[pve-devel] [PATCH manager v2 1/1] api: add guest profile api endpoint
Dominik Csapak
d.csapak at proxmox.com
Tue Nov 14 11:35:45 CET 2023
basic CRUD for the profile section config
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
changes from v1:
* use raise_param_exc when id or type is wrong
* extract the type from param
* use /mapping/guest-profile as acl path
* add missing index entry for profiles
PVE/API2/Cluster.pm | 7 ++
PVE/API2/Cluster/Makefile | 1 +
PVE/API2/Cluster/Profiles.pm | 230 +++++++++++++++++++++++++++++++++++
3 files changed, 238 insertions(+)
create mode 100644 PVE/API2/Cluster/Profiles.pm
diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index 04387ab4..d628df85 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -30,6 +30,7 @@ use PVE::API2::Cluster::Mapping;
use PVE::API2::Cluster::Jobs;
use PVE::API2::Cluster::MetricServer;
use PVE::API2::Cluster::Notifications;
+use PVE::API2::Cluster::Profiles;
use PVE::API2::ClusterConfig;
use PVE::API2::Firewall::Cluster;
use PVE::API2::HAConfig;
@@ -103,6 +104,11 @@ __PACKAGE__->register_method ({
path => 'mapping',
});
+__PACKAGE__->register_method ({
+ subclass => "PVE::API2::Cluster::Profiles",
+ path => 'profiles',
+});
+
if ($have_sdn) {
__PACKAGE__->register_method ({
subclass => "PVE::API2::Network::SDN",
@@ -158,6 +164,7 @@ __PACKAGE__->register_method ({
{ name => 'notifications' },
{ name => 'nextid' },
{ name => 'options' },
+ { name => 'profiles' },
{ name => 'replication' },
{ name => 'resources' },
{ name => 'status' },
diff --git a/PVE/API2/Cluster/Makefile b/PVE/API2/Cluster/Makefile
index b109e5cb..35a3f871 100644
--- a/PVE/API2/Cluster/Makefile
+++ b/PVE/API2/Cluster/Makefile
@@ -9,6 +9,7 @@ PERLSOURCE= \
MetricServer.pm \
Mapping.pm \
Notifications.pm \
+ Profiles.pm \
Jobs.pm \
Ceph.pm
diff --git a/PVE/API2/Cluster/Profiles.pm b/PVE/API2/Cluster/Profiles.pm
new file mode 100644
index 00000000..3d1ec67c
--- /dev/null
+++ b/PVE/API2/Cluster/Profiles.pm
@@ -0,0 +1,230 @@
+package PVE::API2::Cluster::Profiles;
+
+use warnings;
+use strict;
+
+use PVE::Tools qw(extract_param extract_sensitive_params);
+use PVE::Exception qw(raise_perm_exc raise_param_exc);
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::RPCEnvironment;
+
+use PVE::Profiles::Plugin;
+use PVE::Profiles::VM;
+use PVE::Profiles::CT;
+
+PVE::Profiles::VM->register();
+PVE::Profiles::CT->register();
+PVE::Profiles::Plugin->init(1);
+
+use PVE::RESTHandler;
+
+use base qw(PVE::RESTHandler);
+
+__PACKAGE__->register_method ({
+ name => 'profile_index',
+ path => '',
+ method => 'GET',
+ description => "List configured guest profiles.",
+ permissions => {
+ user => 'all',
+ description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or".
