[pve-devel] [PATCH v2 pve-manager 1/3] add vnet permissions panel

Signed-off-by: Alexandre Derumier --- www/manager6/Makefile| 2 + www/manager6/sdn/Browser.js | 17 +- www/manager6/sdn/VnetACLView.js | 299 +++ www/manager6/sdn/ZoneContentPanel.js | 41 www/manager6/sdn/ZoneContentView.js | 25

[pve-devel] [PATCH v2 qemu-server 1/1] api2: add check_bridge_access for create/update vm

test first if user have access to the full zone (any bridge/vlan) if a tag is defined, test if user have a specific access to the vlan (or propagate from full bridge acl) if no tag, test if user have access to full bridge. (if trunks are defined, it need also access to full bridge)

[pve-devel] [PATCH pve-access-control 2/2] rpcenvironnment: add check_sdn_bridge

check if user have access to 1 vlan of the bridge or the bridge itself Signed-off-by: Alexandre Derumier --- src/PVE/RPCEnvironment.pm | 17 + 1 file changed, 17 insertions(+) diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm index 8586938..fb010cc 100644 ---

[pve-devel] [PATCH v2 pve-manager 3/3] api2: network: check permissions for local bridges

always check permissions, also when not filtered Signed-off-by: Alexandre Derumier --- PVE/API2/Network.pm | 25 +++-- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm index b3faba1a..55a37c44 100644 ---

[pve-devel] [PATCH-SERIE pve-access-control/pve-manager/qemu-server] check permissions on local bridge

add vnet/localbridge permissions management Hi, as we has discuted some weeks ago, this patche serie introduce management of acl for vnets && local bridges I have reuse current sdn permissions path, to have common paths /sdn/vnets// where the local vmbr are in a virtual "localnetwork" zone

[pve-devel] [PATCH v2 pve-manager 2/3] add permissions management for "localnetwork" zone

add a default virtual zone called 'localnetwork' in the ressource tree, and handle permissions like a true sdn zone (no conflict with true sdn zone is possible, as they have 8 characters max) Signed-off-by: Alexandre Derumier --- PVE/API2/Cluster.pm | 12

[pve-devel] [PATCH pve-access-control 1/2] access control: add /sdn/vnets// path

Signed-off-by: Alexandre Derumier --- src/PVE/AccessControl.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm index 89b7d90..2fdcd44 100644 --- a/src/PVE/AccessControl.pm +++ b/src/PVE/AccessControl.pm @@ -1284,6 +1284,7 @@ sub check_path

[pve-devel] applied: [PATCH cluster] pvecm: fix cluster join over ssh with newer rsync

Am 02/06/2023 um 15:20 schrieb Dominik Csapak: > since rsync 3.2.4, the syntax to give multiple files in one parameter > does not work anymore, so instead add both files explicitly > > this fixes the cluster join over ssh on bookworm > > Signed-off-by: Dominik Csapak > --- >

[pve-devel] applied: [PATCH v2 proxmox 1/5] apt: drop older Ceph standard repositories

Am 02/06/2023 um 10:48 schrieb Fiona Ebner: > On Proxmox VE 8, only Quincy and newer will be supported. > > Signed-off-by: Fiona Ebner > --- > > No changes in v2. > > Changes for the series in v2: > * create temporary test directories inside CARGO_TARGET_TMPDIR > * mention that

Re: [pve-devel] [PATCH-SERIES pve-manager/qemu-server] fix#4689 autofind node with proxyto_callback

Le samedi 03 juin 2023 à 15:57 +0200, Thomas Lamprecht a écrit : > Hi! > > Am 01/06/2023 um 00:28 schrieb Alexandre Derumier: > > Currently, to manage qemu && lxc vms, we always need to specify > > nodename in uri. > > > > This is a problem with automation tools like terraform, where is > > node

Re: [pve-devel] [PATCH-SERIES v3 qemu-server/manager/common] add and set x86-64-v2 as default model for new vms and detect best cpumodel

Le samedi 03 juin 2023 à 16:14 +0200, Thomas Lamprecht a écrit : > Am 01/06/2023 um 11:06 schrieb DERUMIER, Alexandre: > > > Maybe the easiest would be to extract the aes flag out of the > > > grid > > > into > > > the non-advanced part? > > > > > Couldn't be easier to keep aes enable by default