[pdm-devel] [PATCH proxmox-datacenter-manager 04/12] api: add API for retrieving/refreshing the remote update summary

Lukas Wagner l.wagner at proxmox.com
Wed Oct 15 14:47:03 CEST 2025 

This commit adds two new endpoints, namely
  GET  /remote-updates/summary
  POST /remote-updates/refresh

The first one is used to retrieve the update summary (the data is taken
from the cache), the second one can be used to proactively refresh the
summary in the cache (starts a worker task, since this could take a
while). Note that we only retrieve the up-to-date list of packages from
the remote, but do *not* trigger an `apt update` right now. Could make
sense to do the latter as well, but then we probably should
stream/forward the task logs for the upgrade task from the node to the
native PDM task; something we can rather implement later.

Signed-off-by: Lukas Wagner <l.wagner at proxmox.com>
---
 server/src/api/mod.rs            |   3 +
 server/src/api/remote_updates.rs | 108 +++++++++++++++++++++++++++++++
 2 files changed, 111 insertions(+)
 create mode 100644 server/src/api/remote_updates.rs

diff --git a/server/src/api/mod.rs b/server/src/api/mod.rs
index 02ee0ecf..6a7a65a2 100644
--- a/server/src/api/mod.rs
+++ b/server/src/api/mod.rs
@@ -14,6 +14,7 @@ pub mod nodes;
 pub mod pbs;
 pub mod pve;
 pub mod remote_tasks;
+pub mod remote_updates;
 pub mod remotes;
 pub mod resources;
 mod rrd_common;
@@ -31,6 +32,8 @@ const SUBDIRS: SubdirMap = &sorted!([
     ("resources", &resources::ROUTER),
     ("nodes", &nodes::ROUTER),
     ("remote-tasks", &remote_tasks::ROUTER),
+    // TODO: There might be a better place for this endpoint.
+    ("remote-updates", &remote_updates::ROUTER),
     ("sdn", &sdn::ROUTER),
     ("version", &Router::new().get(&API_METHOD_VERSION)),
 ]);
diff --git a/server/src/api/remote_updates.rs b/server/src/api/remote_updates.rs
new file mode 100644
index 00000000..724b705a
--- /dev/null
+++ b/server/src/api/remote_updates.rs
@@ -0,0 +1,108 @@
+//! API for getting a remote update update summary.
+
+use anyhow::Error;
+
+use pdm_api_types::remote_updates::UpdateSummary;
+use pdm_api_types::remotes::Remote;
+use pdm_api_types::{PRIV_RESOURCE_MODIFY, UPID};
+use proxmox_access_control::CachedUserInfo;
+use proxmox_rest_server::WorkerTask;
+use proxmox_router::{
+    http_bail, list_subdirs_api_method, Permission, Router, RpcEnvironment, SubdirMap,
+};
+use proxmox_schema::api;
+use proxmox_sortable_macro::sortable;
+
+use crate::remote_updates;
+
+pub const ROUTER: Router = Router::new()
+    .get(&list_subdirs_api_method!(SUBDIRS))
+    .subdirs(SUBDIRS);
+
+#[sortable]
+const SUBDIRS: SubdirMap = &sorted!([
+    ("summary", &Router::new().get(&API_METHOD_UPDATE_SUMMARY)),
+    (
+        "refresh",
+        &Router::new().post(&API_METHOD_REFRESH_REMOTE_UPDATE_SUMMARIES)
+    ),
+]);
+
+#[api(
+    access: {
+        permission: &Permission::Anybody,
+        description: "Resource.Modify privileges are needed on /resource/{remote}",
+    },
+)]
+/// Return available update summary for managed remote nodes.
+pub fn update_summary(rpcenv: &mut dyn RpcEnvironment) -> Result<UpdateSummary, Error> {
+    let auth_id = rpcenv.get_auth_id().unwrap().parse()?;
+    let user_info = CachedUserInfo::new()?;
+
+    if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? {
+        http_bail!(UNAUTHORIZED, "user has no access to resources");
+    }
+
+    let mut update_summary = remote_updates::get_available_updates_summary()?;
+
+    update_summary.remotes.retain(|remote_name, _| {
+        user_info
+            .check_privs(
+                &auth_id,
+                &["resource", remote_name],
+                PRIV_RESOURCE_MODIFY,
+                false,
+            )
+            .is_ok()
+    });
+
+    Ok(update_summary)
+}
+
+#[api(
+    access: {
+        permission: &Permission::Anybody,
+        description: "Resource.Modify privileges are needed on /resource/{remote}",
+    },
+)]
+/// Refresh the update summary of all remotes.
+pub fn refresh_remote_update_summaries(rpcenv: &mut dyn RpcEnvironment) -> Result<UPID, Error> {
+    let (config, _digest) = pdm_config::remotes::config()?;
+
+    let auth_id = rpcenv.get_auth_id().unwrap().parse()?;
+    let user_info = CachedUserInfo::new()?;
+
+    if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? {
+        http_bail!(UNAUTHORIZED, "user has no access to resources");
+    }
+
+    let remotes: Vec<Remote> = config
+        .into_iter()
+        .filter_map(|(remote_name, remote)| {
+            user_info
+                .check_privs(
+                    &auth_id,
+                    &["resource", &remote_name],
+                    PRIV_RESOURCE_MODIFY,
+                    false,
+                )
+                .is_ok()
+                .then_some(remote)
+        })
+        .collect();
+
+    let upid_str = WorkerTask::spawn(
+        "refresh-remote-updates",
+        None,
+        auth_id.to_string(),
+        true,
+        |_worker| async {
+            // TODO: Add more verbose logging per remote/node, so we can actually see something
+            // interesting in the task log.
+            remote_updates::refresh_update_summary_cache(remotes).await?;
+            Ok(())
+        },
+    )?;
+
+    upid_str.parse()
+}
-- 
2.47.3

More information about the pdm-devel mailing list