On 12/16/22 11:31, Thomas Lamprecht wrote:
On 15/12/2022 17:57, Mira Limbeck wrote:
Since some users keep their passwords in the VM/CT configs as comments
and those are most of the time unnecessary when looking through the
report, filter those.
I'd rather have this optional, opt-out is fine, where the CLI gets a switch
and the web interface gets a dialogue with a checkbox for filtering comments
in guest configs. A lot of sane admins don't sprinkle plain text PWs into
www-data readable plain text configs but possible relevant setup info.
Yes, I'd say most of our users that open tickets in the enterprise
support portal don't do that.
I'll rework it to make it optional then.
If you want to get this faster in it's fine to focus on CLI only for now,
but I think some more options might be relevant for the report in the near
term, be it filtering other stuff (e.g., public IP addresses) or also
adding extra info (e.g., (parts of) journal/syslogs), so laying out a bit
foundations for that now could be reused for that; but as said, no need
to do all that now.
Also please separate adding and using file2text and adding the filter part
into two commits, those are different things.
Sure, will do.
In addition to the comments, also filter the `cipassword` option
since it contains the hash of the password.
To facilitate the filtering, a new sub 'file2text' is introduced that
can filter the file contents if required.
This sub replaces the 'cat ...' commands.
Signed-off-by: Mira Limbeck <m.limb...@proxmox.com>
---
I did not add print to STDERR in file2text for now since it got quite
chatty.
If this is wanted, I'll send a v2 adding it. But since file2text is also
called by dir2text the 'OK' at the end won't always align, especially
when dir2text is used.
PVE/Report.pm | 48 +++++++++++++++++++++++++++++++++---------------
1 file changed, 33 insertions(+), 15 deletions(-)
diff --git a/PVE/Report.pm b/PVE/Report.pm
index 90b7cb1c..7ebe98f7 100644
--- a/PVE/Report.pm
+++ b/PVE/Report.pm
@@ -5,16 +5,34 @@ use warnings;
use PVE::Tools;
+my sub file2text {
+ my ($file, $filter) = @_;
+ my $text = "\n# cat $file\n";
I agree with the sentiment of Stefan's comment but comment something else
that we do is IMO not ideal, tends to get out of date soon and might
be hard to output a grep invocation that behaves really 1:1 as the code here
does, or will do sometimes.
So maybe just output something like:
my $text = "\n# ". ($filter ? 'filtered' : '') ." cat $file\n";
I wasn't sure what to do here, and dir2text already used
file_get_contents instead of cat, so the comment wasn't exactly true in
the first place for some of the files. Although none of those were filtered.
+
+ my $contents = PVE::Tools::file_get_contents($file);
+ if ($filter) {
+ foreach my $line (split('\n', $contents)) {
+ next if $line =~ m/^\s*#/;
+ next if $line =~ m/^cipassword/;
not sure if it's a good idea to just plainly filter, I mean only guest configs
are setting $filter anyway, but IMO it's still a bid odd coupling; maybe switch
to a $code-ref and calling that, with a filter_guest_config sub passed then on
the call sites?
I didn't want to make it more complex than necessary, since asking
colleagues what else should be filtered didn't result in any other
suggestions than the VM/CT configs (for now). But I'll rework it to make
it more flexible.
Thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
