[pmg-devel] [PATCH pmg-api v5 6/10] api: add/update/remove realms like in PVE
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Feb 21 14:52:48 CET 2025
> Markus Frank <m.frank at proxmox.com> hat am 21.02.2025 14:44 CET geschrieben:
>
>
> Thank you for reviewing this patch series.
>
> On 2025-02-21 13:41, Fabian Grünbichler wrote:
> >
> >> Markus Frank <m.frank at proxmox.com> hat am 18.02.2025 17:19 CET geschrieben:
> >>
> >>
> >> The name Realm.pm was chosen because a Domain.pm already exists.
> >
> > but the API path is still domains, and the naming inside the code/descriptions/.. is also rather inconsistent. should we settle on one or the other?
>
> We use /access/domain in PVE/PBS and already allow /access/domains in PMG/HTTPServer.pm:
> ```
> # explicitly allow some calls without auth
> if (($rel_uri eq '/access/domains' && $method eq 'GET') ||
> ($rel_uri eq '/quarantine/sendlink' && ($method eq 'GET' || $method eq 'POST')) ||
> ($rel_uri eq '/access/ticket' && ($method eq 'GET' || $method eq 'POST'))) {
> ```
>
> Before renaming it to Realm, I was using Authdomain as the file/module name.
> If we want to stick to one name, we either use Authdomains (or something similar) again, or we change everything to realm and use a different api path than PVE/PBS.
> I think I would prefer using Authdomains and /access/domain.
>
> Any opinions?
I think we have three options:
- use domains just for the api path, rename it to realm across the board otherwise in PMG (this is a bit what the v5 of the patch does, but it doesn't do it 100% ;))
- use realm everywhere in PMG (might require adaptations in pwt and other common code to allow this, and probably requires API clients to adapt to that as well if shared across PMG/PBS/PVE?), and migrate PVE and PBS to that terminology as well at some point
- use domains and realm interchangeably like in PVE (requires to name at least the perl module differently in PMG, and might be confusing?)
this is a bit of a historic issue, and not the fault of this patch series - I'd just like to avoid making it worse by calling the same thing "realm", "domain", "authdomain", "authentication domain" while also having other "domain"s in PMG if we can avoid it ;) for that reason alone the third option is the least attractive to me.
More information about the pmg-devel
mailing list