[pve-devel] [PATCH pve-manager v4 04/10] api: cluster: add support for network resource type
Stefan Hanreich
s.hanreich at proxmox.com
Thu Nov 13 17:19:18 CET 2025
pvestatd now broadcasts a new network resource type, instead of the
sdn resource type. This commit adds handling for this new network type
to the resources endpoint. In order to be able to deal with older
nodes, keep support for parsing the old sdn resource type.
Upgraded nodes will still broadcast the old format for
backwards-compatibility and nodes with this patch applied support
handling both formats. With this patch, nodes will check whether a
node is sending both formats or only the old one, and parse the
resources based on that information. Older nodes will drop the new
network resource type, but will still be able to show zones, because
the old format still gets broadcast. Newer nodes will take the
information from the network store, if available, otherwise fall back
to the SDN store.
Another reason for keeping the old format around is so we do not break
older clients, that rely on the old SDN format - removing it would be
a breaking API change.
Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
PVE/API2/Cluster.pm | 106 ++++++++++++++++++++++++++++++++++++--------
1 file changed, 88 insertions(+), 18 deletions(-)
diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index 479803960..eb9ddcc39 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -222,6 +222,32 @@ __PACKAGE__->register_method({
},
});
+my sub can_access_network {
+ my ($rpcenv, $network) = @_;
+ my $authuser = $rpcenv->get_user();
+
+ if ($network->{'network-type'} eq 'fabric') {
+ return $rpcenv->check_any(
+ $authuser,
+ "/sdn/fabrics/$network->{network}",
+ ['SDN.Audit', 'SDN.Allocate'],
+ 1,
+ );
+ } elsif ($network->{'network-type'} eq 'zone') {
+ return $rpcenv->check(
+ $authuser,
+ "/sdn/zones/$network->{network}",
+ ['SDN.Audit'],
+ 1,
+ );
+ }
+
+ # unknown type, so most likely introduced in a newer
+ # version - avoid leaking information by suppressing any
+ # unknown sdn types in the returned array.
+ return 0;
+}
+
__PACKAGE__->register_method({
name => 'resources',
path => 'resources',
@@ -251,7 +277,8 @@ __PACKAGE__->register_method({
type => {
description => "Resource type.",
type => 'string',
- enum => ['node', 'storage', 'pool', 'qemu', 'lxc', 'openvz', 'sdn'],
+ enum =>
+ ['node', 'storage', 'pool', 'qemu', 'lxc', 'openvz', 'sdn', 'network'],
},
status => {
description => "Resource type dependent status.",
@@ -431,6 +458,23 @@ __PACKAGE__->register_method({
optional => 1,
default => 0,
},
+ network => {
+ description => "The name of a Network entity (for type 'network').",
+ type => "string",
+ optional => 1,
+ },
+ 'network-type' => {
+ description => "The type of network resource (for type 'network').",
+ type => "string",
+ enum => ["fabric", "zone"],
+ optional => 1,
+ },
+ protocol => {
+ description =>
+ "The protocol of a fabric (for type 'network', network-type 'fabric').",
+ type => "string",
+ optional => 1,
+ },
},
},
},
@@ -584,25 +628,15 @@ __PACKAGE__->register_method({
}
if (!$param->{type} || $param->{type} eq 'sdn') {
- #add default "localnetwork" zone
- if ($rpcenv->check($authuser, "/sdn/zones/localnetwork", ['SDN.Audit'], 1)) {
- foreach my $node (@$nodelist) {
- my $local_sdn = {
- id => "sdn/$node/localnetwork",
- sdn => 'localnetwork',
- node => $node,
- type => 'sdn',
- status => 'ok',
- };
- push @$res, $local_sdn;
- }
- }
+ my $nodes = PVE::Cluster::get_node_kv("sdn");
+ my $network_nodes = PVE::Cluster::get_node_kv("network");
- if ($have_sdn) {
- my $nodes = PVE::Cluster::get_node_kv("sdn");
+ for my $node (sort keys %{$nodes}) {
+ # host is already sending the new network resource, so ignore
+ # its sdn resources
+ next if defined $network_nodes->{$node};
- for my $node (sort keys %{$nodes}) {
- my $sdns = decode_json($nodes->{$node});
+ my $sdns = decode_json($nodes->{$node});
for my $id (sort keys %{$sdns}) {
next if !$rpcenv->check($authuser, "/sdn/zones/$id", ['SDN.Audit'], 1);
@@ -620,6 +654,42 @@ __PACKAGE__->register_method({
}
}
+ if (!$param->{type} || $param->{type} eq 'network') {
+ my $nodes = PVE::Cluster::get_node_kv("network");
+
+ # add default "localnetwork" zone
+ if ($rpcenv->check($authuser, "/sdn/zones/localnetwork", ['SDN.Audit'], 1)) {
+ foreach my $node (@$nodelist) {
+ my $local_sdn = {
+ id => "network/$node/zone/localnetwork",
+ type => 'network',
+ 'network-type' => 'zone',
+ network => 'localnetwork',
+ node => $node,
+ status => 'ok',
+ };
+ push $res->@*, $local_sdn;
+ }
+ }
+
+ for my $node (sort keys $nodes->%*) {
+ my $node_config = decode_json($nodes->{$node});
+
+ for my $id (sort keys $node_config->%*) {
+ my $entry = $node_config->{$id};
+
+ next if !can_access_network($rpcenv, $entry);
+
+ push $res->@*,
+ {
+ "id" => "network/$node/$entry->{'network-type'}/$entry->{network}",
+ "node" => $node,
+ $entry->%*,
+ };
+ }
+ }
+ }
+
return $res;
},
});
--
2.47.3
More information about the pve-devel
mailing list