[pve-devel] [PATCH network v2 2/5] api: add lock-secret parameter to all api calls

Gabriel Goller g.goller at proxmox.com
Thu Jul 24 16:17:27 CEST 2025


From: Stefan Hanreich <s.hanreich at proxmox.com>

The parameter is optional, so all existing create/update/delete
invocations can work as before, only failing if the global lock is
currently set. This ensures backwards-compatibility with the existing
calls to the API in the frontend. If the lock is set, users will get
an error message when trying to modify the configuration from the web
UI.

Co-authored-by: Gabriel Goller <g.goller at proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
 src/PVE/API2/Network/SDN/Controllers.pm       | 21 ++++++++++++++--
 src/PVE/API2/Network/SDN/Dns.pm               | 21 ++++++++++++++--
 src/PVE/API2/Network/SDN/Fabrics/Fabric.pm    |  8 +++++++
 .../API2/Network/SDN/Fabrics/FabricNode.pm    |  9 +++++++
 src/PVE/API2/Network/SDN/Ipams.pm             | 21 ++++++++++++++--
 src/PVE/API2/Network/SDN/Subnets.pm           | 24 +++++++++++++++----
 src/PVE/API2/Network/SDN/Vnets.pm             | 21 ++++++++++++++--
 src/PVE/API2/Network/SDN/Zones.pm             | 21 ++++++++++++++--
 src/PVE/Network/SDN.pm                        |  9 +++++++
 src/PVE/Network/SDN/Fabrics.pm                |  2 ++
 10 files changed, 143 insertions(+), 14 deletions(-)

diff --git a/src/PVE/API2/Network/SDN/Controllers.pm b/src/PVE/API2/Network/SDN/Controllers.pm
index e6eb4cb39248..675e79661bd8 100644
--- a/src/PVE/API2/Network/SDN/Controllers.pm
+++ b/src/PVE/API2/Network/SDN/Controllers.pm
@@ -168,13 +168,19 @@ __PACKAGE__->register_method({
     permissions => {
         check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
     },
-    parameters => PVE::Network::SDN::Controllers::Plugin->createSchema(),
+    parameters => PVE::Network::SDN::Controllers::Plugin->createSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
 
         my $type = extract_param($param, 'type');
         my $id = extract_param($param, 'controller');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         my $plugin = PVE::Network::SDN::Controllers::Plugin->lookup($type);
         my $opts = $plugin->check_config($id, $param, 1, 1);
@@ -204,6 +210,7 @@ __PACKAGE__->register_method({
 
             },
             "create sdn controller object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -219,7 +226,12 @@ __PACKAGE__->register_method({
     permissions => {
         check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
     },
-    parameters => PVE::Network::SDN::Controllers::Plugin->updateSchema(),
+    parameters => PVE::Network::SDN::Controllers::Plugin->updateSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
@@ -227,6 +239,7 @@ __PACKAGE__->register_method({
         my $id = extract_param($param, 'controller');
         my $digest = extract_param($param, 'digest');
         my $delete = extract_param($param, 'delete');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         PVE::Network::SDN::lock_sdn_config(
             sub {
@@ -257,6 +270,7 @@ __PACKAGE__->register_method({
 
             },
             "update sdn controller object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -281,6 +295,7 @@ __PACKAGE__->register_method({
                     completion => \&PVE::Network::SDN::Controllers::complete_sdn_controllers,
                 },
             ),
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
         },
     },
     returns => { type => 'null' },
@@ -288,6 +303,7 @@ __PACKAGE__->register_method({
         my ($param) = @_;
 
         my $id = extract_param($param, 'controller');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         PVE::Network::SDN::lock_sdn_config(
             sub {
@@ -307,6 +323,7 @@ __PACKAGE__->register_method({
 
             },
             "delete sdn controller object failed",
+            $lock_secret,
         );
 
         return undef;
diff --git a/src/PVE/API2/Network/SDN/Dns.pm b/src/PVE/API2/Network/SDN/Dns.pm
index c82e3544252f..941af8b393d3 100644
--- a/src/PVE/API2/Network/SDN/Dns.pm
+++ b/src/PVE/API2/Network/SDN/Dns.pm
@@ -123,13 +123,19 @@ __PACKAGE__->register_method({
     permissions => {
         check => ['perm', '/sdn/dns', ['SDN.Allocate']],
     },
-    parameters => PVE::Network::SDN::Dns::Plugin->createSchema(),
+    parameters => PVE::Network::SDN::Dns::Plugin->createSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
 
         my $type = extract_param($param, 'type');
         my $id = extract_param($param, 'dns');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         my $plugin = PVE::Network::SDN::Dns::Plugin->lookup($type);
         my $opts = $plugin->check_config($id, $param, 1, 1);
@@ -157,6 +163,7 @@ __PACKAGE__->register_method({
 
