NAS-135127 / 25.10 / Convert remaining system.advanced namespace

src/middlewared/middlewared/api/v25_10_0/system_advanced.py

@@ -1,13 +1,67 @@
-from middlewared.api.base import BaseModel
+from typing import Literal
 
-__all__ = (
-    "SystemAdvancedGpuChoicesArgs",
-    "SystemAdvancedGpuChoicesResult",
-    "SystemAdvancedUpdateGpuPciIdArgs",
-    "SystemAdvancedUpdateGpuPciIdResult",
+from pydantic import Field, PositiveInt, NonNegativeInt, Secret
+
+from middlewared.api.base import (
+    BaseModel, NotRequired, ForUpdateMetaclass, Excluded, excluded_field, NonEmptyString, EmptyDict
 )
 
 
+__all__ = [
+    "SystemAdvancedEntry", "SystemAdvancedGpuChoicesArgs", "SystemAdvancedGpuChoicesResult",
+    "SystemAdvancedLoginBannerArgs", "SystemAdvancedLoginBannerResult", "SystemAdvancedSEDGlobalPasswordArgs",
+    "SystemAdvancedSEDGlobalPasswordResult", "SystemAdvancedSEDGlobalPasswordIsSetArgs",
+    "SystemAdvancedSEDGlobalPasswordIsSetResult", "SystemAdvancedSerialPortChoicesArgs",
+    "SystemAdvancedSerialPortChoicesResult", "SystemAdvancedSyslogCertificateAuthorityChoicesArgs",
+    "SystemAdvancedSyslogCertificateAuthorityChoicesResult", "SystemAdvancedSyslogCertificateChoicesArgs",
+    "SystemAdvancedSyslogCertificateChoicesResult", "SystemAdvancedUpdateArgs", "SystemAdvancedUpdateResult",
+    "SystemAdvancedUpdateGpuPciIdArgs", "SystemAdvancedUpdateGpuPciIdResult",
+]
+
+
+class SystemAdvancedEntry(BaseModel):
+    id: int
+    advancedmode: bool
+    autotune: bool
+    """Execute autotune script which attempts to optimize the system based on the installed hardware."""
+    kdump_enabled: bool
+    boot_scrub: PositiveInt
+    consolemenu: bool
+    """Enable console menu. Default to standard login in the console if disabled."""
+    consolemsg: bool
+    """Deprecated: Please use `consolemsg` attribute in the `system.general` plugin instead."""
+    debugkernel: bool
+    fqdn_syslog: bool
+    motd: str
+    login_banner: str = Field(max_length=4096)
+    powerdaemon: bool
+    serialconsole: bool
+    serialport: str
+    anonstats_token: str
+    serialspeed: Literal['9600', '19200', '38400', '57600', '115200']
+    overprovision: NonNegativeInt | None
+    traceback: bool
+    uploadcrash: bool
+    anonstats: bool
+    sed_user: Literal['USER', 'MASTER']
+    sysloglevel: Literal['F_EMERG', 'F_ALERT', 'F_CRIT', 'F_ERR', 'F_WARNING', 'F_NOTICE', 'F_INFO', 'F_DEBUG']
+    syslogserver: str = NotRequired
+    """When defined, logs of `sysloglevel` or higher are sent."""
+    syslog_transport: Literal['UDP', 'TCP', 'TLS']
+    syslog_tls_certificate: int | None
+    syslog_audit: bool = NotRequired
+    """The remote syslog server will also receive audit messages."""
+    isolated_gpu_pci_ids: list[str]
+    kernel_extra_options: str
+
+
+class SystemAdvancedUpdate(SystemAdvancedEntry, metaclass=ForUpdateMetaclass):
+    id: Excluded = excluded_field()
+    anonstats_token: Excluded = excluded_field()
+    isolated_gpu_pci_ids: Excluded = excluded_field()
+    sed_passwd: Secret[str]
+
+
 class SystemAdvancedGpuChoicesArgs(BaseModel):
     pass
 
@@ -16,6 +70,63 @@ class SystemAdvancedGpuChoicesResult(BaseModel):
     result: dict
 
 
+class SystemAdvancedLoginBannerArgs(BaseModel):
+    pass
+
+
+class SystemAdvancedLoginBannerResult(BaseModel):
+    result: str
+
+
+class SystemAdvancedSEDGlobalPasswordArgs(BaseModel):
+    pass
+
+
+class SystemAdvancedSEDGlobalPasswordResult(BaseModel):
+    result: Secret[str]
+
+
+class SystemAdvancedSEDGlobalPasswordIsSetArgs(BaseModel):
+    pass
+
+
+class SystemAdvancedSEDGlobalPasswordIsSetResult(BaseModel):
+    result: bool
+
+
+class SystemAdvancedSerialPortChoicesArgs(BaseModel):
+    pass
+
+
+class SystemAdvancedSerialPortChoicesResult(BaseModel):
+    result: dict[str, str]
+
+
+class SystemAdvancedSyslogCertificateAuthorityChoicesArgs(BaseModel):
+    pass
+
+
+class SystemAdvancedSyslogCertificateAuthorityChoicesResult(BaseModel):
+    result: EmptyDict
+
+
+class SystemAdvancedSyslogCertificateChoicesArgs(BaseModel):
+    pass
+
+
+class SystemAdvancedSyslogCertificateChoicesResult(BaseModel):
+    result: dict[int, NonEmptyString]
+    """IDs of certificates mapped to their names."""
+
+
+class SystemAdvancedUpdateArgs(BaseModel):
+    data: SystemAdvancedUpdate
+
+
+class SystemAdvancedUpdateResult(BaseModel):
+    result: SystemAdvancedEntry
+
+
 class SystemAdvancedUpdateGpuPciIdArgs(BaseModel):
     data: list[str]
 

