[pdm-devel] [PATCH proxmox-datacenter-manager 04/12] api: add API for retrieving/refreshing the remote update summary

Shannon Sterz s.sterz at proxmox.com
Fri Oct 17 12:15:32 CEST 2025 

On Wed Oct 15, 2025 at 2:47 PM CEST, Lukas Wagner wrote:
> This commit adds two new endpoints, namely
>   GET  /remote-updates/summary
>   POST /remote-updates/refresh
>
> The first one is used to retrieve the update summary (the data is taken
> from the cache), the second one can be used to proactively refresh the
> summary in the cache (starts a worker task, since this could take a
> while). Note that we only retrieve the up-to-date list of packages from
> the remote, but do *not* trigger an `apt update` right now. Could make
> sense to do the latter as well, but then we probably should
> stream/forward the task logs for the upgrade task from the node to the

maybe i'm misunderstanding, but do you mean "update task" here? since
you talk about triggering an `apt update` before. triggering an actual
upgrade here seems a little risky and probably needs extra safe-guards?

> native PDM task; something we can rather implement later.
>
> Signed-off-by: Lukas Wagner <l.wagner at proxmox.com>
> ---
>  server/src/api/mod.rs            |   3 +
>  server/src/api/remote_updates.rs | 108 +++++++++++++++++++++++++++++++
>  2 files changed, 111 insertions(+)
>  create mode 100644 server/src/api/remote_updates.rs
>
> diff --git a/server/src/api/mod.rs b/server/src/api/mod.rs
> index 02ee0ecf..6a7a65a2 100644
> --- a/server/src/api/mod.rs
> +++ b/server/src/api/mod.rs
> @@ -14,6 +14,7 @@ pub mod nodes;
>  pub mod pbs;
>  pub mod pve;
>  pub mod remote_tasks;
> +pub mod remote_updates;
>  pub mod remotes;
>  pub mod resources;
>  mod rrd_common;
> @@ -31,6 +32,8 @@ const SUBDIRS: SubdirMap = &sorted!([
>      ("resources", &resources::ROUTER),
>      ("nodes", &nodes::ROUTER),
>      ("remote-tasks", &remote_tasks::ROUTER),
> +    // TODO: There might be a better place for this endpoint.
> +    ("remote-updates", &remote_updates::ROUTER),
>      ("sdn", &sdn::ROUTER),
>      ("version", &Router::new().get(&API_METHOD_VERSION)),
>  ]);
> diff --git a/server/src/api/remote_updates.rs b/server/src/api/remote_updates.rs
> new file mode 100644
> index 00000000..724b705a
> --- /dev/null
> +++ b/server/src/api/remote_updates.rs
> @@ -0,0 +1,108 @@
> +//! API for getting a remote update update summary.
> +
> +use anyhow::Error;
> +
> +use pdm_api_types::remote_updates::UpdateSummary;
> +use pdm_api_types::remotes::Remote;
> +use pdm_api_types::{PRIV_RESOURCE_MODIFY, UPID};
> +use proxmox_access_control::CachedUserInfo;
> +use proxmox_rest_server::WorkerTask;
> +use proxmox_router::{
> +    http_bail, list_subdirs_api_method, Permission, Router, RpcEnvironment, SubdirMap,
> +};
> +use proxmox_schema::api;
> +use proxmox_sortable_macro::sortable;
> +
> +use crate::remote_updates;
> +
> +pub const ROUTER: Router = Router::new()
> +    .get(&list_subdirs_api_method!(SUBDIRS))
> +    .subdirs(SUBDIRS);
> +
> +#[sortable]
> +const SUBDIRS: SubdirMap = &sorted!([
> +    ("summary", &Router::new().get(&API_METHOD_UPDATE_SUMMARY)),
> +    (
> +        "refresh",
> +        &Router::new().post(&API_METHOD_REFRESH_REMOTE_UPDATE_SUMMARIES)
> +    ),
> +]);
> +
> +#[api(
> +    access: {
> +        permission: &Permission::Anybody,
> +        description: "Resource.Modify privileges are needed on /resource/{remote}",
> +    },
> +)]
> +/// Return available update summary for managed remote nodes.
> +pub fn update_summary(rpcenv: &mut dyn RpcEnvironment) -> Result<UpdateSummary, Error> {
> +    let auth_id = rpcenv.get_auth_id().unwrap().parse()?;
> +    let user_info = CachedUserInfo::new()?;
> +
> +    if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? {
> +        http_bail!(UNAUTHORIZED, "user has no access to resources");
> +    }
> +
> +    let mut update_summary = remote_updates::get_available_updates_summary()?;
> +
> +    update_summary.remotes.retain(|remote_name, _| {
> +        user_info
> +            .check_privs(
> +                &auth_id,
> +                &["resource", remote_name],
> +                PRIV_RESOURCE_MODIFY,
> +                false,
> +            )
> +            .is_ok()
> +    });
> +
> +    Ok(update_summary)
> +}
> +
> +#[api(
> +    access: {
> +        permission: &Permission::Anybody,
> +        description: "Resource.Modify privileges are needed on /resource/{remote}",
> +    },
> +)]
> +/// Refresh the update summary of all remotes.
> +pub fn refresh_remote_update_summaries(rpcenv: &mut dyn RpcEnvironment) -> Result<UPID, Error> {
> +    let (config, _digest) = pdm_config::remotes::config()?;
> +
> +    let auth_id = rpcenv.get_auth_id().unwrap().parse()?;
> +    let user_info = CachedUserInfo::new()?;
> +
> +    if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? {
> +        http_bail!(UNAUTHORIZED, "user has no access to resources");
> +    }
> +
> +    let remotes: Vec<Remote> = config
> +        .into_iter()
> +        .filter_map(|(remote_name, remote)| {
> +            user_info
> +                .check_privs(
> +                    &auth_id,
> +                    &["resource", &remote_name],
> +                    PRIV_RESOURCE_MODIFY,
> +                    false,
> +                )
> +                .is_ok()
> +                .then_some(remote)
> +        })
> +        .collect();
> +
> +    let upid_str = WorkerTask::spawn(
> +        "refresh-remote-updates",
> +        None,
> +        auth_id.to_string(),
> +        true,
> +        |_worker| async {
> +            // TODO: Add more verbose logging per remote/node, so we can actually see something
> +            // interesting in the task log.
> +            remote_updates::refresh_update_summary_cache(remotes).await?;
> +            Ok(())
> +        },
> +    )?;
> +
> +    upid_str.parse()
> +}

More information about the pdm-devel mailing list