[pve-devel] [PATCH common v4 1/1] json schema/rest environment: add 'expose_credentials' option
Dominik Csapak
d.csapak at proxmox.com
Fri Nov 14 15:59:17 CET 2025
this is used to mark api calls to have access to the credentials
of the connection (token/ticket/etc.).
For that we also expose a 'set/get_credentials' call on the
RESTEnvironment.
This must be set in the http/cli handler.
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
src/PVE/JSONSchema.pm | 8 ++++++++
src/PVE/RESTEnvironment.pm | 14 ++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index c6e0f36..8278899 100644
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@ -1850,6 +1850,14 @@ my $method_schema = {
description => "Method needs special privileges - only pvedaemon can execute it",
optional => 1,
},
+ expose_credentials => {
+ type => 'boolean',
+ description => "Method needs access to the connecting users credentials (ticker or"
+ . " token), so it will be exposed through the RPC environment. Useful to avoid"
+ . " setting 'protected' when one needs to (manually) proxy to other cluster nodes."
+ . " nodes in the handler.",
+ optional => 1,
+ },
allowtoken => {
type => 'boolean',
description => "Method is available for clients authenticated using an API token.",
diff --git a/src/PVE/RESTEnvironment.pm b/src/PVE/RESTEnvironment.pm
index 7695850..d597557 100644
--- a/src/PVE/RESTEnvironment.pm
+++ b/src/PVE/RESTEnvironment.pm
@@ -235,6 +235,20 @@ sub get_user {
die "user name not set\n";
}
+sub set_credentials {
+ my ($self, $credentials) = @_;
+
+ $self->{credentials} = $credentials;
+}
+
+sub get_credentials {
+ my ($self, $noerr) = @_;
+
+ return $self->{credentials} if defined($self->{credentials}) || $noerr;
+
+ die "credentials not set\n";
+}
+
sub set_u2f_challenge {
my ($self, $challenge) = @_;
--
2.47.3
More information about the pve-devel
mailing list