad6cm25zqzu6en6@4pnlwhtkyvkm> (raw)
In-Reply-To: <491134625.3322.1712042877345@webmail.proxmox.com>
On Tue, Apr 02, 2024 at 09:27:57AM +0200, Fabian Grünbichler wrote:
>
> > Jona Draaijer via pve-devel <pve-devel@lists.proxmox.com> hat am 01.04.2024 22:00 CEST geschrieben:
> > Hi,
> >
> > As per the title, that endpoint has an additionalProperties value that is
> > not a bool, but rather an object definition. (It's defined in
> > pve-access-control/src/PVE/API2/User.pm).
> >
> > As far as I can tell, all other 'additionalProperties' are bools. Does
> > anyone know why this specific one is different, or if this difference is
> > intentional?
>
> I think this was just an accident.
>
> > From the looks of it it seems like it's used as a "we need this standard
> > option, but also have to make it optional". I am still quite new to perl,
> > so I don't know if there is a way to do what was intended.
>
> My guess is the intent was to have
>
> tokens => get_standard_option('token-info', { optional => 1 }),
>
> instead, @Wolfgang?
The `token-info` standard option defines the structure of a single
token, which is a hash containing `expire`, `privsep` and `comment`.
If we map `tokens` to that, then `tokens` would be exactly one token.
The returned `tokens` value is a hash mapping token names to their info,
like:
"tokens" : {
"first" : {
"expire" : 0,
"privsep" : 1
},
"second" : {
"expire" : 0,
"privsep" : 1
}
}
So, each value inside the `tokens` object has the `token-info` schema.
Most other API calls seem to return an array with the id merged into it
as "tokenid", but this call did it this way from the beginning...
But yes, we don't *usually* do this, but our JSON schema validator
supported this and the API call was added like this originally, so
declaring its schema this way was easier.
You can see the definition in the JSON schema spec[1]. Note that `true`
and `false` are not explicitly mentioned there, as these values are
themselves considered schemas that "produce themselves as assertion
results"[2].
Also note that our schema isn't fully compliant with the spec
(for instance we declare required vs optional fields differently), but
at least feature-wise we do try to stick to keeping it a subset of it
(with the occasional weirdness-extension to deal with legacy cruft such
as how you can use the *value* of the *model* property as a *key* to
declare the mac address in a network interface for a VM's network
device... please don't :-) )
[1] https://json-schema.org/draft/2020-12/json-schema-core#section-10.3.2.3
[2] https://json-schema.org/draft/2020-12/json-schema-core#section-4.3.2
prev parent reply other threads:[~2024-04-02 8:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.784.1712001709.434.pve-devel@lists.proxmox.com>
2024-04-02 7:27 ` Fabian Grünbichler
2024-04-02 8:00 ` Wolfgang Bumiller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6jguudqs2dyv265k2pp3nxpwc7i7sxxnnh7ad6cm25zqzu6en6@4pnlwhtkyvkm \
--to=w.bumiller@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=jcdra1@gmail.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox