[pve-devel] [PATCH cluster 2/3] Cluster: add get_guest_config_properties

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Mar 16 11:08:59 CET 2022


this and the other one existing one might also warrant a comment 
indicating that you possibly still want to parse/validate/filter the 
result before passing it along further up the stack (or that it should 
only be used for very simple keys?)

- if no vmid is passed, the result needs to be filtered by access to not 
  leak information
- if property is anything but a very simple type, validation might be 
  important (for lock it's not that bad since that is just a simple 
  enum, so a bogus/invalid value will likely just look weird, for the 
  `tags` property it's also not that bad since those are just
  simple lists of strings, but who knows what this will get used for 
  down the line ;))

also depending on whether the msg format gets changed this will need 
adapation obviously.

On March 14, 2022 10:03 am, Dominik Csapak wrote:
> akin to get_guest_config_property, but with a list of properties.
> uses the new CFS_IPC_GET_GUEST_CONFIG_PROPERTIES
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  data/PVE/Cluster.pm | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
> 
> diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
> index 765fb43..c65ba17 100644
> --- a/data/PVE/Cluster.pm
> +++ b/data/PVE/Cluster.pm
> @@ -340,6 +340,27 @@ sub get_node_kv {
>      return $res;
>  }
>  
> +# properties: an array-ref of config properties you want to get, e.g., this
> +# is perfect to get multiple properties of a guest _fast_
> +# (>100 faster than manual parsing here)
> +# vmid: optional, if a valid is passed we only check that one, else return all
> +# NOTE: does *not* searches snapshot and PENDING entries sections!
> +sub get_guest_config_properties {
> +    my ($properties, $vmid) = @_;
> +
> +    die "properties required" if !defined($properties);
> +
> +    my $bindata = pack "VC", $vmid // 0, scalar(@$properties);

length of $properties actually has a limit which should maybe be checked 
here as well? I mean it is rather unlikely to be misused in practice, 
and will print a warning that the `C` wraps the value here, but..

> +    for my $property (@$properties) {

> +	die "property name cannot be longer than 254 chars\n"
> +	    if length($property) > 254;
> +	$bindata .= pack "C/Z*", $property;

like indicated in the other patch's comments, this is a rather strange 
encoding (flashbacks to ASN.1 ;)) and shouldn't be needed.

> +    }
> +    my $res = $ipcc_send_rec_json->(CFS_IPC_GET_GUEST_CONFIG_PROPERTIES, $bindata);
> +
> +    return $res;
> +}
> +
>  # property: a config property you want to get, e.g., this is perfect to get
>  # the 'lock' entry of a guest _fast_ (>100 faster than manual parsing here)
>  # vmid: optipnal, if a valid is passed we only check that one, else return all
> -- 
> 2.30.2
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
> 





More information about the pve-devel mailing list