+ " 'Mapping.Audit' permissions on 'mapping/guest-profile/<id>'.",
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {},
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => "object",
+ properties => {
+ id => {
+ description => "The ID of the entry.",
+ type => 'string'
+ },
+ type => {
+ description => "Plugin type.",
+ type => 'string',
+ },
+ },
+ },
+ links => [ { rel => 'child', href => "{id}" } ],
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my $res = [];
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+ my $can_see_mapping_privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit'];
+
+ for my $id (sort keys $cfg->{ids}->%*) {
+ next if !$rpcenv->check_any($authuser, "/mapping/guest-profile/$id", $can_see_mapping_privs, 1);
+ my $plugin_config = $cfg->{ids}->{$id};
+ push @$res, {
+ id => $id,
+ type => $plugin_config->{type},
+ };
+ }
+
+ return $res;
+ }});
+
+__PACKAGE__->register_method ({
+ name => 'read',
+ path => '{id}',
+ method => 'GET',
+ description => "Read profile configuration.",
+ permissions => {
+ check =>['or',
+ ['perm', '/mapping/guest-profile/{id}', ['Mapping.Use']],
+ ['perm', '/mapping/guest-profile/{id}', ['Mapping.Modify']],
+ ['perm', '/mapping/guest-profile/{id}', ['Mapping.Audit']],
+ ],
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ id => {
+ type => 'string',
+ format => 'pve-configid',
+ },
+ },
+ },
+ returns => { type => 'object' },
+ code => sub {
+ my ($param) = @_;
+
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+ my $id = $param->{id};
+
+ raise_param_exc({id => "no such profile '$id'"}) if !defined($cfg->{ids}->{$id});
+
+ return $cfg->{ids}->{$id};
+ }});
+
+__PACKAGE__->register_method ({
+ name => 'create',
+ path => '{id}',
+ protected => 1,
+ method => 'POST',
+ description => "Create a new profile.",
+ permissions => {
+ check => ['perm', '/mapping/guest-profile', ['Mapping.Modify']],
+ },
+ parameters => PVE::Profiles::Plugin->createSchema(),
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my $type = extract_param($param, 'type');
+ my $plugin = PVE::Profiles::Plugin->lookup($type);
+ my $id = extract_param($param, 'id');
+
+ PVE::Cluster::cfs_lock_file('virtual-guest/profiles.cfg', undef, sub {
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+
+ raise_param_exc({id => "Profile '$id' already exists"})
+ if $cfg->{ids}->{$id};
+
+ my $opts = $plugin->check_config($id, $param, 1, 1);
+
+ $cfg->{ids}->{$id} = $opts;
+
+ PVE::Cluster::cfs_write_file('virtual-guest/profiles.cfg', $cfg);
+ });
+ die $@ if $@;
+
+ return;
+ }});
+
+
+__PACKAGE__->register_method ({
+ name => 'update',
+ protected => 1,
+ path => '{id}',
+ method => 'PUT',
+ description => "Update profile configuration.",
+ permissions => {
+ check => ['perm', '/mapping/guest-profile/{id}', ['Mapping.Modify']],
+ },
+ parameters => PVE::Profiles::Plugin->updateSchema(),
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my $id = extract_param($param, 'id');
+ my $type = extract_param($param, 'type');
+ my $digest = extract_param($param, 'digest');
+ my $delete = extract_param($param, 'delete');
+
+ if ($delete) {
+ $delete = [PVE::Tools::split_list($delete)];
+ }
+
+ PVE::Cluster::cfs_lock_file('virtual-guest/profiles.cfg', undef, sub {
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+
+ PVE::SectionConfig::assert_if_modified($cfg, $digest);
+
+ my $data = $cfg->{ids}->{$id};
+ raise_param_exc({id => "no such profile '$id'"}) if !defined($data);
+ raise_param_exc({type => "wrong type '$type"}) if $type ne $data->{type};
+
+ my $plugin = PVE::Profiles::Plugin->lookup($data->{type});
+ my $opts = $plugin->check_config($id, $param, 0, 1);
+
+ my $options = $plugin->private()->{options}->{$data->{type}};
+ PVE::SectionConfig::delete_from_config($data, $options, $opts, $delete);
+
+ $data->{$_} = $opts->{$_} for keys $opts->%*;
+
+ PVE::Cluster::cfs_write_file('virtual-guest/profiles.cfg', $cfg);
+ });
+ die $@ if $@;
+
+ return;
+ }});
+
+__PACKAGE__->register_method ({
+ name => 'delete',
+ protected => 1,
+ path => '{id}',
+ method => 'DELETE',
+ description => "Remove profile.",
+ permissions => {
+ check => [ 'perm', '/mapping/guest-profile', ['Mapping.Modify']],
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ id => {
+ type => 'string',
+ format => 'pve-configid',
+ },
+ }
+ },
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my $id = $param->{id};
+
+ PVE::Cluster::cfs_lock_file('virtual-guest/profiles.cfg', undef, sub {
+ my $cfg = PVE::Cluster::cfs_read_file('virtual-guest/profiles.cfg');
+
+ if ($cfg->{ids}->{$id}) {
+ delete $cfg->{ids}->{$id};
+ }
+
+ PVE::Cluster::cfs_write_file('virtual-guest/profiles.cfg', $cfg);
+ });
+ die $@ if $@;
+
+ return;
+ }});
+
+1;
--
2.30.2
More information about the pve-devel
mailing list