             },
             "create sdn dns object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -172,7 +179,12 @@ __PACKAGE__->register_method({
     permissions => {
         check => ['perm', '/sdn/dns', ['SDN.Allocate']],
     },
-    parameters => PVE::Network::SDN::Dns::Plugin->updateSchema(),
+    parameters => PVE::Network::SDN::Dns::Plugin->updateSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
@@ -180,6 +192,7 @@ __PACKAGE__->register_method({
         my $id = extract_param($param, 'dns');
         my $digest = extract_param($param, 'digest');
         my $delete = extract_param($param, 'delete');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         PVE::Network::SDN::lock_sdn_config(
             sub {
@@ -209,6 +222,7 @@ __PACKAGE__->register_method({
 
             },
             "update sdn dns object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -233,6 +247,7 @@ __PACKAGE__->register_method({
                     completion => \&PVE::Network::SDN::Dns::complete_sdn_dns,
                 },
             ),
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
         },
     },
     returns => { type => 'null' },
@@ -240,6 +255,7 @@ __PACKAGE__->register_method({
         my ($param) = @_;
 
         my $id = extract_param($param, 'dns');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         PVE::Network::SDN::lock_sdn_config(
             sub {
@@ -255,6 +271,7 @@ __PACKAGE__->register_method({
 
             },
             "delete sdn dns object failed",
+            $lock_secret,
         );
 
         return undef;
diff --git a/src/PVE/API2/Network/SDN/Fabrics/Fabric.pm b/src/PVE/API2/Network/SDN/Fabrics/Fabric.pm
index 8c47b1bc5f00..9cfe88cfea21 100644
--- a/src/PVE/API2/Network/SDN/Fabrics/Fabric.pm
+++ b/src/PVE/API2/Network/SDN/Fabrics/Fabric.pm
@@ -138,6 +138,8 @@ __PACKAGE__->register_method({
     code => sub {
         my ($param) = @_;
 
+        my $lock_secret = extract_param($param, 'lock-secret');
+
         PVE::Network::SDN::lock_sdn_config(
             sub {
                 my $config = PVE::Network::SDN::Fabrics::config();
@@ -149,6 +151,7 @@ __PACKAGE__->register_method({
                 PVE::Network::SDN::Fabrics::write_config($config);
             },
             "adding fabric failed",
+            $lock_secret,
         );
     },
 });
@@ -170,6 +173,7 @@ __PACKAGE__->register_method({
     },
     code => sub {
         my ($param) = @_;
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         PVE::Network::SDN::lock_sdn_config(
             sub {
@@ -184,6 +188,7 @@ __PACKAGE__->register_method({
                 PVE::Network::SDN::Fabrics::write_config($config);
             },
             "updating fabric failed",
+            $lock_secret,
         );
     },
 });
@@ -208,6 +213,8 @@ __PACKAGE__->register_method({
     code => sub {
         my ($param) = @_;
 
+        my $lock_secret = extract_param($param, 'lock-secret');
+
         PVE::Network::SDN::lock_sdn_config(
             sub {
                 my $id = extract_param($param, 'id');
@@ -253,6 +260,7 @@ __PACKAGE__->register_method({
                 PVE::Network::SDN::Fabrics::write_config($config);
             },
             "deleting fabric failed",
+            $lock_secret,
         );
     },
 });
diff --git a/src/PVE/API2/Network/SDN/Fabrics/FabricNode.pm b/src/PVE/API2/Network/SDN/Fabrics/FabricNode.pm
index b28884434b37..ad352e6a4a2e 100644
--- a/src/PVE/API2/Network/SDN/Fabrics/FabricNode.pm
+++ b/src/PVE/API2/Network/SDN/Fabrics/FabricNode.pm
@@ -153,6 +153,8 @@ __PACKAGE__->register_method({
     code => sub {
         my ($param) = @_;
 
