Am 14.11.25 um 15:42 schrieb Dominik Csapak: > this is used to mark api calls to have access to the credentials > of the connection (token/ticket/etc.). > > For that we also expose a 'set/get_credentials' call on the > RESTEnvironment. > > This must be set in the http/cli handler. >
Many thanks for fleshing this out! Some generic workflow thing: Not that I have a need for my name to turn up even more in git log, I'd strongly recommend to add trailers like co-authored or originally-by when taking over such code/ideas. Partially its to pay credits, but more importantly (at least for me) it's to know the ones that where involved with coming up with this, and thus one can, e.g., ask about and potentially also know about the original/other use cases, and these reference, while not very often needed, can be worth a lot once they are needed. Depending on the changes it doesn't have to be a trailer, one might also include a link to e.g. the mailing list discussion or a simple "this was suggested by ... as they wanted to have it for ...". Not a big thing (especially not for me for this specific case ;)), I just would like us all to pay a bit more attention to these details, it gets more relevant the more devs we become. > Signed-off-by: Dominik Csapak <[email protected]> > --- > new in v3 > src/PVE/JSONSchema.pm | 8 ++++++++ > src/PVE/RESTEnvironment.pm | 14 ++++++++++++++ > 2 files changed, 22 insertions(+) > > diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm > index c6e0f36..8278899 100644 > --- a/src/PVE/JSONSchema.pm > +++ b/src/PVE/JSONSchema.pm > @@ -1850,6 +1850,14 @@ my $method_schema = { > description => "Method needs special privileges - only pvedaemon > can execute it", > optional => 1, > }, > + expose_credentials => { > + type => 'boolean', > + description => "Method needs access to the connecting users > credentials (ticker or" > + . " token), so it will be exposed through the RPC > environment. Useful to avoid" > + . " setting 'protected' when one needs to (manually) proxy > to other cluster nodes." > + . " nodes in the handler.", > + optional => 1, > + }, > allowtoken => { > type => 'boolean', > description => "Method is available for clients authenticated > using an API token.", > diff --git a/src/PVE/RESTEnvironment.pm b/src/PVE/RESTEnvironment.pm > index 7695850..d597557 100644 > --- a/src/PVE/RESTEnvironment.pm > +++ b/src/PVE/RESTEnvironment.pm > @@ -235,6 +235,20 @@ sub get_user { > die "user name not set\n"; > } > > +sub set_credentials { > + my ($self, $credentials) = @_; > + > + $self->{credentials} = $credentials; > +} > + > +sub get_credentials { > + my ($self, $noerr) = @_; > + > + return $self->{credentials} if defined($self->{credentials}) || $noerr; > + > + die "credentials not set\n"; > +} > + > sub set_u2f_challenge { > my ($self, $challenge) = @_; > _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
