[pve-devel] [PATCH manager v6 02/15] api: add resource map api endpoints for PCI and USB

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Jun 16 09:50:14 CEST 2023


On June 14, 2023 10:46 am, Dominik Csapak wrote:
> this adds the typical section config crud API calls for
> USB and PCI resource mapping to /cluster/resource/{TYPE}
> 
> the only special thing that this series does is the list call
> for both has a special 'check-node' parameter that uses the
> 'proxyto_callback' to reroute the api call to the given node
> so that it can check the validity of the mapping for that node
> 
> in the future when we e.g. broadcast the lspci output via pmxcfs
> we drop the proxyto_callback and directly use the info from
> pmxcfs (or we drop the parameter and always check all nodes)
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  PVE/API2/Cluster.pm               |   8 +
>  PVE/API2/Cluster/Makefile         |   5 +
>  PVE/API2/Cluster/Mapping.pm       |  53 ++++++
>  PVE/API2/Cluster/Mapping/Makefile |  18 ++
>  PVE/API2/Cluster/Mapping/PCI.pm   | 300 ++++++++++++++++++++++++++++++
>  PVE/API2/Cluster/Mapping/USB.pm   | 295 +++++++++++++++++++++++++++++
>  PVE/API2/Hardware.pm              |   1 -
>  PVE/API2/Nodes.pm                 |   1 +
>  8 files changed, 680 insertions(+), 1 deletion(-)
>  create mode 100644 PVE/API2/Cluster/Mapping.pm
>  create mode 100644 PVE/API2/Cluster/Mapping/Makefile
>  create mode 100644 PVE/API2/Cluster/Mapping/PCI.pm
>  create mode 100644 PVE/API2/Cluster/Mapping/USB.pm

[..]

> diff --git a/PVE/API2/Cluster/Mapping/PCI.pm b/PVE/API2/Cluster/Mapping/PCI.pm
> new file mode 100644
> index 00000000..9fe20bea
> --- /dev/null
> +++ b/PVE/API2/Cluster/Mapping/PCI.pm
> @@ -0,0 +1,300 @@
> +package PVE::API2::Cluster::Mapping::PCI;
> +
> +use strict;
> +use warnings;
> +
> +use Storable qw(dclone);
> +
> +use PVE::Cluster qw(cfs_lock_file);
> +use PVE::Mapping::PCI;
> +use PVE::JSONSchema qw(get_standard_option);
> +use PVE::Tools qw(extract_param);
> +
> +use PVE::RESTHandler;
> +
> +use base qw(PVE::RESTHandler);
> +
> +__PACKAGE__->register_method ({
> +    name => 'index',
> +    path => '',
> +    method => 'GET',
> +    # only proxy if we give the 'check-node' parameter
> +    proxyto_callback => sub {
> +       my ($rpcenv, $proxyto, $param) = @_;
> +       return $param->{'check-node'} // 'localhost';
> +    },
> +    description => "List PCI Hardware Mapping",
> +    permissions => {
> +       description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or".
> +           " 'Mapping.Audit' permissions on '/mapping/pci/<name>'.",

nit: the schema/parameters call it 'id', not 'name', repeated a few
times below..

if I create a mapping and then query this API endpoint with pvesh, I get
a wrong result:

$ pvesh ls /cluster/mapping/usb --output-format json
Use of uninitialized value $c in concatenation (.) or string at /usr/share/perl5/PVE/CLI/pvesh.pm line 364.
[{"capabilities":"Dr-c-","name":null}]

not sure whether the issue is with pvesh or here, but could be related
to

> +       user => 'all',
> +    },
> +    parameters => {
> +       additionalProperties => 0,
> +       properties => {
> +           'check-node' => get_standard_option('pve-node', {
> +               description => "If given, checks the configurations on the given node for ".
> +                   "correctness, and adds relevant errors to the devices.",
> +               optional => 1,
> +           }),
> +       },
> +    },
> +    returns => {
> +       type => 'array',
> +       items => {
> +           type => "object",
> +           properties => {
> +               id => {
> +                   type => 'string',
> +                   description => "The logical ID of the mapping."
> +               },
> +               map => {
> +                   type => 'array',
> +                   description => "The entries of the mapping.",
> +                   items => {
> +                       type => 'string',
> +                       description => "A mapping for a node.",
> +                   },
> +               },
> +               description => {
> +                   type => 'string',
> +                   description => "A description of the logical mapping.",
> +               },
> +               error => {
> +                   description => "A list of errors when 'check_node' is given.",
> +                   items => {
> +                       type => 'object',
> +                       properties => {
> +                           severity => {
> +                               type => "string",
> +                               description => "The severity of the error",
> +                           },
> +                           message => {
> +                               type => "string",
> +                               description => "The message of the error",
> +                           },
> +                       },
> +                   }
> +               },
> +           },
> +       },
> +       links => [ { rel => 'child', href => "{name}" } ],

