[pve-devel] applied: [PATCH guest-common v3 1/5] guest helpers: add helper to abort active guest tasks of a certain type

[Thomas Lamprecht]

Am 12/04/2024 um 16:15 schrieb Friedrich Weber:
> Given a `(type, user, vmid)` tuple, the helper aborts all tasks of the
> given `type` for guest `vmid` that `user` is allowed to abort:
> 
> - If `user` has `Sys.Modify` on the node, they can abort any task
> - If `user` is an API token, it can abort any task it started itself
> - If `user` is a user, they can abort any task started by themselves
>   or one of their API tokens.
> 
> The helper is used to overrule any active qmshutdown/vzshutdown tasks
> when attempting to stop a VM/CT (if requested).
> 
> Signed-off-by: Friedrich Weber <f.weber at proxmox.com>
> ---
> 
> Notes:
>     As the computation of `$can_abort_task` essentially duplicates logic
>     from PVE/API2/Tasks.pm, I considered reusing that, but this would have
>     required moving it to one of the dependencies of pve-guest-common
>     (Thomas suggested pve-access-control off-list). Seeing that the logic
>     boils down to 4 lines in `abort_guest_tasks`, I didn't consider it
>     worth the trouble in the end. Happy to reconsider, though.
>     
>     changes v2 -> v3:
>     - improved readability: renamed subroutine to describe what it does,
>       renamed return value, added comment, clarified commit message (thx
>       Thomas)
>     - better align logic with current permission model for stopping tasks:
>       - allow users with Sys.Modify to abort *any* task (thx Thomas)
>       - allow users to abort tasks of their tokens
>     
>     no changes v1 -> v2
> 
>  src/PVE/GuestHelpers.pm | 35 +++++++++++++++++++++++++++++++++++
>  1 file changed, 35 insertions(+)
> 
>

applied, with some (very) tiny efficiency improvement as follow-up, thanks!