+        my $lock_secret = extract_param($param, 'lock-secret');
+
         PVE::Network::SDN::lock_sdn_config(
             sub {
                 my $config = PVE::Network::SDN::Fabrics::config();
@@ -164,6 +166,7 @@ __PACKAGE__->register_method({
                 PVE::Network::SDN::Fabrics::write_config($config);
             },
             "adding node failed",
+            $lock_secret,
         );
     },
 });
@@ -190,6 +193,8 @@ __PACKAGE__->register_method({
     code => sub {
         my ($param) = @_;
 
+        my $lock_secret = extract_param($param, 'lock-secret');
+
         PVE::Network::SDN::lock_sdn_config(
             sub {
                 my $fabric_id = extract_param($param, 'fabric_id');
@@ -204,6 +209,7 @@ __PACKAGE__->register_method({
                 PVE::Network::SDN::Fabrics::write_config($config);
             },
             "updating node failed",
+            $lock_secret,
         );
     },
 });
@@ -233,6 +239,8 @@ __PACKAGE__->register_method({
     code => sub {
         my ($param) = @_;
 
+        my $lock_secret = extract_param($param, 'lock-secret');
+
         PVE::Network::SDN::lock_sdn_config(
             sub {
                 my $fabric_id = extract_param($param, 'fabric_id');
@@ -247,6 +255,7 @@ __PACKAGE__->register_method({
                 PVE::Network::SDN::Fabrics::write_config($config);
             },
             "deleting node failed",
+            $lock_secret,
         );
     },
 });
diff --git a/src/PVE/API2/Network/SDN/Ipams.pm b/src/PVE/API2/Network/SDN/Ipams.pm
index e30d28ffec56..283b33f67d69 100644
--- a/src/PVE/API2/Network/SDN/Ipams.pm
+++ b/src/PVE/API2/Network/SDN/Ipams.pm
@@ -128,13 +128,19 @@ __PACKAGE__->register_method({
     permissions => {
         check => ['perm', '/sdn/ipams', ['SDN.Allocate']],
     },
-    parameters => PVE::Network::SDN::Ipams::Plugin->createSchema(),
+    parameters => PVE::Network::SDN::Ipams::Plugin->createSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
 
         my $type = extract_param($param, 'type');
         my $id = extract_param($param, 'ipam');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         my $plugin = PVE::Network::SDN::Ipams::Plugin->lookup($type);
         my $opts = $plugin->check_config($id, $param, 1, 1);
@@ -164,6 +170,7 @@ __PACKAGE__->register_method({
 
             },
             "create sdn ipam object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -179,7 +186,12 @@ __PACKAGE__->register_method({
     permissions => {
         check => ['perm', '/sdn/ipams', ['SDN.Allocate']],
     },
-    parameters => PVE::Network::SDN::Ipams::Plugin->updateSchema(),
+    parameters => PVE::Network::SDN::Ipams::Plugin->updateSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
@@ -187,6 +199,7 @@ __PACKAGE__->register_method({
         my $id = extract_param($param, 'ipam');
         my $digest = extract_param($param, 'digest');
         my $delete = extract_param($param, 'delete');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         PVE::Network::SDN::lock_sdn_config(
             sub {
@@ -216,6 +229,7 @@ __PACKAGE__->register_method({
 
             },
             "update sdn ipam object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -240,6 +254,7 @@ __PACKAGE__->register_method({
                     completion => \&PVE::Network::SDN::Ipams::complete_sdn_ipams,
                 },
             ),
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
         },
     },
     returns => { type => 'null' },
@@ -247,6 +262,7 @@ __PACKAGE__->register_method({
         my ($param) = @_;
 
         my $id = extract_param($param, 'ipam');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         PVE::Network::SDN::lock_sdn_config(
             sub {
@@ -264,6 +280,7 @@ __PACKAGE__->register_method({
 
             },
             "delete sdn zone object failed",
+            $lock_secret,
         );
 
         return undef;
diff --git a/src/PVE/API2/Network/SDN/Subnets.pm b/src/PVE/API2/Network/SDN/Subnets.pm
index c9f5452b1883..c26a38c17c7f 100644
--- a/src/PVE/API2/Network/SDN/Subnets.pm
+++ b/src/PVE/API2/Network/SDN/Subnets.pm
@@ -190,13 +190,19 @@ __PACKAGE__->register_method({
         description => "Require 'SDN.Allocate' permission on '/sdn/zones/<zone>/<vnet>'",
         user => 'all',
     },
-    parameters => PVE::Network::SDN::SubnetPlugin->createSchema(),
+    parameters => PVE::Network::SDN::SubnetPlugin->createSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
 
         my $type = extract_param($param, 'type');
         my $cidr = extract_param($param, 'subnet');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         my $vnet = $param->{vnet};
         my $privs = ['SDN.Allocate'];
@@ -234,6 +240,7 @@ __PACKAGE__->register_method({
 