this part here, where it tries to link children using 'name', although
the return value only contains 'id' as property..

> +    },
> +    code => sub {
> +       my ($param) = @_;
> +
> +       my $rpcenv = PVE::RPCEnvironment::get();
> +       my $authuser = $rpcenv->get_user();
> +       my $node = $param->{'check-node'};
> +
> +       die "Wrong node to check\n"
> +           if defined($node) && $node ne 'localhost' && $node ne PVE::INotify::nodename();
> +
> +       my $cfg = PVE::Mapping::PCI::config();
> +
> +       my $res = [];
> +
> +       my $privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit'];
> +
> +       for my $id (keys $cfg->{ids}->%*) {
> +           next if !$rpcenv->check_full($authuser, "/mapping/pci/$id", $privs, 1, 1);
> +           next if !$cfg->{ids}->{$id};
> +
> +           my $entry = dclone($cfg->{ids}->{$id});
> +           $entry->{id} = $id;
> +           $entry->{digest} = $cfg->{digest};
> +
> +           if (defined($node)) {
> +               $entry->{errors} = [];
> +               if (my $mappings = PVE::Mapping::PCI::get_node_mapping($cfg, $id, $node)) {
> +                   if (!scalar($mappings->@*)) {
> +                       push $entry->{errors}->@*, {
> +                           severity => 'warning',
> +                           message => "No mapping for node $node.",
> +                       };
> +                   }
> +                   for my $mapping ($mappings->@*) {
> +                       eval {
> +                           PVE::Mapping::PCI::assert_valid($id, $mapping);
> +                       };
> +                       if (my $err = $@) {
> +                           push $entry->{errors}->@*, {
> +                               severity => 'error',
> +                               message => "Invalid configuration: $err",
> +                           };
> +                       }
> +                   }
> +               }
> +           }
> +
> +           push @$res, $entry;

this adds the full entry to the returned value, and the permission check
allows it with Mappings.*

> +       }
> +
> +       return $res;
> +    },
> +});
> +
> +__PACKAGE__->register_method ({
> +    name => 'get',
> +    protected => 1,
> +    path => '{id}',
> +    method => 'GET',
> +    description => "Get PCI Mapping.",
> +    permissions => {
> +       check =>['or',
> +           ['perm', '/mapping/pci/{name}', ['Mapping.Use']],
> +           ['perm', '/mapping/pci/{name}', ['Mapping.Modify']],

but this here doesn't allow Mapping.Audit?

either the index call needs to return a limited view, or this should be
allowed for Audit as well I think?

> +       ],
> +    },
> +    parameters => {
> +       additionalProperties => 0,
> +       properties => {
> +           id => {
> +               type => 'string',
> +               format => 'pve-configid',
> +           },
> +       }
> +    },
> +    returns => { type => 'object' },
> +    code => sub {
> +       my ($param) = @_;
> +
> +       my $cfg = PVE::Mapping::PCI::config();
> +       my $id = $param->{id};
> +
> +       my $entry = $cfg->{ids}->{$id};
> +       die "mapping '$param->{id}' not found\n" if !defined($entry);
> +
> +       my $data = dclone($entry);
> +
> +       $data->{digest} = $cfg->{digest};
> +
> +       return $data;
> +    }});
> +

> +__PACKAGE__->register_method ({
> +    name => 'create',
> +    protected => 1,
> +    path => '',
> +    method => 'POST',
> +    description => "Create a new hardware mapping.",
> +    permissions => {
> +	check => ['perm', '/mapping/pci/{name}', ['Mapping.Modify']],

we usually use the higher level path for creating (/mapping/pci) -
although the priv here is 'Modify' and not 'Allocate', we are still
creating a new entry ;)

