[pve-devel] [PATCH access-control v2 1/2] realm: sync: allow 'none' for 'remove-vanished' option

Dominik Csapak d.csapak at proxmox.com
Tue Dec 6 12:06:30 CET 2022


with that, the api call can now override the default option
that is set on the realm (if any) by providing 'none'

it was not possible previously to override the realm default
when one wanted no properties to delete

no other code changes are necessary since we only extract the
known values 'acl' etc. and 'none' has no meaning there

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
 src/PVE/Auth/Plugin.pm | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/PVE/Auth/Plugin.pm b/src/PVE/Auth/Plugin.pm
index 03d3342..bae9fb9 100755
--- a/src/PVE/Auth/Plugin.pm
+++ b/src/PVE/Auth/Plugin.pm
@@ -63,10 +63,12 @@ my $realm_sync_options_desc = {
 	    ." vanishes during a sync. The following values are possible: 'entry' removes the"
 	    ." user/group when not returned from the sync. 'properties' removes the set"
 	    ." properties on existing user/group that do not appear in the source (even custom ones)."
-	    ." 'acl' removes acls when the user/group is not returned from the sync.",
+	    ." 'acl' removes acls when the user/group is not returned from the sync."
+	    ." Instead of a list it also can be 'none' (the default).",
 	type => 'string',
-	typetext => "[acl];[properties];[entry]",
-	pattern => "(?:$remove_options\;)*$remove_options",
+	default => 'none',
+	typetext => "([acl];[properties];[entry])|none",
+	pattern => "(?:(?:$remove_options\;)*$remove_options)|none",
 	optional => '1',
     },
     # TODO check/rewrite in pve7to8, and remove with 8.0
-- 
2.30.2






More information about the pve-devel mailing list