             },
             "create sdn subnet object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -250,7 +257,12 @@ __PACKAGE__->register_method({
         description => "Require 'SDN.Allocate' permission on '/sdn/zones/<zone>/<vnet>'",
         user => 'all',
     },
-    parameters => PVE::Network::SDN::SubnetPlugin->updateSchema(),
+    parameters => PVE::Network::SDN::SubnetPlugin->updateSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
@@ -258,6 +270,7 @@ __PACKAGE__->register_method({
         my $id = extract_param($param, 'subnet');
         my $digest = extract_param($param, 'digest');
         my $delete = extract_param($param, 'delete');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         my $vnet = $param->{vnet};
 
@@ -295,6 +308,7 @@ __PACKAGE__->register_method({
 
             },
             "update sdn subnet object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -321,6 +335,7 @@ __PACKAGE__->register_method({
                     completion => \&PVE::Network::SDN::Subnets::complete_sdn_subnets,
                 },
             ),
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
         },
     },
     returns => { type => 'null' },
@@ -329,6 +344,8 @@ __PACKAGE__->register_method({
 
         my $id = extract_param($param, 'subnet');
         my $vnet = extract_param($param, 'vnet');
+        my $lock_secret = extract_param($param, 'lock-secret');
+
         my $privs = ['SDN.Allocate'];
         &$check_vnet_access($vnet, $privs);
 
@@ -350,10 +367,9 @@ __PACKAGE__->register_method({
 
                 delete $cfg->{ids}->{$id};
 
-                PVE::Network::SDN::Subnets::write_config($cfg);
-
             },
             "delete sdn subnet object failed",
+            $lock_secret,
         );
 
         return undef;
diff --git a/src/PVE/API2/Network/SDN/Vnets.pm b/src/PVE/API2/Network/SDN/Vnets.pm
index 560828371beb..dd4cf43f35a3 100644
--- a/src/PVE/API2/Network/SDN/Vnets.pm
+++ b/src/PVE/API2/Network/SDN/Vnets.pm
@@ -205,13 +205,19 @@ __PACKAGE__->register_method({
     permissions => {
         check => ['perm', '/sdn/zones/{zone}', ['SDN.Allocate']],
     },
-    parameters => PVE::Network::SDN::VnetPlugin->createSchema(),
+    parameters => PVE::Network::SDN::VnetPlugin->createSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
 
         my $type = extract_param($param, 'type');
         my $id = extract_param($param, 'vnet');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         PVE::Cluster::check_cfs_quorum();
         mkdir("/etc/pve/sdn");
@@ -238,6 +244,7 @@ __PACKAGE__->register_method({
 
             },
             "create sdn vnet object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -254,7 +261,12 @@ __PACKAGE__->register_method({
         description => "Require 'SDN.Allocate' permission on '/sdn/zones/<zone>/<vnet>'",
         user => 'all',
     },
-    parameters => PVE::Network::SDN::VnetPlugin->updateSchema(),
+    parameters => PVE::Network::SDN::VnetPlugin->updateSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
@@ -262,6 +274,7 @@ __PACKAGE__->register_method({
         my $id = extract_param($param, 'vnet');
         my $digest = extract_param($param, 'digest');
         my $delete = extract_param($param, 'delete');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         my $privs = ['SDN.Allocate'];
         &$check_vnet_access($id, $privs);
@@ -307,6 +320,7 @@ __PACKAGE__->register_method({
 
             },
             "update sdn vnet object failed",
+            $lock_secret,
         );
 
         return undef;
@@ -332,6 +346,7 @@ __PACKAGE__->register_method({
                     completion => \&PVE::Network::SDN::Vnets::complete_sdn_vnets,
                 },
             ),
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
         },
     },
     returns => { type => 'null' },
@@ -339,6 +354,7 @@ __PACKAGE__->register_method({
         my ($param) = @_;
 
         my $id = extract_param($param, 'vnet');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         my $privs = ['SDN.Allocate'];
         &$check_vnet_access($id, $privs);
@@ -356,6 +372,7 @@ __PACKAGE__->register_method({
 
