From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 59AF98DD60 for ; Thu, 10 Nov 2022 11:10:28 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 348D9249A6 for ; Thu, 10 Nov 2022 11:09:58 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 10 Nov 2022 11:09:57 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 34DB343725 for ; Thu, 10 Nov 2022 11:09:57 +0100 (CET) Message-ID: Date: Thu, 10 Nov 2022 11:09:56 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Thunderbird/107.0 Content-Language: en-GB To: Proxmox VE development discussion , Dominik Csapak References: <20221018140226.598710-1-d.csapak@proxmox.com> <20221018140226.598710-5-d.csapak@proxmox.com> From: Thomas Lamprecht In-Reply-To: <20221018140226.598710-5-d.csapak@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.032 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH cluster v8 4/4] DataCenterConfig: add tag rights control to the datacenter config X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Nov 2022 10:10:28 -0000 Am 18/10/2022 um 16:02 schrieb Dominik Csapak: > by adding a 'user-tag-privileges' and 'admin-tags' option. > The first sets the policy by which "normal" users (with > 'VM.Config.Options' on the respective guest) can create/delete tags > and the second is a list of tags only settable by 'admins' > ('Sys.Modify' on '/') > > also add a helper 'get_user_admin_tags' that returns two hashmaps that > determines the allowed user tags and admin tags that require elevated > permissions > > Signed-off-by: Dominik Csapak > --- > data/PVE/DataCenterConfig.pm | 93 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 93 insertions(+) > > diff --git a/data/PVE/DataCenterConfig.pm b/data/PVE/DataCenterConfig.pm > index bb29d26..e2140ff 100644 > --- a/data/PVE/DataCenterConfig.pm > +++ b/data/PVE/DataCenterConfig.pm > @@ -154,6 +154,26 @@ my $tag_style_format = { > }, > }; > > +my $user_tag_privs_format = { > + 'usable' => { > + optional => 1, > + type => 'string', > + enum => ['none', 'list', 'existing', 'free'], > + default => 'free', > + dscription => "Determines which tags a user without Sys.Modify on '/' can set and delete. ". > + "'none' means no tags are settable.'list' allows tags from the given list. ". > + "'existing' means only already existing tags or from the given list. ". > + "And 'free' means users can assign any tags." could be split into a "description" (for CLI usage) and a "verbose_description" (for man page/docs), something like: description => "Controls tag usage for users without `Sys.Modify` on `/` by either" ." allowing `none`, a `list`, already `existing` (used) or anything (`free`).", verbose_description => "Controls which tags can be set or deleted on resources an user ." controls (such as guests). Users with the `Sys.Modify` privilege on `/` are always unrestricted." ."* `none`: ..." ."* `list`: ..." ."* `existing`: ..." ."* `free`: ...", > + }, > + 'list' => { > + optional => 1, > + type => 'string', > + pattern => "${PVE::JSONSchema::PVE_TAG_RE}(?:\;${PVE::JSONSchema::PVE_TAG_RE})*", > + typetext => "[;=...]", > + description => "List of tags users are allowd to set and delete (semicolon separated).", > + }, > +}; > + > my $datacenter_schema = { > type => "object", > additionalProperties => 0, > @@ -285,12 +305,60 @@ my $datacenter_schema = { > description => "Tag style options.", > format => $tag_style_format, > }, > + 'user-tag-privileges' => { > + optional => 1, > + type => 'string', > + description => "Privilege options for user settable tags", > + format => $user_tag_privs_format, > + }, > + 'admin-tags' => { > + optional => 1, > + type => 'string', > + description => "A list of tags only admins (Sys.Modify on '/') are allowed to set/delete", > + pattern => "(?:${PVE::JSONSchema::PVE_TAG_RE};)*${PVE::JSONSchema::PVE_TAG_RE}", > + }, > }, > }; > > # make schema accessible from outside (for documentation) > sub get_datacenter_schema { return $datacenter_schema }; > > +# returns two hashmaps of tags, the first is the list of tags that can returns a tuple of two hash maps with tags as keys, ... > +# be used by users with 'VM.Config.Options', and the second is a list be used with just 'VM.Config.Options' on '/vms/{vmid}' > +# that needs 'Sys.Modify' on '/' > +# > +# If the first map is 'undef', it means there is generally no restriction > +# besides the tags defined in the second map. > +# > +# CAUTION: this function may include tags from *all* guest configs, > +# regardless of the current authuser > +sub get_user_admin_tags { hmm, sounds a bit confusing, mabye one of: * add and: get_user_and_admin_tags * get_unrestricted_and_registered_tags * or just get_allowed_tags (with the comment highlighting that it returns two, the allowed for all, and the one for "admins" it would be quite clear and also short)