On 11/14/25 4:03 PM, Thomas Lamprecht wrote:
Am 14.11.25 um 15:42 schrieb Dominik Csapak:
this is used to mark api calls to have access to the credentials
of the connection (token/ticket/etc.).
For that we also expose a 'set/get_credentials' call on the
RESTEnvironment.
This must be set in the http/cli handler.
Many thanks for fleshing this out!
Some generic workflow thing:
Not that I have a need for my name to turn up even more in git log, I'd
strongly recommend to add trailers like co-authored or originally-by when
taking over such code/ideas. Partially its to pay credits, but more
importantly (at least for me) it's to know the ones that where involved
with coming up with this, and thus one can, e.g., ask about and
potentially also know about the original/other use cases, and these
reference, while not very often needed, can be worth a lot once they
are needed.
Depending on the changes it doesn't have to be a trailer, one might also
include a link to e.g. the mailing list discussion or a simple "this was
suggested by ... as they wanted to have it for ...".
Not a big thing (especially not for me for this specific case ;)), I
just would like us all to pay a bit more attention to these details, it
gets more relevant the more devs we become.
yes of course, sorry.
I actually thought to myself that i have to add that in the commit
message, but the time between that thought and actually writing
the commit message was obviously too long, so i simply forgot^^
in any case, i added the trailers now to my branches and
if i should need to send another version, it's included.
If not, feel free to add the necessary trailers ;)
Signed-off-by: Dominik Csapak <[email protected]>
---
new in v3
src/PVE/JSONSchema.pm | 8 ++++++++
src/PVE/RESTEnvironment.pm | 14 ++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index c6e0f36..8278899 100644
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@ -1850,6 +1850,14 @@ my $method_schema = {
description => "Method needs special privileges - only pvedaemon can
execute it",
optional => 1,
},
+ expose_credentials => {
+ type => 'boolean',
+ description => "Method needs access to the connecting users credentials
(ticker or"
+ . " token), so it will be exposed through the RPC environment.
Useful to avoid"
+ . " setting 'protected' when one needs to (manually) proxy to other
cluster nodes."
+ . " nodes in the handler.",
+ optional => 1,
+ },
allowtoken => {
type => 'boolean',
description => "Method is available for clients authenticated using an
API token.",
diff --git a/src/PVE/RESTEnvironment.pm b/src/PVE/RESTEnvironment.pm
index 7695850..d597557 100644
--- a/src/PVE/RESTEnvironment.pm
+++ b/src/PVE/RESTEnvironment.pm
@@ -235,6 +235,20 @@ sub get_user {
die "user name not set\n";
}
+sub set_credentials {
+ my ($self, $credentials) = @_;
+
+ $self->{credentials} = $credentials;
+}
+
+sub get_credentials {
+ my ($self, $noerr) = @_;
+
+ return $self->{credentials} if defined($self->{credentials}) || $noerr;
+
+ die "credentials not set\n";
+}
+
sub set_u2f_challenge {
my ($self, $challenge) = @_;
_______________________________________________
pve-devel mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