             },
             "delete sdn vnet object failed",
+            $lock_secret,
         );
 
         return undef;
diff --git a/src/PVE/API2/Network/SDN/Zones.pm b/src/PVE/API2/Network/SDN/Zones.pm
index e53e6e7d430d..a7ee85bb5ba7 100644
--- a/src/PVE/API2/Network/SDN/Zones.pm
+++ b/src/PVE/API2/Network/SDN/Zones.pm
@@ -207,13 +207,19 @@ __PACKAGE__->register_method({
     permissions => {
         check => ['perm', '/sdn/zones', ['SDN.Allocate']],
     },
-    parameters => PVE::Network::SDN::Zones::Plugin->createSchema(),
+    parameters => PVE::Network::SDN::Zones::Plugin->createSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
 
         my $type = extract_param($param, 'type');
         my $id = extract_param($param, 'zone');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($type);
         my $opts = $plugin->check_config($id, $param, 1, 1);
@@ -256,6 +262,7 @@ __PACKAGE__->register_method({
 
             },
             "create sdn zone object failed",
+            $lock_secret,
         );
 
         return;
@@ -271,7 +278,12 @@ __PACKAGE__->register_method({
     permissions => {
         check => ['perm', '/sdn/zones/{zone}', ['SDN.Allocate']],
     },
-    parameters => PVE::Network::SDN::Zones::Plugin->updateSchema(),
+    parameters => PVE::Network::SDN::Zones::Plugin->updateSchema(
+        undef,
+        {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+        },
+    ),
     returns => { type => 'null' },
     code => sub {
         my ($param) = @_;
@@ -279,6 +291,7 @@ __PACKAGE__->register_method({
         my $id = extract_param($param, 'zone');
         my $digest = extract_param($param, 'digest');
         my $delete = extract_param($param, 'delete');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         if ($delete) {
             $delete = [PVE::Tools::split_list($delete)];
@@ -344,6 +357,7 @@ __PACKAGE__->register_method({
 
             },
             "update sdn zone object failed",
+            $lock_secret,
         );
 
         return;
@@ -368,6 +382,7 @@ __PACKAGE__->register_method({
                     completion => \&PVE::Network::SDN::Zones::complete_sdn_zones,
                 },
             ),
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
         },
     },
     returns => { type => 'null' },
@@ -375,6 +390,7 @@ __PACKAGE__->register_method({
         my ($param) = @_;
 
         my $id = extract_param($param, 'zone');
+        my $lock_secret = extract_param($param, 'lock-secret');
 
         PVE::Network::SDN::lock_sdn_config(
             sub {
@@ -391,6 +407,7 @@ __PACKAGE__->register_method({
                 PVE::Network::SDN::Zones::write_config($cfg);
             },
             "delete sdn zone object failed",
+            $lock_secret,
         );
 
         return;
diff --git a/src/PVE/Network/SDN.pm b/src/PVE/Network/SDN.pm
index efee21543387..adcae175aa2d 100644
--- a/src/PVE/Network/SDN.pm
+++ b/src/PVE/Network/SDN.pm
@@ -50,6 +50,15 @@ PVE::Cluster::cfs_register_file($running_cfg, $parse_running_cfg, $write_running
 
 my $LOCK_SECRET_FILE = "/etc/pve/sdn/.lock";
 
+PVE::JSONSchema::register_standard_option(
+    'pve-sdn-lock-secret',
+    {
+        type => 'string',
+        description => "the secret for unlocking the global SDN configuration",
+        optional => 1,
+    },
+);
+
 # improve me : move status code inside plugins ?
 
 sub ifquery_check {
diff --git a/src/PVE/Network/SDN/Fabrics.pm b/src/PVE/Network/SDN/Fabrics.pm
index 796d14978cfe..fcc9679a61f1 100644
--- a/src/PVE/Network/SDN/Fabrics.pm
+++ b/src/PVE/Network/SDN/Fabrics.pm
@@ -128,6 +128,7 @@ sub node_properties {
         node_id => get_standard_option('pve-sdn-fabric-node-id'),
         protocol => get_standard_option('pve-sdn-fabric-protocol'),
         digest => get_standard_option('pve-config-digest'),
+        'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
         ip => {
             type => 'string',
             format => 'ipv4',
@@ -227,6 +228,7 @@ sub fabric_properties {
         id => get_standard_option('pve-sdn-fabric-id'),
         protocol => get_standard_option('pve-sdn-fabric-protocol'),
         digest => get_standard_option('pve-config-digest'),
+        'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
         ip_prefix => {
             type => 'string',
             format => 'CIDR',
-- 
2.39.5





More information about the pve-devel mailing list