api: backup: check param permission before pool for consistency
Like it did here before 9f65a584 ("api: backup: update: check
permissions of delete params too") and like it does in the create
case.
This should not have a practical effect, it's mostly for consistency
and to avoid anybody reading anything into the different orders of
checks between update and create.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fiona Ebner [Wed, 16 Nov 2022 14:04:34 +0000 (15:04 +0100)]
api: backup: require Datastore.Allocate on storage
In particular this ensures that the user is allowed to remove data on
the storage, because configuring low retention results in removed
older backups. Of course setting the storage itself also needs to
require the same privilege then.
This is a breaking API change, but it seems sensible to require
permissions on the affected storage too.
Jobs with a dumpdir setting can be configured by root only.
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Dominik Csapak [Wed, 7 Jun 2023 07:18:48 +0000 (09:18 +0200)]
ui: firewall: refactor privilege checks and prevent double click
factor out the relevant privilege checks in a variable and reuse that,
also add the check in the run_editor (or wrap it with a check) so that
the edit windows don't open with a double click without those privileges
Christoph Heiss [Wed, 3 May 2023 09:50:40 +0000 (11:50 +0200)]
ui: clean up remnants of in-tree font-awesome files
Commit e97c2601 ("change to debian font-awesome") removed the usage of
the in-tree font-awesome files, replacing them with the Debian package.
Thus clear out these leftovers out, as they are completely usused.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
ui: ceph install: add pmx-hint class to hint field-label
looks a bit odd as the background it produces goes over the text, but
is the least invasive method to apply something like this, and
highlighting the whole thing is too flashy here.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
ui: ceph install: add hints depending on selected repo and subscriptions
None hint required if all nodes have subscriptions and enterprise
repo is selected, but otherwise give some hints for better UX and to
(hopefully) reduce the chance for mishaps.
We might want to highlight the label to improve visibility tough.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
With Proxmox VE 8, we'll have support for a enterprise ceph repo,
accessed through Proxmox VE subscriptions, to provide more broadly
tested ceph updates for production setups.
Replace the test-repository parameter with an actual enum of
selectable repo types for:
- test (same as previously selected through setting test-repository)
- no-subscription (the previous default, then named "main")
- enterprise (new and the default now, recommended for production)
Note that writing the auth-part is a bit hacky and might/should be
improved.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 29 May 2023 13:44:22 +0000 (15:44 +0200)]
d/control: apt-transport-https as separate package is gone
just keep the versioned apt dependency, that alone ensures it and apt
1.5 got released on 24 Sep 2017, so just keep it for (or to avoid)
the real messed up installations
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 29 May 2023 13:41:35 +0000 (15:41 +0200)]
d/postinst: fix version format for apt auth config migration check
The mistake wasn't that bad, as we mostly checked for the migration
to often, i.e., for any update to the 7.2-X releases, not just until
7.2-11 was crossed (but with 7.3-X the check worked again as
indented).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 29 May 2023 12:44:24 +0000 (14:44 +0200)]
expand repoid to 16 chars and avoid querying git for it twice
i.e., just reuse GITVERSION, and FWIW, the current ID length git
auto chooses is 9 chars, suggesting that 8 really was getting to
small. With 16 we got now 64 bits, that's plenty for the next few
years.
Document the format also (roughly) in the API schema
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Sun, 28 May 2023 17:19:53 +0000 (19:19 +0200)]
mobile ui: statically import widget toolkit
as loading the whole wtk breaks the mobile ui and is
- not always trivial to fix
- a sisyphean task (in the future)
- we don't check this often, so breakage is likely to go unnoticed
I.e., just much simple to freeze this also in time..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
As reported in the community forum[0], as opposed to VM/LXC creation,
there is no validation for the name in the clone dialog. Use the same
validation as the guest creation wizards do to catch errors early,
before sending the API request.
ui: utils: monitor_ceph_installed: avoid setting nodename to localhost
If a user is accessing the Ceph panel via Datacenter -> Ceph, then the
install & config wizard might be shown. The nodename that is passed to
the wizard will decide the ID of the initial MON and MGR services.
Therefore, don't fall back to 'localhost' but the actual name of the
node to which we are connected to. The result will be that the first MON
and MGR will have the expected ID instead of 'localhost'.
Thomas Lamprecht [Sat, 22 Apr 2023 07:47:29 +0000 (09:47 +0200)]
proxy: cleanup getting index method
- improve variable definition/use locality
- avoid some if's for some (mostly boolean) assignments, just use an
expression
As long as we don't go overboard with code golfing it to extremely
terse, shorter code is always more readable, especially if
definition/use happens not dozens of lines apart.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Fri, 31 Mar 2023 10:03:08 +0000 (12:03 +0200)]
fix #4627: ui: backup edit: don't deselect all guests on load
'selectPoolMembers' will be called when the poolid field changes.
(That can even happen when the mode is not even 'pool') Due to how
the fields are set, there is a race condition that this will be
called after the remaining fields were set up, including the VM list
that might have entries selected.
Since the first thing we do here is to deselect all, this wiped the
virtual guest selection sometimes.
To fix it, check if we're actually in the correct mode before doing
anything.
The pve_verify_cidr{,v4,v6} functions were originally intended for
the /etc/network/interfaces API endpoints and thus are a bit
restrictive. For example, as reported in the community forum[0],
pve_verify_cidr() does not consider '0::/0' and '0::/1' to be valid.
The error message in this scenario being
> value does not look like a valid CIDR network
is also confusing, as the first thought of users will be that it comes
from the passed-in monitor address.
The public networks are not written here and read from the Ceph config
and via a RADOS mon command, so no need to try and verify them. If
something really would go wrong during parsing, the
get_local_ip_from_cidr() call would complain afterwards.
[0]: https://forum.proxmox.com/threads/125226/
Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Lukas Wagner [Thu, 23 Feb 2023 15:25:59 +0000 (16:25 +0100)]
pvereport: add `date -R` to general system info section
Sometimes it can be quite useful to know when exactly a system report
was generated. Adds the following output quite prominently in the
general system info section: