[pve-devel] [PATCH storage v2 4/4] pbs: fix #5008: Check if datastore and namespace is valid on add- and update hooks
Christian Ebner
c.ebner at proxmox.com
Thu Nov 16 10:45:58 CET 2023
> On 15.11.2023 17:00 CET Philipp Hufnagl <p.hufnagl at proxmox.com> wrote:
>
>
> This adds a check if the datastore and the namespace is valid when a
> user attempts to add a new PBS datastore.
>
> Since the namespace only can be checked after the datastore is
> validated, the datastore will be checked as well, regardless that it
> will be done later in the superclass anyway.
>
> The functionallity to check namespaces is added with this commit. For
> checking the datastore, existing code that has previously been
> refactored will be reused
>
> Signed-off-by: Philipp Hufnagl <p.hufnagl at proxmox.com>
> ---
> src/PVE/Storage/PBSPlugin.pm | 43 +++++++++++++++++++++++++++++++++++-
> 1 file changed, 42 insertions(+), 1 deletion(-)
>
> diff --git a/src/PVE/Storage/PBSPlugin.pm b/src/PVE/Storage/PBSPlugin.pm
> index 104fe15..fff8bb2 100644
> --- a/src/PVE/Storage/PBSPlugin.pm
> +++ b/src/PVE/Storage/PBSPlugin.pm
> @@ -566,6 +566,11 @@ sub on_add_hook {
> pbs_delete_master_pubkey($scfg, $storeid);
> }
>
> + my $password = pbs_get_password($scfg, $storeid);
> + my $conn = pbs_api_connect($scfg, $password);
> + check_datastore_exists($class, $storeid, $scfg, $password, $conn);
> + check_namespace_exists($class, $storeid, $scfg, $password, $conn);
> +
> return $res;
> }
>
> @@ -614,6 +619,11 @@ sub on_update_hook {
> }
> }
>
> + my $password = pbs_get_password($scfg, $storeid);
> + my $conn = pbs_api_connect($scfg, $password);
> + check_datastore_exists($class, $storeid, $scfg, $password, $conn);
> + check_namespace_exists($class, $storeid, $scfg, $password, $conn);
> +
> return $res;
> }
>
> @@ -819,6 +829,20 @@ sub scan_datastores {
>
> return $response;
> }
> +
> +sub scan_namespaces {
> + my ($scfg, $datastore, $password, $conn) = @_;
> +
> + if (!defined($conn)){
> + $conn = pbs_api_connect($scfg, $password);
> + }
This can be written more compactly as:
$conn = pbs_api_connect($scfg, $password) if !defined($conn);
> +
> + my $namespaces = eval { $conn->get("/api2/json/admin/datastore/$datastore/namespace", {}); };
> + die "error fetching namespaces - $@" if $@;
> +
> + return $namespaces;
> +}
> +
> sub check_datastore_exists {
> my ($class, $storeid, $scfg, $password, $conn) = @_;
>
> @@ -831,10 +855,27 @@ sub check_datastore_exists {
> return 1;
> }
> }
> -
> die "$storeid: Cannot find datastore '$datastore', check permissions and existence!\n";
> }
>
> +sub check_namespace_exists {
> + my ($class, $storeid, $scfg, $password, $conn) = @_;
> +
> + my $datastore = $scfg->{datastore};
> + my $namespace = $scfg->{namespace};
> +
> + my $namespaces = eval { scan_namespaces($scfg, $datastore, $password) };
> + die "$storeid: $@" if $@;
> + return 1 if !defined($namespace);
You can move this before the call to scan_namespaces, no need to fetch them if there is nothing to compare to to begin with.
> +
> + for my $ns (@$namespaces) {
> + if ($ns->{ns} eq $namespace) {
> + return 1;
> + }
> + }
> + die "$storeid: Cannot find namespace '$namespace', check permissions and existence!\n";
> +}
> +
> sub activate_storage {
> my ($class, $storeid, $scfg, $cache) = @_;
>
> --
> 2.39.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list