drop assert_new_tfa_config_available for Proxmox VE 8

All nodes should be new enough, especially as this is understood
since pve-manager 7.0-15 and users must upgrade to 7.4 before
upgrading to Proxmox VE 8

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/API2/TFA.pm b/src/PVE/API2/TFA.pm
index 954584233164f118b4183cc740eb30a7622cf533..13ffc59db2c951ef1b064a97a50353e756eb0575 100644 (file)
--- a/src/PVE/API2/TFA.pm
+++ b/src/PVE/API2/TFA.pm
@@ -242,8 +242,6 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
 
-       PVE::AccessControl::assert_new_tfa_config_available();
-       
        my $rpcenv = PVE::RPCEnvironment::get();
        my $authuser = $rpcenv->get_user();
        my $userid =
@@ -378,8 +376,6 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
 
-       PVE::AccessControl::assert_new_tfa_config_available();
-
        my $rpcenv = PVE::RPCEnvironment::get();
        my $authuser = $rpcenv->get_user();
        my ($userid, $realm) =
@@ -473,8 +469,6 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
 
-       PVE::AccessControl::assert_new_tfa_config_available();
-
        my $rpcenv = PVE::RPCEnvironment::get();
        my $authuser = $rpcenv->get_user();
        my $userid =

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 88355f727da8be152d7547b7f0d9da9ce502a09b..24c6618bdb470924b0a3b065a471982590ea2980 100644 (file)
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1706,8 +1706,6 @@ sub parse_priv_tfa_config {
 sub write_priv_tfa_config {
     my ($filename, $cfg) = @_;
 
-    assert_new_tfa_config_available();
-
     return $cfg->write();
 }
 
@@ -1903,39 +1901,9 @@ my $USER_CONTROLLED_TFA_TYPES = {
     oath => 1,
 };
 
-sub assert_new_tfa_config_available() {
-    PVE::Cluster::cfs_update();
-    my $version_info = PVE::Cluster::get_node_kv('version-info');
-    die "cannot update tfa config, please make sure all cluster nodes are up to date\n"
-       if !$version_info;
-    my $members = PVE::Cluster::get_members() or return; # get_members returns undef on no cluster
-    my $old = '';
-    foreach my $node (keys $members->%*) {
-       my $info = $version_info->{$node};
-       if (!$info) {
-           $old .= "  cluster node '$node' is too old, did not broadcast its version info\n";
-           next;
-       }
-       $info = from_json($info);
-       my $ver = $info->{version};
-       if ($ver !~ /^(\d+\.\d+)(?:[.-](\d+))?/) {
-           $old .= "  cluster node '$node' provided an invalid version string: '$ver'\n";
-           next;
-       }
-       my ($maj, $rel) = ($1, $2);
-       if (!($maj > 7.0 || ($maj == 7.0 && $rel >= 15))) {
-           $old .= "  cluster node '$node' is too old ($ver < 7.0-15)\n";
-           next;
-       }
-    }
-    die "cannot update tfa config, following nodes are not up to date:\n$old" if length($old);
-}
-
 sub user_remove_tfa : prototype($) {
     my ($userid) = @_;
 
-    assert_new_tfa_config_available();
-
     my $tfa_cfg = cfs_read_file('priv/tfa.cfg');
     $tfa_cfg->remove_user($userid);
     cfs_write_file('priv/tfa.cfg', $tfa_cfg);

diff --git a/src/PVE/CLI/pveum.pm b/src/PVE/CLI/pveum.pm
index 9e64709776836d105b31d36d0af4c7c509ad39f9..d6351622f8e06a1d24d62abf5baff95056ab46b2 100755 (executable)
--- a/src/PVE/CLI/pveum.pm
+++ b/src/PVE/CLI/pveum.pm
@@ -135,8 +135,6 @@ __PACKAGE__->register_method({
        my $userid = extract_param($param, "userid");
        my $tfa_id = extract_param($param, "id");
 
-       PVE::AccessControl::assert_new_tfa_config_available();
-
        PVE::AccessControl::lock_tfa_config(sub {
            my $tfa_cfg = cfs_read_file('priv/tfa.cfg');
            if (defined($tfa_id)) {
@@ -166,8 +164,6 @@ __PACKAGE__->register_method({
 
        my $userid = extract_param($param, "userid");
 
-       PVE::AccessControl::assert_new_tfa_config_available();
-
        my sub format_tfa_entries : prototype($;$) {
            my ($entries, $indent) = @_;