[pbs-devel] [PATCH v3 proxmox-backup 13/33] config: acl: allow namespace components for remote datastores
Christian Ebner
c.ebner at proxmox.com
Thu Sep 12 16:33:02 CEST 2024
Extend the component limit for ACL paths of `remote` to include
possible namespace components.
This allows to limit the permissions for sync jobs in push direction
to a namespace subset on the remote datastore.
Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
changes since version 2:
- not present in previous version
pbs-config/src/acl.rs | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/pbs-config/src/acl.rs b/pbs-config/src/acl.rs
index 6b6500f34..5177e22f0 100644
--- a/pbs-config/src/acl.rs
+++ b/pbs-config/src/acl.rs
@@ -89,10 +89,13 @@ pub fn check_acl_path(path: &str) -> Result<(), Error> {
}
}
"remote" => {
- // /remote/{remote}/{store}
+ // /remote/{remote}/{store}/{namespace}
if components_len <= 3 {
return Ok(());
}
+ if components_len > 3 && components_len <= 3 + pbs_api_types::MAX_NAMESPACE_DEPTH {
+ return Ok(());
+ }
}
"system" => {
if components_len == 1 {
--
2.39.2
More information about the pbs-devel
mailing list