From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id B7EC31FF171
	for <inbox@lore.proxmox.com>; Fri, 29 Nov 2024 15:23:43 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 643871AACA;
	Fri, 29 Nov 2024 15:23:42 +0100 (CET)
Message-ID: <97e9a3eb-0a4c-4fe1-90e9-8f9b2cb78fa7@proxmox.com>
Date: Fri, 29 Nov 2024 15:23:38 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Fiona Ebner <f.ebner@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Daniel Kral <d.kral@proxmox.com>
References: <20240916163839.236908-1-d.kral@proxmox.com>
 <20240916163839.236908-4-d.kral@proxmox.com>
Content-Language: en-US
In-Reply-To: <20240916163839.236908-4-d.kral@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.054 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [RFC qemu-server 3/9] fix #5284: move_vm: add check
 if target storage supports vm images
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

For issues like these, it's often nice to start out with the fix and put
bigger refactorings later. Then the fix can already be applied up-front
while discussing the bigger changes.

Am 16.09.24 um 18:38 schrieb Daniel Kral:
> diff --git a/PVE/QemuServer/Helpers.pm b/PVE/QemuServer/Helpers.pm
> index 9d0f24aa..a5f6b328 100644
> --- a/PVE/QemuServer/Helpers.pm
> +++ b/PVE/QemuServer/Helpers.pm
> @@ -11,6 +11,8 @@ use PVE::ProcFSTools;
>  
>  use base 'Exporter';
>  our @EXPORT_OK = qw(
> +check_storage_alloc
> +check_volume_alloc
>  min_version
>  config_aware_timeout
>  parse_number_sets
> @@ -151,6 +153,50 @@ sub check_volume_content_type : prototype($$) {
>      return check_storage_content_type($storecfg, $storeid, $vtype);
>  }
>  
> +=head3 check_storage_alloc($rpcenv, $user, $storeid)
> +
> +Checks whether the C<$user> has the permissions in the C<$rpcenv> to allocate space in the storage
> +with the identifier C<$storeid>.
> +
> +
> +If the check fails, the subroutine will C<die> with a permission exception inside the subroutine
> +L<PVE::RPCEnvironment::check>.
> +
> +Returns C<1> if the check is successful.
> +
> +=cut
> +
> +sub check_storage_alloc : prototype($$$) {

I'd rather call it assert_storage_alloc_permission

> +    my ($rpcenv, $user, $storeid) = @_;
> +
> +    if (defined($rpcenv) && defined($user)) {

Should we rather assert these? It should not be called in a context
where we don't have them. In fact, I'd prefer this to be a private
helper in the API module directly. But I'm not fully convinced we need a
helper for this to begin with, the actual code is just two lines (or one
statement).

> +	$rpcenv->check($user, "/storage/$storeid", ['Datastore.AllocateSpace'])
> +	    if $user ne 'root@pam';
> +    }
> +
> +    return 1;
> +}
> +
> +=head3 check_volume_alloc($storecfg, $storeid, $node)
> +
> +Checks whether the volume with the identifier C<$volid>, that is defined in C<$storecfg> (which
> +is typically retrieved with L<PVE::Storage::config>), is enabled an supports volume images.
> +
> +If the check fails, it will C<die> with an error message.
> +
> +Returns C<1> if the check is successful.
> +
> +=cut
> +
> +sub check_volume_alloc : prototype($$;$) {

Again, "assert_" and "_permission"

should/could also live in the storage library as it does not depend on
anything else

> +    my ($storecfg, $storeid, $node) = @_;
> +
> +    PVE::Storage::storage_check_enabled($storecfg, $storeid, $node);
> +    check_storage_content_type($storecfg, $storeid);
> +
> +    return 1;
> +}
> +
>  sub min_version {
>      my ($verstr, $major, $minor, $pve) = @_;
>  



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel