Signed-off-by: Alexandre Derumier
---
www/manager6/Makefile| 2 +
www/manager6/sdn/Browser.js | 17 +-
www/manager6/sdn/VnetACLView.js | 299 +++
www/manager6/sdn/ZoneContentPanel.js | 41
www/manager6/sdn/ZoneContentView.js | 25
test first if user have access to the full zone (any bridge/vlan)
if a tag is defined, test if user have a specific access to the vlan (or
propagate from full bridge acl)
if no tag, test if user have access to full bridge. (if trunks are defined, it
need also access to full bridge)
check if user have access to 1 vlan of the bridge
or the bridge itself
Signed-off-by: Alexandre Derumier
---
src/PVE/RPCEnvironment.pm | 17 +
1 file changed, 17 insertions(+)
diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
index 8586938..fb010cc 100644
---
always check permissions, also when not filtered
Signed-off-by: Alexandre Derumier
---
PVE/API2/Network.pm | 25 +++--
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm
index b3faba1a..55a37c44 100644
---
add vnet/localbridge permissions management
Hi,
as we has discuted some weeks ago,
this patche serie introduce management of acl for vnets && local bridges
I have reuse current sdn permissions path, to have common paths
/sdn/vnets//
where the local vmbr are in a virtual "localnetwork" zone
add a default virtual zone called 'localnetwork' in the ressource tree,
and handle permissions like a true sdn zone
(no conflict with true sdn zone is possible, as they have 8 characters max)
Signed-off-by: Alexandre Derumier
---
PVE/API2/Cluster.pm | 12
Signed-off-by: Alexandre Derumier
---
src/PVE/AccessControl.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 89b7d90..2fdcd44 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1284,6 +1284,7 @@ sub check_path
Am 02/06/2023 um 15:20 schrieb Dominik Csapak:
> since rsync 3.2.4, the syntax to give multiple files in one parameter
> does not work anymore, so instead add both files explicitly
>
> this fixes the cluster join over ssh on bookworm
>
> Signed-off-by: Dominik Csapak
> ---
>
Am 02/06/2023 um 10:48 schrieb Fiona Ebner:
> On Proxmox VE 8, only Quincy and newer will be supported.
>
> Signed-off-by: Fiona Ebner
> ---
>
> No changes in v2.
>
> Changes for the series in v2:
> * create temporary test directories inside CARGO_TARGET_TMPDIR
> * mention that
Le samedi 03 juin 2023 à 15:57 +0200, Thomas Lamprecht a écrit :
> Hi!
>
> Am 01/06/2023 um 00:28 schrieb Alexandre Derumier:
> > Currently, to manage qemu && lxc vms, we always need to specify
> > nodename in uri.
> >
> > This is a problem with automation tools like terraform, where is
> > node
Le samedi 03 juin 2023 à 16:14 +0200, Thomas Lamprecht a écrit :
> Am 01/06/2023 um 11:06 schrieb DERUMIER, Alexandre:
> > > Maybe the easiest would be to extract the aes flag out of the
> > > grid
> > > into
> > > the non-advanced part?
> > >
> > Couldn't be easier to keep aes enable by default
11 matches
Mail list logo