use warnings;
use PVE::SafeSyslog;
+use PVE::Tools qw(extract_param);
use PVE::Cluster qw(cfs_read_file cfs_write_file);
use PVE::Storage;
+use PVE::Storage::Plugin;
+use PVE::Storage::LVMPlugin;
+use PVE::Storage::CIFSPlugin;
use HTTP::Status qw(:constants);
use Storable qw(dclone);
use PVE::JSONSchema qw(get_standard_option);
-
-use Data::Dumper; # fixme: remove
+use PVE::RPCEnvironment;
use PVE::RESTHandler;
my @ctypes = qw(images vztmpl iso backup);
-my $storage_type_enum = ['dir', 'nfs', 'lvm', 'iscsi'];
+my $storage_type_enum = PVE::Storage::Plugin->lookup_types();
my $api_storage_config = sub {
my ($cfg, $storeid) = @_;
- my $scfg = dclone(PVE::Storage::storage_config ($cfg, $storeid));
+ my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid));
$scfg->{storage} = $storeid;
- delete $scfg->{priority};
$scfg->{digest} = $cfg->{digest};
- $scfg->{content} = PVE::Storage::content_hash_to_string($scfg->{content});
+ $scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content});
if ($scfg->{nodes}) {
- $scfg->{nodes} = join(',', keys(%{$scfg->{nodes}}));
+ $scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes});
}
return $scfg;
};
__PACKAGE__->register_method ({
- name => 'index',
+ name => 'index',
path => '',
method => 'GET',
description => "Storage index.",
+ permissions => {
+ description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'",
+ user => 'all',
+ },
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
- type => {
+ type => {
description => "Only list storage of specific type",
- type => 'string',
+ type => 'string',
enum => $storage_type_enum,
optional => 1,
},
-
},
},
returns => {
code => sub {
my ($param) = @_;
- my $cfg = cfs_read_file("storage.cfg");
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my $cfg = PVE::Storage::config();
- my @sids = PVE::Storage::storage_ids($cfg);
+ my @sids = PVE::Storage::storage_ids($cfg);
my $res = [];
foreach my $storeid (@sids) {
+ my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ];
+ next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1);
+
my $scfg = &$api_storage_config($cfg, $storeid);
next if $param->{type} && $param->{type} ne $scfg->{type};
push @$res, $scfg;
}});
__PACKAGE__->register_method ({
- name => 'read',
+ name => 'read',
path => '{storage}',
method => 'GET',
description => "Read storage configuration.",
+ permissions => {
+ check => ['perm', '/storage/{storage}', ['Datastore.Allocate']],
+ },
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
storage => get_standard_option('pve-storage-id'),
},
},
- returns => {},
+ returns => { type => 'object' },
code => sub {
my ($param) = @_;
- my $cfg = cfs_read_file("storage.cfg");
+ my $cfg = PVE::Storage::config();
return &$api_storage_config($cfg, $param->{storage});
}});
+my sub extract_sensitive_params :prototype($$) {
+ my ($param, $delete_list) = @_;
+
+ my $sensitive;
+
+ my %delete = map { $_ => 1 } ($delete_list || [])->@*;
+
+ # always extract pw and keys, so they don't get written to the www-data readable scfg
+ for my $opt (qw(password encryption-key)) {
+ # First handle deletions as explicitly setting `undef`, afterwards new values may override
+ # it.
