Increases flexibility/user-friendliness. In the edge case that an override is already present, but the user doesn't have Sys.Modify privilege, just proceed with the existing override. Could in principle happen when the requests from a privileged user with a policy and an unprivileged user without a policy arrive at the same time.
Suggested-by: Thomas Lamprecht <t.lampre...@proxmox.com> Signed-off-by: Fiona Ebner <f.eb...@proxmox.com> --- (Build-)dependency bump for libpve-cluster-perl needed. Changes in v2: * Also check for Sys.Modify privilege when parameter is specified. PVE/API2/Nodes.pm | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm index 9269694d..b8f0c6ce 100644 --- a/PVE/API2/Nodes.pm +++ b/PVE/API2/Nodes.pm @@ -8,7 +8,7 @@ use Digest::SHA; use Filesys::Df; use HTTP::Status qw(:constants); use JSON; -use POSIX qw(LONG_MAX); +use POSIX qw(ENOENT LONG_MAX); use Time::Local qw(timegm_nocheck); use Socket; use IO::Socket::SSL; @@ -544,6 +544,7 @@ __PACKAGE__->register_method({ method => 'POST', permissions => { check => ['perm', '/nodes/{node}', [ 'Sys.PowerMgmt' ]], + description => "The 'shutdown-policy' parameter additionally requires 'Sys.Modify'.", }, protected => 1, description => "Reboot or shutdown a node.", @@ -557,12 +558,27 @@ __PACKAGE__->register_method({ type => 'string', enum => [qw(reboot shutdown)], }, + 'shutdown-policy' => get_standard_option('pve-ha-shutdown-policy', { optional => 1 }), }, }, returns => { type => "null" }, code => sub { my ($param) = @_; + my $rpcenv = PVE::RPCEnvironment::get(); + my $user = $rpcenv->get_user(); + my $node = $param->{node}; + + my $sp_override_fn = '/run/pve-ha-lrm/shutdown-policy.local-override'; + + if ($param->{'shutdown-policy'}) { + $rpcenv->check($user, "/nodes/$node", ['Sys.Modify']); + eval { PVE::Tools::file_set_contents($sp_override_fn, $param->{'shutdown-policy'}); }; + die "could not write shutdown policy override to $sp_override_fn - $@" if $@; + } elsif (-e $sp_override_fn && $rpcenv->check($user, "/nodes/$node", ['Sys.Modify'], 1)) { + unlink $sp_override_fn or die "unable to remove $sp_override_fn - $!"; + } + if ($param->{command} eq 'reboot') { system ("(sleep 2;/sbin/reboot)&"); } elsif ($param->{command} eq 'shutdown') { -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel