Add roles configuration for RDMA

This commit grants NETWORK_INTERFACE role access to read and write data related to RDMA.
truenas · Jan 25, 2025 · 93af0e5 · 93af0e5
1 parent 55b53fb
commit 93af0e5
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/src/middlewared/middlewared/plugins/rdma/interface/crud.py b/src/middlewared/middlewared/plugins/rdma/interface/crud.py
@@ -46,6 +46,7 @@ class Config:
         cli_private = True
         datastore = 'rdma.interface'
         datastore_prefix = "rdmaif_"
+        role_prefix = 'NETWORK_INTERFACE'
 
     async def compress(self, data):
         if 'check' in data:

diff --git a/src/middlewared/middlewared/plugins/rdma/rdma.py b/src/middlewared/middlewared/plugins/rdma/rdma.py
@@ -45,7 +45,7 @@ def get_pci_vpd(self, pci_addr):
                 result['part'] = sline[len(PART_NUMBER_PREFIX):]
         return result
 
-    @api_method(RdmaLinkConfigArgs, RdmaLinkConfigResult, private=True)
+    @api_method(RdmaLinkConfigArgs, RdmaLinkConfigResult, private=True, roles=['NETWORK_INTERFACE_READ'])
     async def get_link_choices(self, all):
         """Return a list containing dictionaries with keys 'rdma' and 'netdev'.
 
@@ -81,7 +81,7 @@ def _get_link_choices(self):
                 result.append({'rdma': link['ifname'], 'netdev': link['netdev']})
         return result
 
-    @api_method(RdmaCardConfigArgs, RdmaCardConfigResult)
+    @api_method(RdmaCardConfigArgs, RdmaCardConfigResult, roles=['NETWORK_INTERFACE_READ'])
     @cache
     def get_card_choices(self):
         """Return a list containing details about each RDMA card.  Dual cards
@@ -126,7 +126,7 @@ def get_card_choices(self):
             v['name'] = ':'.join(sorted(names))
         return list(grouper.values())
 
-    @api_method(RdmaCapableProtocolsArgs, RdmaCapableProtocolsResult, roles=['SHARING_ADMIN'])
+    @api_method(RdmaCapableProtocolsArgs, RdmaCapableProtocolsResult, roles=['NETWORK_INTERFACE_READ'])
     async def capable_protocols(self):
         result = []
         is_ent = await self.middleware.call('system.is_enterprise')