[pve-devel] [PATCH storage] fix #5008: prevent adding pbs storage with invalid namespace
Fiona Ebner
f.ebner at proxmox.com
Wed Nov 15 09:31:06 CET 2023
Am 14.11.23 um 15:27 schrieb Philipp Hufnagl:
> Currently, when adding a PBS storage with a namespace that does not
> exist, the storage gets added normally, but browsing/using it only
> returns a cryptic error message.
>
> This change checks if the namespace entered when adding is valid and
> prompts an error if it is not. If no namespace is provided, the storage
> will be added without error.
Does not fully describe the change: It checks if the namespace is valid
each time the storage is activated, not just when adding.
>
> Signed-off-by: Philipp Hufnagl <p.hufnagl at proxmox.com>
> ---
> src/PVE/Storage/PBSPlugin.pm | 21 ++++++++++++++++++++-
> 1 file changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/src/PVE/Storage/PBSPlugin.pm b/src/PVE/Storage/PBSPlugin.pm
> index 4320974..aceb2c4 100644
> --- a/src/PVE/Storage/PBSPlugin.pm
> +++ b/src/PVE/Storage/PBSPlugin.pm
> @@ -817,6 +817,17 @@ sub scan_datastores {
> return $response;
> }
>
> +sub scan_namespaces {
> + my ($scfg, $datastore, $password) = @_;
> +
> + my $conn = pbs_api_connect($scfg, $password);
Not super important, but would be nice to have a way to re-use the same
connection in scan_datastores() and here, since activate_storage() will
call both of them.
> +
> + my $namespaces = eval { $conn->get("/api2/json/admin/datastore/$datastore/namespace", {}); };
> + die "error fetching namespaces - $@" if $@;
> +
> + return $namespaces;
> +}
> +
> sub activate_storage {
> my ($class, $storeid, $scfg, $cache) = @_;
>
> @@ -826,10 +837,18 @@ sub activate_storage {
> die "$storeid: $@" if $@;
>
> my $datastore = $scfg->{datastore};
> + my $namespace = $scfg->{namespace};
>
> for my $ds (@$datastores) {
> if ($ds->{store} eq $datastore) {
> - return 1;
> + return 1 if !defined($namespace);
> + my $namespaces = eval { scan_namespaces($scfg, $datastore, $password) };
Why use eval and ignore the error here? Like that users (and we) won't
know if the api request or connection failed and just get the error
message from below about permissions/existence then.
> + for my $ns (@$namespaces) {
> + if ($ns->{ns} eq $namespace) {
> + return 1;
> + }
> + }
> + die "$storeid: Cannot find namespace '$namespace', check permissions and existence!\n";
> }
> }
>
More information about the pve-devel
mailing list