+ if (exists($delete{$opt})) {
+ $sensitive->{$opt} = undef;
+ }
+
+ if (defined(my $value = extract_param($param, $opt))) {
+ $sensitive->{$opt} = $value;
+ }
+ }
+
+ return $sensitive;
+}
+
__PACKAGE__->register_method ({
name => 'create',
protected => 1,
- path => '',
+ path => '',
method => 'POST',
description => "Create a new storage.",
- parameters => {
- additionalProperties => 0,
- properties => {
- storage => get_standard_option('pve-storage-id'),
- nodes => get_standard_option('pve-node-list', { optional => 1 }),
- type => {
- type => 'string',
- enum => $storage_type_enum,
- },
- path => {
- type => 'string', format => 'pve-storage-path',
- optional => 1,
- },
- export => {
- type => 'string', format => 'pve-storage-path',
- optional => 1,
- },
- server => {
- type => 'string', format => 'pve-storage-server',
- optional => 1,
- },
- options => {
- type => 'string', format => 'pve-storage-options',
- optional => 1,
- },
- target => {
- type => 'string',
- optional => 1,
- },
- vgname => {
- type => 'string', format => 'pve-storage-vgname',
- optional => 1,
- },
- base => {
- type => 'string', format => 'pve-volume-id',
- optional => 1,
- },
- portal => {
- type => 'string', format => 'pve-storage-portal-dns',
- optional => 1,
- },
- content => {
- type => 'string', format => 'pve-storage-content-list',
- optional => 1,
- },
- disable => {
- type => 'boolean',
- optional => 1,
- },
- shared => {
- type => 'boolean',
- optional => 1,
- },
- 'format' => {
- type => 'string', format => 'pve-storage-format',
- optional => 1,
- },
- },
+ permissions => {
+ check => ['perm', '/storage', ['Datastore.Allocate']],
},
+ parameters => PVE::Storage::Plugin->createSchema(),
returns => { type => 'null' },
code => sub {
my ($param) = @_;
- my $type = $param->{type};
- delete $param->{type};
+ my $type = extract_param($param, 'type');
+ my $storeid = extract_param($param, 'storage');
- my $storeid = $param->{storage};
- delete $param->{storage};
+ # revent an empty nodelist.
+ # fix me in section config create never need an empty entity.
+ delete $param->{nodes} if !$param->{nodes};
- if ($param->{portal}) {
- $param->{portal} = PVE::Storage::resolv_portal($param->{portal});
- }
+ my $sensitive = extract_sensitive_params($param, []);
- my $opts = PVE::Storage::parse_options($storeid, $type, $param, 1);
+ my $plugin = PVE::Storage::Plugin->lookup($type);
+ my $opts = $plugin->check_config($storeid, $param, 1, 1);
PVE::Storage::lock_storage_config(
sub {
- my $cfg = cfs_read_file('storage.cfg');
+ my $cfg = PVE::Storage::config();
- if (my $scfg = PVE::Storage::storage_config ($cfg, $storeid, 1)) {
+ if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) {
die "storage ID '$storeid' already defined\n";
}
$cfg->{ids}->{$storeid} = $opts;
- if ($type eq 'lvm' && $opts->{base}) {
-
- my ($baseid, $volname) = PVE::Storage::parse_volume_id ($opts->{base});
+ $plugin->on_add_hook($storeid, $opts, %$sensitive);
- my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1);
- die "base storage ID '$baseid' does not exist\n" if !$basecfg;
-
- # we only support iscsi for now
- if (!($basecfg->{type} eq 'iscsi')) {
- die "unsupported base type '$basecfg->{type}'";
+ eval {
+ # try to activate if enabled on local node,
+ # we only do this to detect errors/problems sooner
+ if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
+ PVE::Storage::activate_storage($cfg, $storeid);
}
-
- my $path = PVE::Storage::path ($cfg, $opts->{base});
-
- PVE::Storage::activate_storage($cfg, $baseid);
-
- PVE::Storage::lvm_create_volume_group ($path, $opts->{vgname}, $opts->{shared});
+ };
+ if (my $err = $@) {
+ eval { $plugin->on_delete_hook($storeid, $opts) };
+ warn "$@\n" if $@;
+ die $err;
}
- # try to activate if enabled on local node,
- # we only do this to detect errors/problems sooner
- if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
- PVE::Storage::activate_storage($cfg, $storeid);
- }
+ PVE::Storage::write_config($cfg);
- cfs_write_file('storage.cfg', $cfg);
-
}, "create storage failed");
+ return undef;
}});
__PACKAGE__->register_method ({
path => '{storage}',
