[pve-devel] [PATCH cluster v10 4/5] datacenter.cfg: add tag rights control to the datacenter config

Dominik Csapak d.csapak at proxmox.com
Wed Nov 16 09:47:26 CET 2022


most of the points are clear and ok for me, but
[snip]
>> +	    format => $user_tag_privs_format,
>> +	},
>> +	'privileged-tags' => {
>> +	    optional => 1,
>> +	    type => 'string',
>> +	    description => "A list of tags that require a `Sys.Modify` on '/') to set and delete. "
>> +		."Tags set here that are also in 'user-tag-access' also require `Sys.Modify`.",
>> +	    pattern => "(?:${PVE::JSONSchema::PVE_TAG_RE};)*${PVE::JSONSchema::PVE_TAG_RE}",
>> +	    typetext => "<tag>[;<tag>...]",
> 
> stray 'a' and ')' in first sentence.
> 
> I am not sure the second sentence is necessary, or rather, wouldn't it be better
> to make the two lists mutually exclusive? e.g., by removing privileged tags from
> the other list?

i don't really want to auto remove stuff from one option when set on another.
maybe it'd make more sense if we don't allow setting and admin tag when
it's already set in the 'user-allow-list' and vice versa? then
there cannot be a situation where a tag is in both lists at the same time?







More information about the pve-devel mailing list