From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <t.lamprecht@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 9C9156D663
 for <pve-devel@lists.proxmox.com>; Thu,  1 Apr 2021 15:41:22 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 91FE81C2AA
 for <pve-devel@lists.proxmox.com>; Thu,  1 Apr 2021 15:40:52 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id E01621C29D
 for <pve-devel@lists.proxmox.com>; Thu,  1 Apr 2021 15:40:51 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id ABB7D4289B
 for <pve-devel@lists.proxmox.com>; Thu,  1 Apr 2021 15:40:51 +0200 (CEST)
Message-ID: <b10d9b28-e755-0996-e09b-79d239ad89cd@proxmox.com>
Date: Thu, 1 Apr 2021 15:40:49 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101
 Thunderbird/88.0
Content-Language: en-US
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Fabian Ebner <f.ebner@proxmox.com>
References: <20210311092208.27221-1-f.ebner@proxmox.com>
 <20210311092208.27221-2-f.ebner@proxmox.com>
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
In-Reply-To: <20210311092208.27221-2-f.ebner@proxmox.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.044 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -0.001 Looks like a legit reply (A)
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [vzdump.pm]
Subject: Re: [pve-devel] [PATCH v3 manager 2/4] api: vzdump: add call to get
 currently configured vzdump defaults
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 13:41:22 -0000

On 11.03.21 10:22, Fabian Ebner wrote:
> on a given node (and storage).
> 
> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
> ---
> 
> New in v3
> 
>  PVE/API2/VZDump.pm | 89 ++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 89 insertions(+)
> 
> diff --git a/PVE/API2/VZDump.pm b/PVE/API2/VZDump.pm
> index 44376106..109e178b 100644
> --- a/PVE/API2/VZDump.pm
> +++ b/PVE/API2/VZDump.pm
> @@ -146,6 +146,95 @@ __PACKAGE__->register_method ({
>  	return $rpcenv->fork_worker('vzdump', $taskid, $user, $worker);
>     }});
>  
> +__PACKAGE__->register_method ({
> +    name => 'defaults',
> +    path => 'defaults',
> +    method => 'GET',
> +    description => "Get the currently configured vzdump defaults.",
> +    permissions => {
> +	description => "The user needs 'Datastore.Audit' or " .
> +	    "'Datastore.AllocateSpace' permissions for the specified storage " .
> +	    "(or default storage if none specified). Some properties are only " .
> +	    "returned when the user has 'Sys.Audit' permissions for the node.",

style nit: you can go up to 100 character columns here, also we 

> +	user => 'all',
> +    },
> +    proxyto => 'node',
> +    parameters => {
> +	additionalProperties => 0,
> +	properties => {
> +	    node => get_standard_option('pve-node'),
> +	    storage => get_standard_option('pve-storage-id', { optional => 1 }),
> +	},
> +    },
> +    returns => {
> +	type => 'object',
> +	additionalProperties => 0,
> +	properties => PVE::VZDump::Common::json_config_properties(),

above may suggest that all those properties are returned, but we delete some
out flat, so even if one would access this as root@pam they won't get all of
those and may get confused due to API schema/return value mismatch.

Maybe we could derive a hash from above list at module scope, and delete those
keys that never will be returned. That list could also be reused below for
filtering out those unwanted keys too then.

> +    },
> +    code => sub {
> +	my ($param) = @_;
> +
> +	my $node = extract_param($param, 'node');
> +	my $storage = extract_param($param, 'storage');
> +
> +	my $rpcenv = PVE::RPCEnvironment::get();
> +	my $authuser = $rpcenv->get_user();
> +
> +	my $res = PVE::VZDump::read_vzdump_defaults();
> +
> +	$res->{storage} = $storage if defined($storage);
> +
> +	if (!defined($res->{dumpdir}) && !defined($res->{storage})) {
> +	    $res->{storage} = 'local';
> +	}
> +
> +	if (defined($res->{storage})) {
> +	    $rpcenv->check_any(
> +		$authuser,
> +		"/storage/$res->{storage}",
> +		['Datastore.Audit', 'Datastore.AllocateSpace'],
> +	    );
> +
> +	    my $info = PVE::VZDump::storage_info($res->{storage});
> +	    foreach my $key (qw(dumpdir prune-backups)) {

style nit, for new code use `for`, `foreach` has no additional value/functionality
over `for` since a long time (if ever, actually not too sure from top of my head).

> +		$res->{$key} = $info->{$key} if defined($info->{$key});
> +	    }
> +	}
> +
> +	if (defined($res->{'prune-backups'})) {
> +	    $res->{'prune-backups'} = PVE::JSONSchema::print_property_string(
> +		$res->{'prune-backups'},
> +		'prune-backups',
> +	    );
> +	}
> +
> +	$res->{mailto} = join(",", @{$res->{mailto}})
> +	    if defined($res->{mailto});
> +
> +	$res->{'exclude-path'} = join(",", @{$res->{'exclude-path'}})
> +	    if defined($res->{'exclude-path'});
> +
> +	# normal backup users don't need to know these
> +	if (!$rpcenv->check($authuser, "/nodes/$node", ['Sys.Audit'], 1)) {
> +	    delete $res->{mailto};
> +	    delete $res->{tmpdir};
> +	    delete $res->{dumpdir};
> +	    delete $res->{script};
> +	    delete $res->{bwlimit};

The bwlimit could be exposed though, similarly to how we do already on backup restore.
For not so privileged user we may want to do something like getting the
min($api_bwlimit, $storage_or_dc_options_bwlimit) to ensure an user cannot weasel
themself out of admin imposed restrictions... Also, this does not needs to be in
that series, just a general idea...

> +	    delete $res->{ionice};
> +	}
> +
> +	my $pool = $res->{pool};
> +	if (defined($pool) &&
> +	    !$rpcenv->check($authuser, "/pool/$pool", ['Pool.Allocate'], 1)) {
> +	    delete $res->{pool};
> +	}
> +
> +	delete $res->{size}; # deprecated, to be dropped with PVE 7.0
> +
> +	return $res;
> +    }});
> +
>  __PACKAGE__->register_method ({
>      name => 'extractconfig',
>      path => 'extractconfig',
>