Proxmox/pve-storage
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-storage.git synced 2025-03-11 16:58:28 +03:00
Code Releases Activity

disk api: avoid using unrelated Datastore.Audit priv for disk management

Browse Source 
Local disk and storage creation and listing is something rather
different than the Proxmox VE storage client ABI that provides an
abstract access to a variety of storage types, specifically targeted
to virtual guests images, templates and backups.

The Datastore.* privilege group is specifically made for auditing the
abstract configuration, here the name must be interpreted in context
and not just assumed that due to "datastore" sounding like it could
have to do something with disks or creation of local storage it just
must be a good fit.

Luckily, Sys.Audit was already used too, which is the correct one
here, this is for node specific (HW) details, not some config for
accessing datastore in a restricted way.

This is a step in splitting the disk manage code out of the
pve-storage package, and maybe even repository.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2023-06-17 14:22:28 +02:00
parent b89854ad46
commit 2deca27032
5 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/PVE/API2/Disks.pm
View File

@ -85,10 +85,7 @@ __PACKAGE__->register_method ({
protected => 1,
proxyto => 'node',
permissions => {
check => ['or',
['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
['perm', '/nodes/{node}', ['Sys.Audit', 'Datastore.Audit'], any => 1],
],
check => ['or', ['perm', '/', ['Sys.Audit']], ['perm', '/nodes/{node}', ['Sys.Audit']]],
},
parameters => {
additionalProperties => 0,
@ -183,7 +180,7 @@ __PACKAGE__->register_method ({
protected => 1,
proxyto => "node",
permissions => {
check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
check => ['perm', '/', ['Sys.Audit']],
},
parameters => {
additionalProperties => 0,

2
src/PVE/API2/Disks/Directory.pm
View File

@ -97,7 +97,7 @@ __PACKAGE__->register_method ({
proxyto => 'node',
protected => 1,
permissions => {
check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
check => ['perm', '/', ['Sys.Audit']],
},
description => "PVE Managed Directory storages.",
parameters => {

2
src/PVE/API2/Disks/LVM.pm
View File

@ -21,7 +21,7 @@ __PACKAGE__->register_method ({
proxyto => 'node',
protected => 1,
permissions => {
check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
check => ['perm', '/', ['Sys.Audit']],
},
description => "List LVM Volume Groups",
parameters => {

2
src/PVE/API2/Disks/LVMThin.pm
View File

@ -22,7 +22,7 @@ __PACKAGE__->register_method ({
proxyto => 'node',
protected => 1,
permissions => {
check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
check => ['perm', '/', ['Sys.Audit']],
},
description => "List LVM thinpools",
parameters => {

4
src/PVE/API2/Disks/ZFS.pm
View File

@ -57,7 +57,7 @@ __PACKAGE__->register_method ({
proxyto => 'node',
protected => 1,
permissions => {
check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
check => ['perm', '/', ['Sys.Audit']],
},
description => "List Zpools.",
parameters => {
@ -130,7 +130,7 @@ __PACKAGE__->register_method ({
proxyto => 'node',
protected => 1,
permissions => {
check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
check => ['perm', '/', ['Sys.Audit']],
},
description => "Get details about a zpool.",
parameters => {