[pve-devel] [PATCH access-control 2/2] pools: record parent/subpool information
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Nov 17 16:29:22 CET 2023
> Wolfgang Bumiller <w.bumiller at proxmox.com> hat am 17.11.2023 11:10 CET geschrieben:
>
>
> On Thu, Nov 16, 2023 at 04:31:26PM +0100, Fabian Grünbichler wrote:
> > and ensure a missing intermediate pool exists at all times.
> >
> > Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> > ---
> >
> > Notes:
> > a "missing link" should never happen when modifying via the API (both deletion
> > with children and addition without the parent existing is blocked there), but
> > it could happen when manually editing the config.
> >
> > src/PVE/AccessControl.pm | 14 +++++++++++++-
> > src/test/parser_writer.pl | 4 ++++
> > 2 files changed, 17 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
> > index d9ae611..e33f844 100644
> > --- a/src/PVE/AccessControl.pm
> > +++ b/src/PVE/AccessControl.pm
> > @@ -1529,7 +1529,19 @@ sub parse_user_config {
> > }
> >
> > # make sure to add the pool (even if there are no members)
> > - $cfg->{pools}->{$pool} = { vms => {}, storage => {} } if !$cfg->{pools}->{$pool};
> > + $cfg->{pools}->{$pool} = { vms => {}, storage => {}, pools => {} } if !$cfg->{pools}->{$pool};
> > +
> > + if ($pool =~ m!/!) {
> > + my $curr = $pool;
> > + while ($curr =~ m!^(.*)/[^/]+$!) {
>
> I wonder if we should use `.+` instead of `.*`.
> This way it would work the same even with a leading slash.
> That said, we don't allow leading slashes and there's a verify_poolname
> further up in the function so it doesn't really matter much.
> We just need to be careful that we never allow/introduce leading slashes
> anywhere, otherwise this runs with a final iteration where $parent is an
> empty string.
ack.
> > + # ensure nested pool info is correctly recorded
> > + my $parent = $1;
> > + $cfg->{pools}->{$curr}->{parent} = $parent;
> > + $cfg->{pools}->{$parent} = { vms => {}, storage => {}, pools => {} } if !$cfg->{pools}->{$parent};
>
> (could use //= instead of the suffix if, IMO a bit easier to read (and
> doesn't break the 100 char limit :p)
that style is used across the whole parser here, I am always a bit hesitant to mix styles within a sub as IMHO that makes it harder to parse.
move the post-if to its own line, and optional follow-up to convert the whole parser to drop post ifs for initialization? ;)
More information about the pve-devel
mailing list