[pve-devel] [RFC v2 qemu-server] close #2741: add VM.Config.Cloudinit permission
Mira Limbeck
m.limbeck at proxmox.com
Thu Jun 25 16:48:47 CEST 2020
This allows setting ciuser, cipassword and all other cloudinit settings that
are not part of the network without VM.Config.Network permissions.
Keep VM.Config.Network still as fallback so custom roles that add
VM.Config.Network but not VM.Config.Cloudinit don't break.
Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
---
v2:
- fallback for 'VM.Config.Network'
- addition to $vm_config_perm_list
- removed unnecessary print statement
This requires the pve-access-control patch.
PVE/API2/Qemu.pm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 3965c26..b33359d 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -358,8 +358,10 @@ my $check_vm_modify_config_perm = sub {
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt']);
} elsif ($diskoptions->{$opt}) {
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
- } elsif ($cloudinitoptions->{$opt} || ($opt =~ m/^(?:net|ipconfig)\d+$/)) {
+ } elsif ($opt =~ m/^(?:net|ipconfig)\d+$/) {
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
+ } elsif ($cloudinitoptions->{$opt}) {
+ $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Cloudinit', 'VM.Config.Network'], 1);
} elsif ($opt eq 'vmstate') {
# the user needs Disk and PowerMgmt privileges to change the vmstate
# also needs privileges on the storage, that will be checked later
@@ -1354,6 +1356,7 @@ my $vm_config_perm_list = [
'VM.Config.Network',
'VM.Config.HWType',
'VM.Config.Options',
+ 'VM.Config.Cloudinit',
];
__PACKAGE__->register_method({
--
2.20.1
More information about the pve-devel
mailing list