From: Fiona Ebner <f.ebner@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Philipp Hufnagl <p.hufnagl@proxmox.com>
Subject: Re: [pve-devel] [PATCH storage] fix #5008: prevent adding pbs storage with invalid namespace
Date: Wed, 15 Nov 2023 09:31:06 +0100 [thread overview]
Message-ID: <a3e7c9cc-50f8-448f-b5d4-e6178933f03d@proxmox.com> (raw)
In-Reply-To: <20231114142714.27578-1-p.hufnagl@proxmox.com>
Am 14.11.23 um 15:27 schrieb Philipp Hufnagl:
> Currently, when adding a PBS storage with a namespace that does not
> exist, the storage gets added normally, but browsing/using it only
> returns a cryptic error message.
>
> This change checks if the namespace entered when adding is valid and
> prompts an error if it is not. If no namespace is provided, the storage
> will be added without error.
Does not fully describe the change: It checks if the namespace is valid
each time the storage is activated, not just when adding.
>
> Signed-off-by: Philipp Hufnagl <p.hufnagl@proxmox.com>
> ---
> src/PVE/Storage/PBSPlugin.pm | 21 ++++++++++++++++++++-
> 1 file changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/src/PVE/Storage/PBSPlugin.pm b/src/PVE/Storage/PBSPlugin.pm
> index 4320974..aceb2c4 100644
> --- a/src/PVE/Storage/PBSPlugin.pm
> +++ b/src/PVE/Storage/PBSPlugin.pm
> @@ -817,6 +817,17 @@ sub scan_datastores {
> return $response;
> }
>
> +sub scan_namespaces {
> + my ($scfg, $datastore, $password) = @_;
> +
> + my $conn = pbs_api_connect($scfg, $password);
Not super important, but would be nice to have a way to re-use the same
connection in scan_datastores() and here, since activate_storage() will
call both of them.
> +
> + my $namespaces = eval { $conn->get("/api2/json/admin/datastore/$datastore/namespace", {}); };
> + die "error fetching namespaces - $@" if $@;
> +
> + return $namespaces;
> +}
> +
> sub activate_storage {
> my ($class, $storeid, $scfg, $cache) = @_;
>
> @@ -826,10 +837,18 @@ sub activate_storage {
> die "$storeid: $@" if $@;
>
> my $datastore = $scfg->{datastore};
> + my $namespace = $scfg->{namespace};
>
> for my $ds (@$datastores) {
> if ($ds->{store} eq $datastore) {
> - return 1;
> + return 1 if !defined($namespace);
> + my $namespaces = eval { scan_namespaces($scfg, $datastore, $password) };
Why use eval and ignore the error here? Like that users (and we) won't
know if the api request or connection failed and just get the error
message from below about permissions/existence then.
> + for my $ns (@$namespaces) {
> + if ($ns->{ns} eq $namespace) {
> + return 1;
> + }
> + }
> + die "$storeid: Cannot find namespace '$namespace', check permissions and existence!\n";
> }
> }
>
next prev parent reply other threads:[~2023-11-15 8:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-14 14:27 Philipp Hufnagl
2023-11-15 8:31 ` Fiona Ebner [this message]
2023-11-15 9:37 ` Philipp Hufnagl
2023-11-15 9:52 ` Thomas Lamprecht
2023-11-15 10:05 ` Philipp Hufnagl
2023-11-15 10:09 ` Thomas Lamprecht
2023-11-15 10:40 ` Philipp Hufnagl
2023-11-15 10:01 ` Fiona Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a3e7c9cc-50f8-448f-b5d4-e6178933f03d@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=p.hufnagl@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox