Implement Qubes Management API methods #2622
Comments
|
For documentation see https://www.qubes-os.org/doc/mgmt1/. Cc: @marmarek |
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 10, 2017
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 10, 2017
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 10, 2017
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 10, 2017
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 15, 2017
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 15, 2017
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 21, 2017
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 21, 2017
Positional arguments are hereby deprecated, with immediate effect. QubesOS/qubes-issues#2622
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 21, 2017
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Feb 21, 2017
Positional arguments are hereby deprecated, with immediate effect. QubesOS/qubes-issues#2622
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Mar 1, 2017
woju
added a commit
to woju/qubes-core-admin
that referenced
this issue
Mar 1, 2017
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 9, 2017
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 15, 2017
This also require having property.type public. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 15, 2017
Sanitization of input value is tricky here, and also very important at the same time. If property define value type (and it's something more specific than 'str'), use that. Otherwise allow only printable ASCII characters, and let appropriate event and setter handle value. At this point I've reviewed all QubesVM properties in this category and added appropriate setters where needed. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 15, 2017
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 16, 2017
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 16, 2017
This also require having property.type public. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 16, 2017
Sanitization of input value is tricky here, and also very important at the same time. If property define value type (and it's something more specific than 'str'), use that. Otherwise allow only printable ASCII characters, and let appropriate event and setter handle value. At this point I've reviewed all QubesVM properties in this category and added appropriate setters where needed. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 16, 2017
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 16, 2017
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 16, 2017
Since we've added type= argument to property.Get format, it isn't useful anymore. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 17, 2017
Don't force `return ''` everywhere. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Mar 28, 2017
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 3, 2017
vm.kernel property have type 'str'. Putting None there makes a lot of troubles: it gets encoded as 'None' in qubes.xml and then loaded back as 'None' string, not None value. Also it isn't possible to assign None value to str property throgh Admin API. kernel='' is equally good to specify "no kernel from dom0". QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 3, 2017
vm.kernel property have type 'str'. Putting None there makes a lot of troubles: it gets encoded as 'None' in qubes.xml and then loaded back as 'None' string, not None value. Also it isn't possible to assign None value to str property throgh Admin API. kernel='' is equally good to specify "no kernel from dom0". QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 5, 2017
vm.kernel property have type 'str'. Putting None there makes a lot of troubles: it gets encoded as 'None' in qubes.xml and then loaded back as 'None' string, not None value. Also it isn't possible to assign None value to str property throgh Admin API. kernel='' is equally good to specify "no kernel from dom0". QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
Clone volume without retrieving all the data. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
This way we don't need separate admin.vm.Clone call, which is tricky to handler properly with policy. A VM may not have access to all the properties and other metadata, so add ignore_errors argument, for best-effort approach (copy what is possible). In any case, failure of cloning VM data fails the whole operation. When operation fails, VM is removed. While at it, allow to specify alternative VM class - this allows morphing one VM into another (for example AppVM -> StandaloneVM). Adjust qvm-clone tool and tests accordingly. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 19, 2017
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 19, 2017
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
Clone volume without retrieving all the data. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
This way we don't need separate admin.vm.Clone call, which is tricky to handler properly with policy. A VM may not have access to all the properties and other metadata, so add ignore_errors argument, for best-effort approach (copy what is possible). In any case, failure of cloning VM data fails the whole operation. When operation fails, VM is removed. While at it, allow to specify alternative VM class - this allows morphing one VM into another (for example AppVM -> StandaloneVM). Adjust qvm-clone tool and tests accordingly. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
Clone volume without retrieving all the data. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
This way we don't need separate admin.vm.Clone call, which is tricky to handler properly with policy. A VM may not have access to all the properties and other metadata, so add ignore_errors argument, for best-effort approach (copy what is possible). In any case, failure of cloning VM data fails the whole operation. When operation fails, VM is removed. While at it, allow to specify alternative VM class - this allows morphing one VM into another (for example AppVM -> StandaloneVM). Adjust qvm-clone tool and tests accordingly. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
Clone volume without retrieving all the data. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jun 19, 2017
This way we don't need separate admin.vm.Clone call, which is tricky to handler properly with policy. A VM may not have access to all the properties and other metadata, so add ignore_errors argument, for best-effort approach (copy what is possible). In any case, failure of cloning VM data fails the whole operation. When operation fails, VM is removed. While at it, allow to specify alternative VM class - this allows morphing one VM into another (for example AppVM -> StandaloneVM). Adjust qvm-clone tool and tests accordingly. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 26, 2017
This operation is going to be removed, so apply a quick fix for tests. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 26, 2017
Do this for all standard property types - even if other types do additional validation, do not expose them to non-ASCII characters. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 26, 2017
In the end firewall is implemented as .Get and .Set rules, with policy statically set to 'drop'. This way allow atomic firewall updates. Since we already have appropriate firewall format handling in qubes.firewall module - reuse it from there, but adjust the code to be prepared for potentially malicious input. And also mark such variables with untrusted_ prefix. There is also third method: .Reload - which cause firewall reload without making any change. QubesOS/qubes-issues#2622 Fixes QubesOS/qubes-issues#2869
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 26, 2017
The same can be achieved with Create+volume.Clone QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 26, 2017
The first operation returns a token, which can be passed to the second one to actually perform clone operation. This way the caller needs have power over both source and destination VMs (or at least appropriate volumes), so it's easier to enforce appropriate qrexec policy. The pending tokens are stored on Qubes() instance (as QubesAdminAPI is not persistent). It is design choice to keep them in RAM only - those are one time use and this way restarting qubesd is a simple way to invalidate all of them. Otherwise we'd need some additional calls like CloneCancel or such. QubesOS/qubes-issues#2622
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Jun 26, 2017
The first operation returns a token, which can be passed to the second one to actually perform clone operation. This way the caller needs have power over both source and destination VMs (or at least appropriate volumes), so it's easier to enforce appropriate qrexec policy. The pending tokens are stored on Qubes() instance (as QubesAdminAPI is not persistent). It is design choice to keep them in RAM only - those are one time use and this way restarting qubesd is a simple way to invalidate all of them. Otherwise we'd need some additional calls like CloneCancel or such. QubesOS/qubes-issues#2622
This was referenced Jul 4, 2017
|
I'm going to ignore So, for now, only backup-related calls are missing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
mgmt.property.Listmgmt.property.Getmgmt.property.Helpmgmt.property.Resetmgmt.property.Setmgmt.property.Setmgmt.vmclass.Listmgmt.vm.Listmgmt.vm.Create.<class>mgmt.vm.CreateInPool.<class>mgmt.vm.property.Listmgmt.vm.property.Getmgmt.vm.property.Helpmgmt.vm.property.Resetmgmt.vm.feature.Listmgmt.vm.feature.Getmgmt.vm.feature.CheckWithTemplatemgmt.vm.feature.Removemgmt.vm.feature.Setmgmt.vm.tag.Listmgmt.vm.tag.Getmgmt.vm.tag.Removemgmt.vm.tag.Setmgmt.vm.firewall.Getmgmt.vm.firewall.Setmgmt.vm.firewall.Reloadmgmt.vm.device.<class>.Attachmgmt.vm.device.<class>.Detachmgmt.vm.device.<class>.Listmgmt.vm.device.<class>.Availablemgmt.pool.ListDriversmgmt.pool.Listmgmt.pool.Infomgmt.pool.Addmgmt.pool.Removemgmt.pool.volume.Listmgmt.pool.volume.Infomgmt.pool.volume.ListSnapshotsmgmt.pool.volume.Snapshotmgmt.pool.volume.Revertmgmt.pool.volume.Resizemgmt.vm.volume.Listmgmt.vm.volume.Infomgmt.vm.volume.ListSnapshotsmgmt.vm.volume.Snapshotmgmt.vm.volume.Revertmgmt.vm.volume.Resizemgmt.vm.volume.Importmgmt.vm.volume.CloneFrommgmt.vm.volume.CloneTomgmt.vm.Startmgmt.vm.Shutdownmgmt.vm.Pausemgmt.vm.Unpausemgmt.vm.Killmgmt.label.Listmgmt.label.Getmgmt.label.Createmgmt.label.Removemgmt.backup.Executemgmt.backup.Infomgmt.EventsThe text was updated successfully, but these errors were encountered: