[pve-devel] [PATCH access-control] pveum: Allow listing of roles and their privileges

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Sep 25 08:56:37 CEST 2017


On 09/25/2017 07:05 AM, Dietmar Maurer wrote:
> comments inline
> 
>> Use the existing 'index' API call from PVE::API2::Role to produce a
>> tidy list of all available roles and their associated privileges.
>> ---
>> Concerns #1502 but doesn't fix it completely.
>>   PVE/CLI/pveum.pm | 31 +++++++++++++++++++++++++++++++
>>   1 file changed, 31 insertions(+)
>>
>> diff --git a/PVE/CLI/pveum.pm b/PVE/CLI/pveum.pm
>> index aef7089..26807a5 100755
>> --- a/PVE/CLI/pveum.pm
>> +++ b/PVE/CLI/pveum.pm
>> @@ -54,6 +54,37 @@ our $cmddef = {
>>       groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
>>       groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
>>   
>> +    rolelst => [ 'PVE::API2::Role', 'index', [ ], undef,
> 
> 
> I am not a big fan of names like 'lst' - what happened to the 'i'?
> Why not 'list'?
> 
> And we also want 'list' command for users, groups and acls?
>   
> I wonder if we should use the following scheme instead:
> 
> pveum role list ...
> pveum role add ...
> pveum role delete ...
> pveum role modify ...
> 
> pveum group list
> pveum group add
> pveum group delete
> pveum group modify
> 

+1

We could keep the old commands for backward compatibility and add a
"no-docs" flag to the schema, which could be added to the old commands
so that we do not generate documentation for both old and new.

This flag could be nice in general, IMO, to hide "PVE internal" commands
from the docs, e.g. `pvecm addnode` or `qm mtunnel`.





More information about the pve-devel mailing list