> +    },
> +    # todo parameters

? ;)

> +    parameters => PVE::Mapping::PCI->createSchema(1),
> +    returns => {
> +	type => 'null',
> +    },
> +    code => sub {
> +	my ($param) = @_;
> +
> +	my $id = extract_param($param, 'id');
> +
> +	my $plugin = PVE::Mapping::PCI->lookup('pci');
> +	my $opts = $plugin->check_config($id, $param, 1, 1);
> +
> +	PVE::Mapping::PCI::lock_pci_config(sub {
> +	    my $cfg = PVE::Mapping::PCI::config();
> +
> +	    die "pci ID '$id' already defined\n" if defined($cfg->{ids}->{$id});
> +
> +	    $cfg->{ids}->{$id} = $opts;
> +
> +	    PVE::Mapping::PCI::write_pci_config($cfg);
> +
> +	}, "create hardware mapping failed");
> +
> +	return;
> +    },
> +});
> +
> +__PACKAGE__->register_method ({
> +    name => 'update',
> +    protected => 1,
> +    path => '{id}',
> +    method => 'PUT',
> +    description => "Update a hardware mapping.",
> +    permissions => {
> +	check => ['perm', '/mapping/pci/{id}', ['Mapping.Modify']],

this one is in line with our usual scheme

> +    },
> +    parameters => PVE::Mapping::PCI->updateSchema(),
> +    returns => {
> +	type => 'null',
> +    },
> +    code => sub {
> +	my ($param) = @_;
> +
> +	my $digest = extract_param($param, 'digest');
> +	my $delete = extract_param($param, 'delete');
> +	my $id = extract_param($param, 'id');
> +
> +	if ($delete) {
> +	    $delete = [ PVE::Tools::split_list($delete) ];
> +	}
> +
> +	PVE::Mapping::PCI::lock_pci_config(sub {
> +	    my $cfg = PVE::Mapping::PCI::config();
> +
> +	    PVE::Tools::assert_if_modified($cfg->{digest}, $digest) if defined($digest);
> +
> +	    die "pci ID '$id' does not exist\n" if !defined($cfg->{ids}->{$id});
> +
> +	    my $plugin = PVE::Mapping::PCI->lookup('pci');
> +	    my $opts = $plugin->check_config($id, $param, 1, 1);
> +
> +	    my $data = $cfg->{ids}->{$id};
> +
> +	    my $options = $plugin->private()->{options}->{pci};
> +	    PVE::SectionConfig::delete_from_config($data, $options, $opts, $delete);
> +
> +	    $data->{$_} = $opts->{$_} for keys $opts->%*;
> +
> +	    PVE::Mapping::PCI::write_pci_config($cfg);
> +
> +	}, "update hardware mapping failed");
> +
> +	return;
> +    },
> +});
> +
> +__PACKAGE__->register_method ({
> +    name => 'delete',
> +    protected => 1,
> +    path => '{id}',
> +    method => 'DELETE',
> +    description => "Remove Hardware Mapping.",
> +    permissions => {
> +	check => [ 'perm', '/mapping/pci/{id}', ['Mapping.Modify']],

this one should be changed if the create one is changed - they should
match..

> +    },
> +    parameters => {
> +	additionalProperties => 0,
> +	properties => {
> +	    id => {
> +		type => 'string',
> +		format => 'pve-configid',
> +	    },
> +	}
> +    },
> +    returns => { type => 'null' },
> +    code => sub {
> +	my ($param) = @_;
> +
> +	my $id = $param->{id};
> +
> +	PVE::Mapping::PCI::lock_pci_config(sub {
> +	    my $cfg = PVE::Mapping::PCI::config();
> +
> +	    if ($cfg->{ids}->{$id}) {
> +		delete $cfg->{ids}->{$id};
> +	    }
> +
> +	    PVE::Mapping::PCI::write_pci_config($cfg);
> +
> +	}, "delete pci mapping failed");
> +
> +	return;
> +    }
> +});
> +
> +1;
> diff --git a/PVE/API2/Cluster/Mapping/USB.pm b/PVE/API2/Cluster/Mapping/USB.pm

and pretty much everything mentioned above applies to this one as well
;)

> [..]





More information about the pve-devel mailing list