commit 89d146f207225bb8ca2e01d7e79000bb37a227d1 introduced permission
checks here that caused all regular bridges to be removed from the
returned list as soon as the SDN package is installed, unless the user
is root@pam or there exists a VNET with the same ID.
this is arguably a breaking change, so limit the priv check to actually
defined VNETs for the time being, and add ALL regular bridges
uncondtionally like before.
get_local_vnets already filters by the same prvs, so we need to get the
full config to find out which IDs are VNETs and which are not.
once/iff we introduce ACL paths for *all* bridges in the future, we can
limit accordingly here.
with the recent rework of the render/maps/arrays, we now
show 'Default (__default__)'. Since '__default__' is only an internal
value in the gui, don't expose it by explicitely checking for it
in the other render functions it works already because we either construct
the text differently (console_map) or we check the result from
parsing (vga_driver)
Dominik Csapak [Mon, 28 Mar 2022 12:38:06 +0000 (14:38 +0200)]
ui: realm sync: replace 'full' and 'purge' with 'remove-vanished'
in default sync options and the sync window. We do this by exposing
the individual flags as checkboxes. We get the mapped value from the
backend so we do not have to handle 'old' values here.
Fabian Ebner [Tue, 30 Nov 2021 10:38:12 +0000 (11:38 +0100)]
ceph: services: broadcast versions: improve requesting old version
to avoid a "malformed JSON string" warning when there is no old
version present (e.g. after starting a cluster).
get_node_kv will always return something that evaluates to true, so
instead, test if the result has an entry for the current node. Also,
it's enough to request the kv for the current node only.
Fabian Ebner [Thu, 17 Mar 2022 08:37:47 +0000 (09:37 +0100)]
ui: disk storage selector: never send format when hideFormat is true
The backend will pick an appropriate format when nothing is specified. The
comment made it sound like 'raw' would be sent, but that didn't actually happen
on file-based storages, and now no format is sent, so adapt the comment too.
ui: lxc: resources: consider rootfs as a disk again
Commit 809f6b6e ("ui: lxc resources: switch to vector based font
awesome icons") seems like an innocent change, but it broke the
(very brittle) logic here by removing the tdCls for rootfs.
Fabian Ebner [Tue, 29 Mar 2022 12:53:15 +0000 (14:53 +0200)]
vzdump: backup limit: only count unprotected backups
since they are the ones relevant for pruning and protected backups
have their own separate limit.
Since get_backup_file_list is only used in places where the
unprotected backups are needed, adapt the helper accordingly.
If there is a storage, use PVE::Storage::volume_list to count the
unprotected backups. This avoids a direct invocation of the
proxmox-backup-client for PBS and the limit check can also work for
external storage plugins which might not be dir-based or name the
backups differently.
fix #3976: api/backup: make schedule/starttime truly optional on update
on create we require either starttime (+dow) or a schedule, but when
updating an existing job, this is not necessary
before we changed to schedules, the starttime was not optional either on
update, but i think there is no reason to require the user to send the
schedule/startime along every time.
the gui will send all values every time, so that was never a problem there
We support external storage plugins, e.g., for proprietary
technology, so a "unknown" value here may not actually mean that we
missed anything, so just return the type value 1:1 as fallback, that
gives the user a better idea about such a storage entry.
Reported-by: Joshua Huber <jhuber@blockbridge.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Jobs: don't schedule jobs with no computable next event
if we have a schedule that has no 'next event' we should skip the scheduling
instead of schedule every round
this can happen if someone sets an schedule that has no next match.
some examples:
* 2-31 00:00 (there is not February 31st)
* mon 2022-04-02 (this would be a saturday, not monday)
* 1970-1-1 (or every other exact date in the past)
Fabian Ebner [Wed, 30 Mar 2022 10:24:27 +0000 (12:24 +0200)]
api: vzdump: extract config: check for VM.Backup privilege
In preparation to have check_volume_access() always allow access for
users with Datastore.Allocate privilege. As to not automatically give
all such users permission to extract the config too.
Thomas Lamprecht [Wed, 30 Mar 2022 13:30:29 +0000 (15:30 +0200)]
report: lsblk: output more columns
Output columns that can help on debugging (e.g., physical sector
size, hot-pluggable, rotational, transport) or make it easier to
cross-correlate (model, fs-type)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
api2 : network: anybridge: don't display bridges if user have access to vnets.
This remove vmbr* from bridgeselector if user have access to vnets.
if user need to have also access to vmbr, we can add a permission
in path "/sdn/vnets/vmbrX"
Mira Limbeck [Fri, 29 May 2020 12:22:06 +0000 (14:22 +0200)]
ui: firwall: change icmp type selector to a combogrid
The combogrid contains all valid icmp types that iptables accepts. In
addition to the names, the Type[/Code] value is shown as well. But
specifying Type[/Code] is not supported.
As the simple solution with setStore() does not work to change the
store for the combogrid, we simply have 2 different
ICMPTypeSelectors, one for IPv4, the other for IPv6, which are
switched depending on the specified protocol.
As disabled fields don't submit their value, we can keep the values
for the dport and both icmp-type fields when switching protocols.
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Aaron Lauterer [Wed, 2 Mar 2022 10:12:49 +0000 (11:12 +0100)]
ui: osd: send in/out cmd to currently used node
The in & out commands for OSDs are not node specific and can be run on
any node in the Ceph cluster. By sending them to the node currently used
to access the UI they can still be sent even if the node on which the
OSDs are located is down.
This helps in a disaster scenario where a node is down. By default Ceph
will mark a downed OSD as out after 10 minutes. This could be too long
in some situations. Running the CLI command to mark the OSD as out
earlier on one of the remaining nodes does work, but if the admin is not
used doing it this way, this adds stress, in a potentially already
stressful situation.
Using
pvesh create /nodes/pve701/apt/repositories --path
"/etc/apt/sources.list" --index 0 --enabled 1
reliably leads to
error: invalid type: string "0", expected usize
Coerce to int to avoid this. I was not able to trigger the issue with
the "enabled" option being a string here (in PMG I was), but be on the
safe side and coerce there too. Otherwise it might get triggered by a
future, completely unrelated change further up in the API call
handling.