[pve-devel] [PATCH access-control v2 3/3] domain sync: add 'dry-run' parameter
Dominik Csapak
d.csapak at proxmox.com
Thu Apr 23 08:47:19 CEST 2020
this can be used to test the resulting config before actually changing
anything
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
changes from v1:
* rename parameter from 'no-write' to 'dry-run
* drop the print sub, instead just mention at the beginning and end
that this is just a dry run
PVE/API2/Domains.pm | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/PVE/API2/Domains.pm b/PVE/API2/Domains.pm
index e139869..18698c0 100644
--- a/PVE/API2/Domains.pm
+++ b/PVE/API2/Domains.pm
@@ -408,7 +408,13 @@ __PACKAGE__->register_method ({
additionalProperties => 0,
properties => get_standard_option('realm-sync-options', {
realm => get_standard_option('realm'),
- })
+ 'dry-run' => {
+ description => "If set, does not write anything.",
+ type => 'boolean',
+ optional => 1,
+ default => 0,
+ },
+ }),
},
returns => {
description => 'Worker Task-UPID',
@@ -420,6 +426,9 @@ __PACKAGE__->register_method ({
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
+ my $write = !(extract_param($param, 'dry-run'));
+ my $dryrunstring = $write ? '' : ' (dry run)';
+
my $realm = $param->{realm};
my $cfg = cfs_read_file($domainconfigfile);
my $realmconfig = $cfg->{ids}->{$realm};
@@ -439,7 +448,7 @@ __PACKAGE__->register_method ({
my $plugin = PVE::Auth::Plugin->lookup($type);
my $worker = sub {
- print "starting sync for realm $realm\n";
+ print "starting sync$dryrunstring for realm $realm\n";
my ($synced_users, $dnmap) = $plugin->get_users($realmconfig, $realm);
my $synced_groups = {};
@@ -459,12 +468,17 @@ __PACKAGE__->register_method ({
$update_groups->($usercfg, $realm, $synced_groups, $opts);
}
- cfs_write_file("user.cfg", $usercfg);
- print "successfully updated $whatstring configuration\n";
+ if ($write) {
+ cfs_write_file("user.cfg", $usercfg) if $write;
+ print "successfully updated $whatstring configuration\n" if $write;
+ } else {
+ print "NOTE: This is just a dry run. No actual data was written.\n";
+ }
}, "syncing $whatstring failed");
};
- return $rpcenv->fork_worker('auth-realm-sync', $realm, $authuser, $worker);
+ my $workerid = $write ? 'auth-realm-sync' : 'auth-realm-sync-test';
+ return $rpcenv->fork_worker($workerid, $realm, $authuser, $worker);
}});
1;
--
2.20.1
More information about the pve-devel
mailing list