method => 'PUT',
description => "Update storage configuration.",
- parameters => {
- additionalProperties => 0,
- properties => {
- storage => get_standard_option('pve-storage-id'),
- nodes => get_standard_option('pve-node-list', { optional => 1 }),
- content => {
- type => 'string', format => 'pve-storage-content-list',
- optional => 1,
- },
- 'format' => {
- type => 'string', format => 'pve-storage-format',
- optional => 1,
- },
- disable => {
- type => 'boolean',
- optional => 1,
- },
- shared => {
- type => 'boolean',
- optional => 1,
- },
- options => {
- type => 'string', format => 'pve-storage-options',
- optional => 1,
- },
- digest => {
- type => 'string',
- description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
- maxLength => 40,
- optional => 1,
- }
- },
+ permissions => {
+ check => ['perm', '/storage', ['Datastore.Allocate']],
},
+ parameters => PVE::Storage::Plugin->updateSchema(),
returns => { type => 'null' },
code => sub {
my ($param) = @_;
- my $storeid = $param->{storage};
- delete($param->{storage});
-
- my $digest = $param->{digest};
- delete($param->{digest});
+ my $storeid = extract_param($param, 'storage');
+ my $digest = extract_param($param, 'digest');
+ my $delete = extract_param($param, 'delete');
- PVE::Storage::lock_storage_config(
- sub {
+ if ($delete) {
+ $delete = [ PVE::Tools::split_list($delete) ];
+ }
+
+ PVE::Storage::lock_storage_config(sub {
- my $cfg = cfs_read_file('storage.cfg');
+ my $cfg = PVE::Storage::config();
- PVE::Storage::assert_if_modified ($cfg, $digest);
+ PVE::SectionConfig::assert_if_modified($cfg, $digest);
- my $scfg = PVE::Storage::storage_config ($cfg, $storeid);
+ my $scfg = PVE::Storage::storage_config($cfg, $storeid);
+ my $type = $scfg->{type};
- my $opts = PVE::Storage::parse_options($storeid, $scfg->{type}, $param);
+ my $sensitive = extract_sensitive_params($param, $delete);
+
+ my $plugin = PVE::Storage::Plugin->lookup($type);
+ my $opts = $plugin->check_config($storeid, $param, 0, 1);
+
+ if ($delete) {
+ my $options = $plugin->private()->{options}->{$type};
+ foreach my $k (@$delete) {
+ my $d = $options->{$k} || die "no such option '$k'\n";
+ die "unable to delete required option '$k'\n" if !$d->{optional};
+ die "unable to delete fixed option '$k'\n" if $d->{fixed};
+ die "cannot set and delete property '$k' at the same time!\n"
+ if defined($opts->{$k});
+
+ delete $scfg->{$k};
+ }
+ }
- foreach my $k (%$opts) {
+ $plugin->on_update_hook($storeid, $opts, %$sensitive);
+
+ for my $k (keys %$opts) {
$scfg->{$k} = $opts->{$k};
}
- cfs_write_file('storage.cfg', $cfg);
+ PVE::Storage::write_config($cfg);
- }, "update storage failed");
+ }, "update storage failed");
return undef;
}});
path => '{storage}', # /storage/config/{storage}
method => 'DELETE',
description => "Delete storage configuration.",
+ permissions => {
+ check => ['perm', '/storage', ['Datastore.Allocate']],
+ },
parameters => {
- additionalProperties => 0,
- properties => {
- storage => get_standard_option('pve-storage-id'),
+ additionalProperties => 0,
+ properties => {
+ storage => get_standard_option('pve-storage-id', {
+ completion => \&PVE::Storage::complete_storage,
+ }),
},
},
returns => { type => 'null' },
code => sub {
my ($param) = @_;
- my $storeid = $param->{storage};
- delete($param->{storage});
-
+ my $storeid = extract_param($param, 'storage');
+
PVE::Storage::lock_storage_config(
sub {
- my $cfg = cfs_read_file('storage.cfg');
+ my $cfg = PVE::Storage::config();
+
+ my $scfg = PVE::Storage::storage_config($cfg, $storeid);
die "can't remove storage - storage is used as base of another storage\n"
- if PVE::Storage::storage_is_used ($cfg, $storeid);
+ if PVE::Storage::storage_is_used($cfg, $storeid);
+
+ my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
+
+ $plugin->on_delete_hook($storeid, $scfg);
- delete ($cfg->{ids}->{$storeid});
+ delete $cfg->{ids}->{$storeid};
- cfs_write_file('storage.cfg', $cfg);
+ PVE::Storage::write_config($cfg);
}, "delete storage failed");
-
+
+ PVE::AccessControl::remove_storage_access($storeid);
+
return undef;
}});