[pve-devel] [PATCH qemu-server] cloudinit: allow non-root users to set ciupgrade option

[Friedrich Weber]

The new ciupgrade option was missing in $cloudinitoptions in
PVE::API2::Qemu, so $check_vm_modify_config_perm defaulted to
requiring root at pam for modifying the option. To fix this, add
ciupgrade to $cloudinitoptions. This also fixes an issue where
ciupgrade was missing in the output of `qm cloudinit pending`,
as it also relies on $cloudinitoptions.

This issue was originally reported in the forum [0].

Also add a comment to avoid similar issues when adding new options in
the future.

[0]: https://forum.proxmox.com/threads/131043/

Signed-off-by: Friedrich Weber <f.weber at proxmox.com>
---

Notes:
    Not sure if this is the proper fix. Instead of maintaining two lists
    of cloudinit options, we could generate $cloudinitoptions from
    $confdesc_cloudinit?

 PVE/API2/Qemu.pm  | 1 +
 PVE/QemuServer.pm | 1 +
 2 files changed, 2 insertions(+)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 5930713..d57b8e8 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -562,6 +562,7 @@ my $cloudinitoptions = {
     cipassword => 1,
     citype => 1,
     ciuser => 1,
+    ciupgrade => 1,
     nameserver => 1,
     searchdomain => 1,
     sshkeys => 1,
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 430661a..e41d017 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -760,6 +760,7 @@ my $cicustom_fmt = {
 };
 PVE::JSONSchema::register_format('pve-qm-cicustom', $cicustom_fmt);
 
+# any new option might need to be added to $cloudinitoptions in PVE::API2::Qemu
 my $confdesc_cloudinit = {
     citype => {
 	optional => 1,
-- 
2.39.2