[pve-devel] [PATCHES] Add VM.Snapshot.Rollback privilege

Matthias Urban matthias.urban at pure-systems.com
Thu Sep 7 10:08:31 CEST 2017 

Dear PVE developers,

there is only one privilege for controlling the access to snapshots, 
i.e. VM.Snapshot. This makes it impossible to separate administrative 
access (create, update, delete) from user access (rollback) to 
snapshots. Changing and deleting snapshots can be very sensible 
operations in certain environments, e.g. if snapshots are 
programmatically used for resetting unit test VMs in an automated test 
environment (our use-case). Separating the ability to setup snapshots 
from using them becomes crucial in such environments. This separation 
can be achieved with an additional privilege, i.e. VM.Snapshot.Rollback, 
allowing read and rollback access to snapshots only. See the patches for 
pve-manager, pve-container, pve-access-control, and qemu-server below. 
There are no side-effects for existing Proxmox installations by adding 
this privilege.


***[PATCH manager]***

Signed-off-by: Matthias Urban <matthias.urban at pure-systems.com>
---
Matthias Urban (1):
   VM.Snapshot.Rollback privilege added

  www/manager6/lxc/Config.js  | 2 +-
  www/manager6/qemu/Config.js | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/www/manager6/lxc/Config.js b/www/manager6/lxc/Config.js
index fbaccefe..12a4b12d 100644
--- a/www/manager6/lxc/Config.js
+++ b/www/manager6/lxc/Config.js
@@ -200,7 +200,7 @@ Ext.define('PVE.lxc.Config', {
          });
      }

-    if (caps.vms['VM.Snapshot']) {
+    if (caps.vms['VM.Snapshot'] || caps.vms['VM.Snapshot.Rollback']) {
          me.items.push({
          title: gettext('Snapshots'),
          iconCls: 'fa fa-history',
diff --git a/www/manager6/qemu/Config.js b/www/manager6/qemu/Config.js
index 75454d8e..31cab970 100644
--- a/www/manager6/qemu/Config.js
+++ b/www/manager6/qemu/Config.js
@@ -234,7 +234,7 @@ Ext.define('PVE.qemu.Config', {
          });
      }

-    if (caps.vms['VM.Snapshot'] && !template) {
+    if ((caps.vms['VM.Snapshot'] || caps.vms['VM.Snapshot.Rollback']) 
&& !template) {
          me.items.push({
          title: gettext('Snapshots'),
          iconCls: 'fa fa-history',
-- 
2.14.1


***[PATCH container]***

Signed-off-by: Matthias Urban <matthias.urban at pure-systems.com>
---
Matthias Urban (1):
   VM.Snapshot.Rollback privilege added

  src/PVE/API2/LXC/Snapshot.pm | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/LXC/Snapshot.pm b/src/PVE/API2/LXC/Snapshot.pm
index 6ba6fb3..edccbf4 100644
--- a/src/PVE/API2/LXC/Snapshot.pm
+++ b/src/PVE/API2/LXC/Snapshot.pm
@@ -225,7 +225,7 @@ __PACKAGE__->register_method({
      proxyto => 'node',
      description => "Rollback LXC state to specified snapshot.",
      permissions => {
-    check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
+    check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 
'VM.Snapshot.Rollback' ], any => 1],
      },
      parameters => {
      additionalProperties => 0,
@@ -328,7 +328,7 @@ __PACKAGE__->register_method({
      proxyto => 'node',
      description => "Get snapshot configuration",
      permissions => {
-    check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
+    check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 
'VM.Snapshot.Rollback' ], any => 1],
      },
      parameters => {
      additionalProperties => 0,
-- 
2.14.1


***[PATCH access-control]***

Signed-off-by: Matthias Urban <matthias.urban at pure-systems.com>
---
Matthias Urban (1):
   VM.Snapshot.Rollback privilege added

PVE/AccessControl.pm | 1 +
  1 file changed, 1 insertion(+)

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 7d02cdf..2b610b7 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -406,6 +406,7 @@ my $privgroups = {
          'VM.Migrate',
          'VM.Monitor',
          'VM.Snapshot',
+        'VM.Snapshot.Rollback',
      ],
      user => [
          'VM.Config.CDROM', # change CDROM media
-- 
2.14.1


***[PATCH qemu-server]***

Signed-off-by: Matthias Urban <matthias.urban at pure-systems.com>
---
Matthias Urban (1):
   VM.Snapshot.Rollback privilege added

  PVE/API2/Qemu.pm | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index aa7c832..311295b 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -3354,7 +3354,7 @@ __PACKAGE__->register_method({
      proxyto => 'node',
      description => "Get snapshot configuration",
      permissions => {
-    check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
+    check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 
'VM.Snapshot.Rollback' ], any => 1],
      },
      parameters => {
      additionalProperties => 0,
@@ -3393,7 +3393,7 @@ __PACKAGE__->register_method({
      proxyto => 'node',
      description => "Rollback VM state to specified snapshot.",
      permissions => {
-    check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
+    check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 
'VM.Snapshot.Rollback' ], any => 1],
      },
      parameters => {
      additionalProperties => 0,
-- 
2.14.1

More information about the pve-devel mailing list