[pve-devel] [PATCH manager 2/2] api2: use JSONSchema to validate commands for "nodes/{node}/execute"
Stefan Sterz
s.sterz at proxmox.com
Wed Jul 27 16:56:12 CEST 2022
this also makes it more explicit what the different values should be
Signed-off-by: Stefan Sterz <s.sterz at proxmox.com>
---
not sure how sensible this is because most of the information here
won't show up in the api viewer. i couldn't figure out how to make it
show up and not make breaking changes to the endpoint or change how
the api definition hash is handled.
fabian gruenbichler and i also discussed off list that this is kind of
redudant functionality as you can likely just call multiple api
endpoints from whatever script/program/client you are using anyway
instead of using this limited and flawed endpoint. perhaps the was a
reason for this before tokens existed?
so maybe we should either drop it in pve 8 or let it accept proper
json not just "a string that when parsed as json needs to be of this
format". i.e. accept an array of objects here instead of a string.
it has also confused users in the past already, e.g. see:
https://forum.proxmox.com/threads/execute-command-in-node-with-api.112290/
PVE/API2/Nodes.pm | 51 +++++++++++++++++++++++++++++++++++++++++------
1 file changed, 45 insertions(+), 6 deletions(-)
diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index ef946301..5cc9111d 100644
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -66,6 +66,49 @@ eval {
use base qw(PVE::RESTHandler);
+PVE::JSONSchema::register_format('pve-command-batch', \&verify_command_batch);
+sub verify_command_batch {
+ my ($value, $noerr) = @_;
+ my $commands = eval { decode_json($value); };
+
+ return undef if $noerr && $@;
+ die "commands param did not contain valid JSON: $@" if $@;
+
+ eval {
+ PVE::JSONSchema::validate($commands, {
+ description => "An array of objects describing endpoints, methods and arguments.",
+ type => "array",
+ items => {
+ type => "object",
+ properties => {
+ path => {
+ description => "A relative path to an API endpoint on this node.",
+ type => "string",
+ optional => 0,
+ },
+ method => {
+ description => "A method related to the API endpoint (GET, POST etc.).",
+ type => "string",
+ pattern => "(GET|POST|PUT|DELETE)",
+ optional => 0,
+ },
+ args => {
+ description => "A set of parameter names and their values.",
+ type => "object",
+ optional => 1,
+ },
+ },
+ }
+ });
+ };
+
+ return $commands if !$@;
+
+ return undef if $noerr;
+
+ die "commands is not a valid array of commands: $@";
+}
+
__PACKAGE__->register_method ({
subclass => "PVE::API2::Qemu",
path => 'qemu',
@@ -433,6 +476,7 @@ __PACKAGE__->register_method({
commands => {
description => "JSON encoded array of commands.",
type => "string",
+ format => "pve-command-batch",
}
},
},
@@ -449,16 +493,11 @@ __PACKAGE__->register_method({
my $rpcenv = PVE::RPCEnvironment::get();
my $user = $rpcenv->get_user();
-
+ # just parse the json again, it should already be validated
my $commands = eval { decode_json($param->{commands}); };
- die "commands param did not contain valid JSON: $@" if $@;
- die "commands is not an array" if ref($commands) ne "ARRAY";
-
foreach my $cmd (@$commands) {
eval {
- die "$cmd is not a valid command" if (ref($cmd) ne "HASH" || !$cmd->{path} || !$cmd->{method});
-
$cmd->{args} //= {};
my $path = "nodes/$param->{node}/$cmd->{path}";
--
2.30.2
More information about the pve-devel
mailing list