api: add resource map api endpoints for PCI and USB

this adds the typical section config crud API calls for
USB and PCI resource mapping to /cluster/mapping/{TYPE}

the only special thing that this series does is the list call
for both has a special 'check-node' parameter that uses the
'proxyto_callback' to reroute the api call to the given node
so that it can check the validity of the mapping for that node

in the future when we e.g. broadcast the lspci output via pmxcfs
we drop the proxyto_callback and directly use the info from
pmxcfs (or we drop the parameter and always check all nodes)

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2023-06-16 15:05:28 +02:00 committed by Thomas Lamprecht
parent 0fe0a2dd2b
commit 797bcf9aa2
7 changed files with 679 additions and 1 deletions

View File

@ -26,6 +26,7 @@ use PVE::API2::ACMEPlugin;
use PVE::API2::Backup;
use PVE::API2::Cluster::BackupInfo;
use PVE::API2::Cluster::Ceph;
use PVE::API2::Cluster::Mapping;
use PVE::API2::Cluster::Jobs;
use PVE::API2::Cluster::MetricServer;
use PVE::API2::ClusterConfig;
@ -90,6 +91,12 @@ __PACKAGE__->register_method ({
subclass => "PVE::API2::Cluster::Jobs",
path => 'jobs',
});
__PACKAGE__->register_method ({
subclass => "PVE::API2::Cluster::Mapping",
path => 'mapping',
});
if ($have_sdn) {
__PACKAGE__->register_method ({
subclass => "PVE::API2::Network::SDN",
@ -140,6 +147,7 @@ __PACKAGE__->register_method ({
{ name => 'ha' },
{ name => 'jobs' },
{ name => 'log' },
{ name => 'mapping' },
{ name => 'metrics' },
{ name => 'nextid' },
{ name => 'options' },

View File

@ -1,10 +1,13 @@
include ../../../defines.mk
SUBDIRS=Mapping
# for node independent, cluster-wide applicable, API endpoints
# ensure we do not conflict with files shipped by pve-cluster!!
PERLSOURCE= \
BackupInfo.pm \
MetricServer.pm \
Mapping.pm \
Jobs.pm \
Ceph.pm
@ -13,8 +16,10 @@ all:
.PHONY: clean
clean:
rm -rf *~
set -e && for i in ${SUBDIRS}; do ${MAKE} -C $$i $@; done
.PHONY: install
install: $(PERLSOURCE)
install -d $(PERLLIBDIR)/PVE/API2/Cluster
install -m 0644 $(PERLSOURCE) $(PERLLIBDIR)/PVE/API2/Cluster
set -e && for i in $(SUBDIRS); do $(MAKE) -C $$i $@; done

View File

@ -0,0 +1,53 @@
package PVE::API2::Cluster::Mapping;
use strict;
use warnings;
use PVE::RESTHandler;
use PVE::API2::Cluster::Mapping::PCI;
use PVE::API2::Cluster::Mapping::USB;
use base qw(PVE::RESTHandler);
__PACKAGE__->register_method ({
subclass => "PVE::API2::Cluster::Mapping::PCI",
path => 'pci',
});
__PACKAGE__->register_method ({
subclass => "PVE::API2::Cluster::Mapping::USB",
path => 'usb',
});
__PACKAGE__->register_method ({
name => 'index',
path => '',
method => 'GET',
description => "List resource types.",
permissions => {
user => 'all',
},
parameters => {
additionalProperties => 0,
properties => {},
},
returns => {
type => 'array',
items => {
type => "object",
},
links => [ { rel => 'child', href => "{name}" } ],
},
code => sub {
my ($param) = @_;
my $result = [
{ name => 'pci' },
{ name => 'usb' },
];
return $result;
}});
1;

View File

@ -0,0 +1,18 @@
include ../../../../defines.mk
# for node independent, cluster-wide applicable, API endpoints
# ensure we do not conflict with files shipped by pve-cluster!!
PERLSOURCE= \
PCI.pm \
USB.pm
all:
.PHONY: clean
clean:
rm -rf *~
.PHONY: install
install: ${PERLSOURCE}
install -d ${PERLLIBDIR}/PVE/API2/Cluster/Mapping
install -m 0644 ${PERLSOURCE} ${PERLLIBDIR}/PVE/API2/Cluster/Mapping

View File

@ -0,0 +1,300 @@
package PVE::API2::Cluster::Mapping::PCI;
use strict;
use warnings;
use Storable qw(dclone);
use PVE::Cluster qw(cfs_lock_file);
use PVE::Mapping::PCI;
use PVE::JSONSchema qw(get_standard_option);
use PVE::Tools qw(extract_param);
use PVE::RESTHandler;
use base qw(PVE::RESTHandler);
__PACKAGE__->register_method ({
name => 'index',
path => '',
method => 'GET',
# only proxy if we give the 'check-node' parameter
proxyto_callback => sub {
my ($rpcenv, $proxyto, $param) = @_;
return $param->{'check-node'} // 'localhost';
},
description => "List PCI Hardware Mapping",
permissions => {
description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or".
" 'Mapping.Audit' permissions on '/mapping/pci/<id>'.",
user => 'all',
},
parameters => {
additionalProperties => 0,
properties => {
'check-node' => get_standard_option('pve-node', {
description => "If given, checks the configurations on the given node for ".
"correctness, and adds relevant errors to the devices.",
optional => 1,
}),
},
},
returns => {
type => 'array',
items => {
type => "object",
properties => {
id => {
type => 'string',
description => "The logical ID of the mapping."
},
map => {
type => 'array',
description => "The entries of the mapping.",
items => {
type => 'string',
description => "A mapping for a node.",
},
},
description => {
type => 'string',
description => "A description of the logical mapping.",
},
error => {
description => "A list of errors when 'check_node' is given.",
items => {
type => 'object',
properties => {
severity => {
type => "string",
description => "The severity of the error",
},
message => {
type => "string",
description => "The message of the error",
},
},
}
},
},
},
links => [ { rel => 'child', href => "{id}" } ],
},
code => sub {
my ($param) = @_;
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
my $node = $param->{'check-node'};
die "Wrong node to check\n"
if defined($node) && $node ne 'localhost' && $node ne PVE::INotify::nodename();
my $cfg = PVE::Mapping::PCI::config();
my $res = [];
my $privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit'];
for my $id (keys $cfg->{ids}->%*) {
next if !$rpcenv->check_full($authuser, "/mapping/pci/$id", $privs, 1, 1);
next if !$cfg->{ids}->{$id};
my $entry = dclone($cfg->{ids}->{$id});
$entry->{id} = $id;
$entry->{digest} = $cfg->{digest};
if (defined($node)) {
$entry->{errors} = [];
if (my $mappings = PVE::Mapping::PCI::get_node_mapping($cfg, $id, $node)) {
if (!scalar($mappings->@*)) {
push $entry->{errors}->@*, {
severity => 'warning',
message => "No mapping for node $node.",
};
}
for my $mapping ($mappings->@*) {
eval {
PVE::Mapping::PCI::assert_valid($id, $mapping);
};
if (my $err = $@) {
push $entry->{errors}->@*, {
severity => 'error',
message => "Invalid configuration: $err",
};
}
}
}
}
push @$res, $entry;
}
return $res;
},
});
__PACKAGE__->register_method ({
name => 'get',
protected => 1,
path => '{id}',
method => 'GET',
description => "Get PCI Mapping.",
permissions => {
check =>['or',
['perm', '/mapping/pci/{id}', ['Mapping.Use']],
['perm', '/mapping/pci/{id}', ['Mapping.Modify']],
['perm', '/mapping/pci/{id}', ['Mapping.Audit']],
],
},
parameters => {
additionalProperties => 0,
properties => {
id => {
type => 'string',
format => 'pve-configid',
},
}
},
returns => { type => 'object' },
code => sub {
my ($param) = @_;
my $cfg = PVE::Mapping::PCI::config();
my $id = $param->{id};
my $entry = $cfg->{ids}->{$id};
die "mapping '$param->{id}' not found\n" if !defined($entry);
my $data = dclone($entry);
$data->{digest} = $cfg->{digest};
return $data;
}});
__PACKAGE__->register_method ({
name => 'create',
protected => 1,
path => '',
method => 'POST',
description => "Create a new hardware mapping.",
permissions => {
check => ['perm', '/mapping/pci', ['Mapping.Modify']],
},
parameters => PVE::Mapping::PCI->createSchema(1),
returns => {
type => 'null',
},
code => sub {
my ($param) = @_;
my $id = extract_param($param, 'id');
my $plugin = PVE::Mapping::PCI->lookup('pci');
my $opts = $plugin->check_config($id, $param, 1, 1);
PVE::Mapping::PCI::lock_pci_config(sub {
my $cfg = PVE::Mapping::PCI::config();
die "pci ID '$id' already defined\n" if defined($cfg->{ids}->{$id});
$cfg->{ids}->{$id} = $opts;
PVE::Mapping::PCI::write_pci_config($cfg);
}, "create hardware mapping failed");
return;
},
});
__PACKAGE__->register_method ({
name => 'update',
protected => 1,
path => '{id}',
method => 'PUT',
description => "Update a hardware mapping.",
permissions => {
check => ['perm', '/mapping/pci/{id}', ['Mapping.Modify']],
},
parameters => PVE::Mapping::PCI->updateSchema(),
returns => {
type => 'null',
},
code => sub {
my ($param) = @_;
my $digest = extract_param($param, 'digest');
my $delete = extract_param($param, 'delete');
my $id = extract_param($param, 'id');
if ($delete) {
$delete = [ PVE::Tools::split_list($delete) ];
}
PVE::Mapping::PCI::lock_pci_config(sub {
my $cfg = PVE::Mapping::PCI::config();
PVE::Tools::assert_if_modified($cfg->{digest}, $digest) if defined($digest);
die "pci ID '$id' does not exist\n" if !defined($cfg->{ids}->{$id});
my $plugin = PVE::Mapping::PCI->lookup('pci');
my $opts = $plugin->check_config($id, $param, 1, 1);
my $data = $cfg->{ids}->{$id};
my $options = $plugin->private()->{options}->{pci};
PVE::SectionConfig::delete_from_config($data, $options, $opts, $delete);
$data->{$_} = $opts->{$_} for keys $opts->%*;
PVE::Mapping::PCI::write_pci_config($cfg);
}, "update hardware mapping failed");
return;
},
});
__PACKAGE__->register_method ({
name => 'delete',
protected => 1,
path => '{id}',
method => 'DELETE',
description => "Remove Hardware Mapping.",
permissions => {
check => [ 'perm', '/mapping/pci', ['Mapping.Modify']],
},
parameters => {
additionalProperties => 0,
properties => {
id => {
type => 'string',
format => 'pve-configid',
},
}
},
returns => { type => 'null' },
code => sub {
my ($param) = @_;
my $id = $param->{id};
PVE::Mapping::PCI::lock_pci_config(sub {
my $cfg = PVE::Mapping::PCI::config();
if ($cfg->{ids}->{$id}) {
delete $cfg->{ids}->{$id};
}
PVE::Mapping::PCI::write_pci_config($cfg);
}, "delete pci mapping failed");
return;
}
});
1;

View File

@ -0,0 +1,295 @@
package PVE::API2::Cluster::Mapping::USB;
use strict;
use warnings;
use Storable qw(dclone);
use PVE::Cluster qw(cfs_lock_file);
use PVE::Mapping::USB;
use PVE::JSONSchema qw(get_standard_option);
use PVE::Tools qw(extract_param);
use PVE::RESTHandler;
use base qw(PVE::RESTHandler);
__PACKAGE__->register_method ({
name => 'index',
path => '',
method => 'GET',
description => "List USB Hardware Mappings",
permissions => {
description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or".
" 'Mapping.Audit' permissions on '/mapping/usb/<id>'.",
user => 'all',
},
parameters => {
additionalProperties => 0,
properties => {
'check-node' => get_standard_option('pve-node', {
description => "If given, checks the configurations on the given node for ".
"correctness, and adds relevant errors to the devices.",
optional => 1,
}),
},
},
returns => {
type => 'array',
items => {
type => "object",
properties => {
id => {
type => 'string',
description => "The logical ID of the mapping."
},
map => {
type => 'array',
description => "The entries of the mapping.",
items => {
type => 'string',
description => "A mapping for a node.",
},
},
description => {
type => 'string',
description => "A description of the logical mapping.",
},
error => {
description => "A list of errors when 'check_node' is given.",
items => {
type => 'object',
properties => {
severity => {
type => "string",
description => "The severity of the error",
},
message => {
type => "string",
description => "The message of the error",
},
},
}
},
},
},
links => [ { rel => 'child', href => "{id}" } ],
},
code => sub {
my ($param) = @_;
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
my $node = $param->{'check-node'};
die "Wrong node to check\n"
if defined($node) && $node ne 'localhost' && $node ne PVE::INotify::nodename();
my $cfg = PVE::Mapping::USB::config();
my $res = [];
my $privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit'];
for my $id (keys $cfg->{ids}->%*) {
next if !$rpcenv->check_full($authuser, "/mapping/usb/$id", $privs, 1, 1);
next if !$cfg->{ids}->{$id};
my $entry = dclone($cfg->{ids}->{$id});
$entry->{id} = $id;
$entry->{digest} = $cfg->{digest};
if (defined($node)) {
$entry->{errors} = [];
if (my $mappings = PVE::Mapping::USB::get_node_mapping($cfg, $id, $node)) {
if (!scalar($mappings->@*)) {
push $entry->{errors}->@*, {
severity => 'warning',
message => "No mapping for node $node.",
};
}
for my $mapping ($mappings->@*) {
eval {
PVE::Mapping::USB::assert_valid($id, $mapping);
};
if (my $err = $@) {
push $entry->{errors}->@*, {
severity => 'error',
message => "Invalid configuration: $err",
};
}
}
}
}
push @$res, $entry;
}
return $res;
},
});
__PACKAGE__->register_method ({
name => 'get',
protected => 1,
path => '{id}',
method => 'GET',
description => "Get USB Mapping.",
permissions => {
check =>['or',
['perm', '/mapping/usb/{id}', ['Mapping.Audit']],
['perm', '/mapping/usb/{id}', ['Mapping.Use']],
['perm', '/mapping/usb/{id}', ['Mapping.Modify']],
],
},
parameters => {
additionalProperties => 0,
properties => {
id => {
type => 'string',
format => 'pve-configid',
},
}
},
returns => { type => 'object' },
code => sub {
my ($param) = @_;
my $cfg = PVE::Mapping::USB::config();
my $id = $param->{id};
my $entry = $cfg->{ids}->{$id};
die "mapping '$param->{id}' not found\n" if !defined($entry);
my $data = dclone($entry);
$data->{digest} = $cfg->{digest};
return $data;
}});
__PACKAGE__->register_method ({
name => 'create',
protected => 1,
path => '',
method => 'POST',
description => "Create a new hardware mapping.",
permissions => {
check => ['perm', '/mapping/usb', ['Mapping.Modify']],
},
parameters => PVE::Mapping::USB->createSchema(1),
returns => {
type => 'null',
},
code => sub {
my ($param) = @_;
my $id = extract_param($param, 'id');
my $plugin = PVE::Mapping::USB->lookup('usb');
my $opts = $plugin->check_config($id, $param, 1, 1);
PVE::Mapping::USB::lock_usb_config(sub {
my $cfg = PVE::Mapping::USB::config();
die "usb ID '$id' already defined\n" if defined($cfg->{ids}->{$id});
$cfg->{ids}->{$id} = $opts;
PVE::Mapping::USB::write_usb_config($cfg);
}, "create hardware mapping failed");
return;
},
});
__PACKAGE__->register_method ({
name => 'update',
protected => 1,
path => '{id}',
method => 'PUT',
description => "Update a hardware mapping.",
permissions => {
check => ['perm', '/mapping/usb/{id}', ['Mapping.Modify']],
},
parameters => PVE::Mapping::USB->updateSchema(),
returns => {
type => 'null',
},
code => sub {
my ($param) = @_;
my $digest = extract_param($param, 'digest');
my $delete = extract_param($param, 'delete');
my $id = extract_param($param, 'id');
if ($delete) {
$delete = [ PVE::Tools::split_list($delete) ];
}
PVE::Mapping::USB::lock_usb_config(sub {
my $cfg = PVE::Mapping::USB::config();
PVE::Tools::assert_if_modified($cfg->{digest}, $digest) if defined($digest);
die "usb ID '$id' does not exist\n" if !defined($cfg->{ids}->{$id});
my $plugin = PVE::Mapping::USB->lookup('usb');
my $opts = $plugin->check_config($id, $param, 1, 1);
my $data = $cfg->{ids}->{$id};
my $options = $plugin->private()->{options}->{usb};
PVE::SectionConfig::delete_from_config($data, $options, $opts, $delete);
$data->{$_} = $opts->{$_} for keys $opts->%*;
PVE::Mapping::USB::write_usb_config($cfg);
}, "update hardware mapping failed");
return;
},
});
__PACKAGE__->register_method ({
name => 'delete',
protected => 1,
path => '{id}',
method => 'DELETE',
description => "Remove Hardware Mapping.",
permissions => {
check => [ 'perm', '/mapping/usb', ['Mapping.Modify']],
},
parameters => {
additionalProperties => 0,
properties => {
id => {
type => 'string',
format => 'pve-configid',
},
}
},
returns => { type => 'null' },
code => sub {
my ($param) = @_;
my $id = $param->{id};
PVE::Mapping::USB::lock_usb_config(sub {
my $cfg = PVE::Mapping::USB::config();
if ($cfg->{ids}->{$id}) {
delete $cfg->{ids}->{$id};
}
PVE::Mapping::USB::write_usb_config($cfg);
}, "delete usb mapping failed");
return;
}
});
1;

View File

@ -21,7 +21,6 @@ __PACKAGE__->register_method ({
path => 'usb',
});
__PACKAGE__->register_method ({
name => 'index',
path => '',