[pve-devel] [PATCH access-control v2 3/3] domain sync: add 'dry-run' parameter

Dominik Csapak d.csapak at proxmox.com
Thu Apr 23 08:47:19 CEST 2020 

this can be used to test the resulting config before actually changing
anything

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
changes from v1:
* rename parameter from 'no-write' to 'dry-run
* drop the print sub, instead just mention at the beginning and end
  that this is just a dry run
 PVE/API2/Domains.pm | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/PVE/API2/Domains.pm b/PVE/API2/Domains.pm
index e139869..18698c0 100644
--- a/PVE/API2/Domains.pm
+++ b/PVE/API2/Domains.pm
@@ -408,7 +408,13 @@ __PACKAGE__->register_method ({
 	additionalProperties => 0,
 	properties => get_standard_option('realm-sync-options', {
 	    realm => get_standard_option('realm'),
-	})
+	    'dry-run' => {
+		description => "If set, does not write anything.",
+		type => 'boolean',
+		optional => 1,
+		default => 0,
+	    },
+	}),
     },
     returns => {
 	description => 'Worker Task-UPID',
@@ -420,6 +426,9 @@ __PACKAGE__->register_method ({
 	my $rpcenv = PVE::RPCEnvironment::get();
 	my $authuser = $rpcenv->get_user();
 
+	my $write = !(extract_param($param, 'dry-run'));
+	my $dryrunstring = $write ? '' : ' (dry run)';
+
 	my $realm = $param->{realm};
 	my $cfg = cfs_read_file($domainconfigfile);
 	my $realmconfig = $cfg->{ids}->{$realm};
@@ -439,7 +448,7 @@ __PACKAGE__->register_method ({
 	my $plugin = PVE::Auth::Plugin->lookup($type);
 
 	my $worker = sub {
-	    print "starting sync for realm $realm\n";
+	    print "starting sync$dryrunstring for realm $realm\n";
 
 	    my ($synced_users, $dnmap) = $plugin->get_users($realmconfig, $realm);
 	    my $synced_groups = {};
@@ -459,12 +468,17 @@ __PACKAGE__->register_method ({
 		    $update_groups->($usercfg, $realm, $synced_groups, $opts);
 		}
 
-		cfs_write_file("user.cfg", $usercfg);
-		print "successfully updated $whatstring configuration\n";
+		if ($write) {
+		    cfs_write_file("user.cfg", $usercfg) if $write;
+		    print "successfully updated $whatstring configuration\n" if $write;
+		} else {
+		    print "NOTE: This is just a dry run. No actual data was written.\n";
+		}
 	    }, "syncing $whatstring failed");
 	};
 
-	return $rpcenv->fork_worker('auth-realm-sync', $realm, $authuser, $worker);
+	my $workerid = $write ? 'auth-realm-sync' : 'auth-realm-sync-test';
+	return $rpcenv->fork_worker($workerid, $realm, $authuser, $worker);
     }});
 
 1;
-- 
2.20.1

More information about the pve-devel mailing list