* [pve-devel] [PATCH qemu-server] feature #3937: config: store user in meta property
@ 2023-02-13 10:24 Leo Nunner
2023-02-14 9:41 ` Thomas Lamprecht
0 siblings, 1 reply; 3+ messages in thread
From: Leo Nunner @ 2023-02-13 10:24 UTC (permalink / raw)
To: pve-devel
Adds a field to the "meta" config property which stores the user who
created the VM.
Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
---
PVE/QemuServer.pm | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index a0e16dc..28ed8e7 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -281,6 +281,11 @@ my $meta_info_fmt = {
pattern => '\d+(\.\d+)+',
optional => 1,
},
+ 'user' => {
+ type => 'string',
+ description => "The user who created the VM.",
+ optional => 1,
+ },
};
my $confdesc = {
@@ -2184,10 +2189,13 @@ sub parse_meta_info {
sub new_meta_info_string {
my () = @_; # for now do not allow to override any value
+ my $rpcenv = PVE::RPCEnvironment->get();
+
return PVE::JSONSchema::print_property_string(
{
'creation-qemu' => kvm_user_version(),
ctime => "". int(time()),
+ user => $rpcenv->get_user(),
},
$meta_info_fmt
);
--
2.30.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [pve-devel] [PATCH qemu-server] feature #3937: config: store user in meta property
2023-02-13 10:24 [pve-devel] [PATCH qemu-server] feature #3937: config: store user in meta property Leo Nunner
@ 2023-02-14 9:41 ` Thomas Lamprecht
2023-02-15 9:05 ` Leo Nunner
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Lamprecht @ 2023-02-14 9:41 UTC (permalink / raw)
To: Proxmox VE development discussion, Leo Nunner
On 13/02/2023 11:24, Leo Nunner wrote:
> Adds a field to the "meta" config property which stores the user who
> created the VM.
Should also get this finally added to CTs, I know it's a bit unfair to
add the burden to this patch series, but otherwise we might never add
it..
>
> Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
> ---
> PVE/QemuServer.pm | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
> index a0e16dc..28ed8e7 100644
> --- a/PVE/QemuServer.pm
> +++ b/PVE/QemuServer.pm
> @@ -281,6 +281,11 @@ my $meta_info_fmt = {
> pattern => '\d+(\.\d+)+',
> optional => 1,
> },
> + 'user' => {
It adds a bit of property length, but it might be good to follow the other
properties and use a bit more self-explanatory 'creation-user' here?
I mean, I don't hope that we add to much properties here, but in retrospect
the property name "meta" might have been a bit to general, something like
"creation-env" could have been a better choice - but as said, I still
hope that we don't add to much there anyway.
otoh, maybe this is even "to much" for such a thing, a dedicated audit log
might be better in general? (I got that with some rough planning on our
internal wiki)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [pve-devel] [PATCH qemu-server] feature #3937: config: store user in meta property
2023-02-14 9:41 ` Thomas Lamprecht
@ 2023-02-15 9:05 ` Leo Nunner
0 siblings, 0 replies; 3+ messages in thread
From: Leo Nunner @ 2023-02-15 9:05 UTC (permalink / raw)
To: Thomas Lamprecht, Proxmox VE development discussion
On 2023-02-14 10:41, Thomas Lamprecht wrote:
> On 13/02/2023 11:24, Leo Nunner wrote:
>> Adds a field to the "meta" config property which stores the user who
>> created the VM.
> Should also get this finally added to CTs, I know it's a bit unfair to
> add the burden to this patch series, but otherwise we might never add
> it..
>
>> Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
>> ---
>> PVE/QemuServer.pm | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
>> index a0e16dc..28ed8e7 100644
>> --- a/PVE/QemuServer.pm
>> +++ b/PVE/QemuServer.pm
>> @@ -281,6 +281,11 @@ my $meta_info_fmt = {
>> pattern => '\d+(\.\d+)+',
>> optional => 1,
>> },
>> + 'user' => {
> It adds a bit of property length, but it might be good to follow the other
> properties and use a bit more self-explanatory 'creation-user' here?
Good idea, I'll change it accordingly.
> I mean, I don't hope that we add to much properties here, but in retrospect
> the property name "meta" might have been a bit to general, something like
> "creation-env" could have been a better choice - but as said, I still
> hope that we don't add to much there anyway.
>
> otoh, maybe this is even "to much" for such a thing, a dedicated audit log
> might be better in general? (I got that with some rough planning on our
> internal wiki)
FWIW, I actually started working on the CT implementation already (after
Fiona pointed out that the report was requesting it for both VMs and
CTs). I read through the ideas for the auditing framework and it does
seem like it would be a much better fit there - but then again, the
property might make accountability a bit easier, since instead of
filtering logs (which could probably be quite some time in the past) one
just needs to read the meta property in the config file⦠Maybe both
would be good?
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-02-15 9:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-13 10:24 [pve-devel] [PATCH qemu-server] feature #3937: config: store user in meta property Leo Nunner
2023-02-14 9:41 ` Thomas Lamprecht
2023-02-15 9:05 ` Leo Nunner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal