Commit Graph

6839 Commits

Author SHA1 Message Date
Dominik Csapak
dba0398937 ui: form: add USBMapSelector
similar to PCIMapSelector

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-16 16:25:42 +02:00
Dominik Csapak
0cf5c0d203 ui: form: add PCIMapSelector
akin to the PCISelector, but uses the api for mapped devices

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-16 16:25:42 +02:00
Dominik Csapak
a88b4ef9ad ui: form/USBSelector: make it more flexible with nodename
similar to the pciselector, make it accept a plain nodename,
or no node at all and provide a setNodename function

to keep backwards compatibility, also check pveSelNode for the nodename

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-16 16:25:42 +02:00
Dominik Csapak
d5a9606710 ui: parser: add helper for lists of property strings
namely the filtering while preserving the original string,
it's just one line, but having a shorthand for it still makes it a bit
nicer

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-16 16:25:42 +02:00
Dominik Csapak
797bcf9aa2 api: add resource map api endpoints for PCI and USB
this adds the typical section config crud API calls for
USB and PCI resource mapping to /cluster/mapping/{TYPE}

the only special thing that this series does is the list call
for both has a special 'check-node' parameter that uses the
'proxyto_callback' to reroute the api call to the given node
so that it can check the validity of the mapping for that node

in the future when we e.g. broadcast the lspci output via pmxcfs
we drop the proxyto_callback and directly use the info from
pmxcfs (or we drop the parameter and always check all nodes)

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-16 16:25:42 +02:00
Dominik Csapak
0fe0a2dd2b pvesh: fix parameters for proxyto_callback
in pve-http-server the proxyto_callback always has a complete list of
parameters, not only the ones in the url, so adapt the implementation
here to do the same

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-16 11:22:27 +02:00
Leo Nunner
5d6262aa59 firewall: add scope field to IPRefSelector
and send the scoped value to the firewall when choosing new values.
This happens for both IPSets and aliases.

Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
2023-06-15 09:35:32 +02:00
Thomas Lamprecht
1e7c70f5c2 ui: realm sync job: code cleanup run-now handlers
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-14 17:41:49 +02:00
Thomas Lamprecht
fc3fe9af77 ui: realm sync job: clarify the function of the two enable checkboxes
Most of the time this isn't an issue for job edits, but here we have
two "enable" checkboxes that control enabling newly synced users and
enabling the job itself, try to be absolutely clear on both to avoid
potential confusion.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-14 17:37:47 +02:00
Thomas Lamprecht
fc8f37ee9d ui: realm: clarify that the sync jobs really are for the realm
it's somewhat redundant as onbe is already at the realm view, but for
panel titles it slightly helps if one doesn't have to string together
such "clues" oneself, i.e., it's easier to see where one is - e.g.,
if switching from some other task back to the web UI again, and we
have enough space here, so we ain't winning anything if keeping it
short.

Also add an emptyText to the grid, mostly as view's without anything
always look a bit off (like an error happened on load and one forgot
to mask)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-14 17:36:36 +02:00
Dominik Csapak
ed65c1ca64 ui: realm sync: add 'run now' button
by simply passing the sync job config to the 'sync' api endpoint, like
we do for vzdump jobs

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-14 17:23:22 +02:00
Dominik Csapak
4c8fcdd7af ui: realm: move sync job panel into realm panel
and make it collapsible, so that users can hide it if they're not
interested in it

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-14 17:23:22 +02:00
Dominik Csapak
059abb7a30 ui: realm sync: change enabled column rendering
to make it consistent with the repositories ui, since having a checkbox
that is not clickable is confusing

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-14 17:23:22 +02:00
Dominik Csapak
99e276c3d9 ui: realm sync edit: improve ux when there is no ldap/ad realm
by adding an empty text to the dropdown, and disabling the other
possibly invalid fields, so that it's clear why the panel is invalid

as soon as there is an ldap/ad realm, it gets autoselected anyway and
the fields get re-enabled.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-14 17:23:22 +02:00
Thomas Lamprecht
7a1373829a ui: user list: fine-tune width-flex of group and comment column
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-14 16:17:39 +02:00
Dominik Csapak
7679ff9e60 fix #4739: ui: user list: add column for group memberships
To get a fast overview in which groups each user is add a column that
shows all groups they are a member of.

To get that info we need to pass the 'full=1' parameter to the API
endpoint, which then adds tokens and groups for each user to the result.

This is basically only increasing transmission size a bit, as the
backend doesn't needs to do any extra parsing for this information.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 [T: Reword commit message ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-14 15:36:55 +02:00
Thomas Lamprecht
5f936d95fc ui: sdn: consistent usage of VNet & VLAN without gettext
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-14 14:10:56 +02:00
Alexandre Derumier
4ab9632867 qemu: processor : set x86-64-v2-AES as default cputype for create wizard
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2023-06-12 17:31:37 +02:00
Alexandre Derumier
12f7c578f7 ui: add permissions management for "localnetwork" zone
add a default virtual zone called 'localnetwork' in the ressource tree,
and handle permissions like a true sdn zone

(no conflict with true sdn zone is possible, as they have 8 characters max)

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2023-06-12 13:18:12 +02:00
Alexandre Derumier
edc4a349ab ui: add vnet permissions panel
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2023-06-12 13:18:12 +02:00
Fabian Grünbichler
9ed5d4f5af cluster resources: correctly filter 'localnetwork'
it should only be displayed if sdn entries are requested, or all resource
types.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-06-12 13:18:12 +02:00
Alexandre Derumier
cdc140f0a3 api2: cluster: ressources: add "localnetwork" zone
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2023-06-12 13:00:16 +02:00
Thomas Lamprecht
61cf3e3d9a bump version to 8.0.0~8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-09 11:11:49 +02:00
Fiona Ebner
e7fc4411ad ui: qemu: show progress bar for resize task
The API call was changed to spawn a task now.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2023-06-09 11:06:13 +02:00
Thomas Lamprecht
eb85935498 api: mark batch-execute api calls root-only
This is weird and buggy and breaches the unpriv./priv. separation of
our api daemons, so root-only for now and possibly removal soon.

note that this had several limitations already anyway, like running
in sync context and thus failing after 30s.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-09 10:47:44 +02:00
Thomas Lamprecht
7b54999a47 ui: fixup lost closing parenthesis
...

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-09 09:55:45 +02:00
Thomas Lamprecht
22fcd0069a ui: user view: fix calling order of gettext
One must not call gettext on the already formatted string, as we
cannot translate it for any possible value, rather the format string
it self needs to be gettext'd, then the translator can position the
variable template placeholders however it's correct for their
language without having to care about any value this could be called
with.

Fixes: d057929f ("ui: user view: fix calling order of gettext")
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-09 09:53:03 +02:00
Thomas Lamprecht
2ef204f91b d/postinst: remove re-generation of unique machine-ID for old ISOs
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-09 08:26:12 +02:00
Thomas Lamprecht
3477c119ed d/postinst: setup pvetest repo for beta
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-09 08:23:00 +02:00
Thomas Lamprecht
185a94abee update shipped aplliance info index
and pull it from the Proxmox VE 8 index

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-08 18:41:56 +02:00
Thomas Lamprecht
eed1e93ee9 pve7to8: sync over from stable-7 branch
for after-upgrade checks

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-08 13:07:07 +02:00
Aaron Lauterer
79007cfc40 ui: ceph: pool: add pool number as column
The pool number is shown in a few places, having it easily accessible
can help to understand which pool a warning/error refers to.

For example, the PG ID consists of '{pool nr}.{pg nr}' and is shown in
every warning concerning that PG.

Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
2023-06-07 19:32:38 +02:00
Fiona Ebner
cce4b3d7b8 ui: override description for resize task
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2023-06-07 19:28:34 +02:00
Fiona Ebner
e81a10a4ab api: replication job status: allow querying disabled jobs too
Rather than failing with an error claiming that the job doesn't exist.
The disabled status will be visible in the result of the call.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2023-06-07 18:43:32 +02:00
Christoph Heiss
8bb027f820 ui: qga: Add option to turn off QGA fs-freeze/-thaw on backup
Adds a default-on checkbox to the QEMU Guest Agent feature selector
controlling the 'fs-freeze-on-backup' option. If unchecked, an
additional warning is displayed that backups can potentially corrupt
with this setting off.

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
2023-06-07 18:28:01 +02:00
Leo Nunner
a3862f699f fix #3428: cloud-init: add toggle for automatic upgrades
to control the newly introduced "ciupgrade" config parameter.

Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
2023-06-07 18:25:14 +02:00
Fabian Grünbichler
d1c7fa0209 ui: cloudinit: match backend privilege checks
the cloudinit options except for ipconfig are all modifiable with just
"VM.Config.Cloudinit".

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-07 18:24:15 +02:00
Wolfgang Bumiller
5970607408 ui: user view: add 'Unlock TFA' button
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-06-07 18:08:01 +02:00
Wolfgang Bumiller
2387c1946a ui: user view: show tfa lock status
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-06-07 18:08:01 +02:00
Fabian Grünbichler
8961f9f780 api2: network: improve code readability
nested conditionals stretching over multiple lines are always a bit hard to
untangle, so let's make it explicit:

1. is the interface a bridge
2. if it is, are we looking for one?
3. is it something else that we are looking for?

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-06-07 17:04:29 +02:00
Fabian Grünbichler
9df839bead api2: network: re-use existing variable tfilter
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-06-07 17:04:29 +02:00
Alexandre Derumier
d2894179f4 api2: network: check permissions for local bridges
always check permissions, also when not filtered

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2023-06-07 17:04:29 +02:00
Thomas Lamprecht
e36bc44112 api: backup: check param permission before pool for consistency
Like it did here before 9f65a584 ("api: backup: update: check
permissions of delete params too") and like it does in the create
case.

This should not have a practical effect, it's mostly for consistency
and to avoid anybody reading anything into the different orders of
checks between update and create.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-06-07 16:52:40 +02:00
Fiona Ebner
43f83ad9ce api: backup/vzdump: add get_storage_param helper
to capture the logic in a single place.

Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2023-06-07 16:47:08 +02:00
Fiona Ebner
b6e561304a api: backup: require Datastore.Allocate on storage
In particular this ensures that the user is allowed to remove data on
the storage, because configuring low retention results in removed
older backups. Of course setting the storage itself also needs to
require the same privilege then.

This is a breaking API change, but it seems sensible to require
permissions on the affected storage too.

Jobs with a dumpdir setting can be configured by root only.

Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2023-06-07 16:47:08 +02:00
Fiona Ebner
9f65a584b7 api: backup: update: check permissions of delete params too
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2023-06-07 16:47:08 +02:00
Fiona Ebner
659032f48e api: backup: update: allow only deleting
Previously, it was required to set something at the same time.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2023-06-07 16:47:08 +02:00
Fiona Ebner
bda3f2aab7 api: backup: update: turn delete into a hash
makes it easier to check for keys in the following patches.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2023-06-07 16:47:08 +02:00
Dominik Csapak
1056e10c4b ui: firewall: refactor privilege checks and prevent double click
factor out the relevant privilege checks in a variable and reuse that,
also add the check in the run_editor (or wrap it with a check) so that
the edit windows don't open with a double click without those privileges

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-07 13:22:03 +02:00
Alexandre Derumier
2e37e77902 ui: firewall panel/grids : add privilege checks on buttons
Use enableFn to enable/disable the toolbar buttons according to the
existing privileges.

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
[ D: adapted commit subject and added commit message ]
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-06-07 13:21:48 +02:00