this is used to mark api calls to have access to the credentials of the connection (token/ticket/etc.).
For that we also expose a 'set/get_credentials' call on the RESTEnvironment. This must be set in the http/cli handler. Signed-off-by: Dominik Csapak <[email protected]> --- src/PVE/JSONSchema.pm | 8 ++++++++ src/PVE/RESTEnvironment.pm | 14 ++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm index c6e0f36..8278899 100644 --- a/src/PVE/JSONSchema.pm +++ b/src/PVE/JSONSchema.pm @@ -1850,6 +1850,14 @@ my $method_schema = { description => "Method needs special privileges - only pvedaemon can execute it", optional => 1, }, + expose_credentials => { + type => 'boolean', + description => "Method needs access to the connecting users credentials (ticker or" + . " token), so it will be exposed through the RPC environment. Useful to avoid" + . " setting 'protected' when one needs to (manually) proxy to other cluster nodes." + . " nodes in the handler.", + optional => 1, + }, allowtoken => { type => 'boolean', description => "Method is available for clients authenticated using an API token.", diff --git a/src/PVE/RESTEnvironment.pm b/src/PVE/RESTEnvironment.pm index 7695850..d597557 100644 --- a/src/PVE/RESTEnvironment.pm +++ b/src/PVE/RESTEnvironment.pm @@ -235,6 +235,20 @@ sub get_user { die "user name not set\n"; } +sub set_credentials { + my ($self, $credentials) = @_; + + $self->{credentials} = $credentials; +} + +sub get_credentials { + my ($self, $noerr) = @_; + + return $self->{credentials} if defined($self->{credentials}) || $noerr; + + die "credentials not set\n"; +} + sub set_u2f_challenge { my ($self, $challenge) = @_; -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