src/middlewared/middlewared/plugins/system_advanced/config.py

@@ -7,9 +7,14 @@
 
 import middlewared.sqlalchemy as sa
 
-from middlewared.schema import accepts, Bool, Dict, Int, List, Patch, Password, returns, Str
-from middlewared.service import ConfigService, private, no_auth_required
-from middlewared.validators import Range
+from middlewared.api import api_method
+from middlewared.api.current import (
+    SystemAdvancedEntry, SystemAdvancedLoginBannerArgs, SystemAdvancedLoginBannerResult,
+    SystemAdvancedSEDGlobalPasswordArgs, SystemAdvancedSEDGlobalPasswordResult,
+    SystemAdvancedSEDGlobalPasswordIsSetArgs, SystemAdvancedSEDGlobalPasswordIsSetResult, SystemAdvancedUpdateArgs,
+    SystemAdvancedUpdateResult
+)
+from middlewared.service import ConfigService, private
 from middlewared.utils import run
 from middlewared.utils.service.settings import SettingsHelper
 
@@ -59,40 +64,7 @@ class Config:
         namespace = 'system.advanced'
         cli_namespace = 'system.advanced'
         role_prefix = 'SYSTEM_ADVANCED'
-
-    ENTRY = Dict(
-        'system_advanced_entry',
-        Bool('advancedmode', required=True),
-        Bool('autotune', required=True),
-        Bool('kdump_enabled', required=True),
-        Int('boot_scrub', validators=[Range(min_=1)], required=True),
-        Bool('consolemenu', required=True),
-        Bool('consolemsg', required=True),
-        Bool('debugkernel', required=True),
-        Bool('fqdn_syslog', required=True),
-        Str('motd', required=True),
-        Str('login_banner', required=True, max_length=4096),
-        Bool('powerdaemon', required=True),
-        Bool('serialconsole', required=True),
-        Str('serialport', required=True),
-        Str('anonstats_token', required=True),
-        Str('serialspeed', enum=['9600', '19200', '38400', '57600', '115200'], required=True),
-        Int('overprovision', validators=[Range(min_=0)], null=True, required=True),
-        Bool('traceback', required=True),
-        Bool('uploadcrash', required=True),
-        Bool('anonstats', required=True),
-        Str('sed_user', enum=['USER', 'MASTER'], required=True),
-        Str('sysloglevel', enum=[
-            'F_EMERG', 'F_ALERT', 'F_CRIT', 'F_ERR', 'F_WARNING', 'F_NOTICE', 'F_INFO', 'F_DEBUG',
-        ], required=True),
-        Str('syslogserver'),
-        Str('syslog_transport', enum=['UDP', 'TCP', 'TLS'], required=True),
-        Int('syslog_tls_certificate', null=True, required=True),
-        Bool('syslog_audit'),
-        List('isolated_gpu_pci_ids', items=[Str('pci_id')], required=True),
-        Str('kernel_extra_options', required=True),
-        Int('id', required=True),
-    )
+        entry = SystemAdvancedEntry
 
     @private
     async def system_advanced_extend(self, data):
@@ -180,32 +152,10 @@ async def _validate_kernel_extra_options(self, verrors, kernel_extra_options):
             #  foot-shooting
             verrors.add('kernel_extra_options', f'Modifying {invalid_param!r} is not allowed')
 
-    @accepts(
-        Patch(
-            'system_advanced_entry', 'system_advanced_update',
-            ('rm', {'name': 'id'}),
-            ('rm', {'name': 'anonstats_token'}),
-            ('rm', {'name': 'isolated_gpu_pci_ids'}),
-            ('add', Password('sed_passwd')),
-            ('attr', {'update': True}),
-        ),
-        audit='System advanced update'
-    )
+    @api_method(SystemAdvancedUpdateArgs, SystemAdvancedUpdateResult, audit='System advanced update')
     async def do_update(self, data):
         """
         Update System Advanced Service Configuration.
-
-        `consolemenu` should be disabled if the menu at console is not desired. It will default to standard login
-        in the console if disabled.
-
-        `autotune` when enabled executes autotune script which attempts to optimize the system based on the installed
-        hardware.
-
-        When `syslogserver` is defined, logs of `sysloglevel` or above are sent. If syslog_audit is also set
-        then the remote syslog server will also receive audit messages.
-
-        `consolemsg` is a deprecated attribute and will be removed in further releases. Please, use `consolemsg`
-        attribute in the `system.general` plugin.
         """
         consolemsg = None
         if 'consolemsg' in data:
@@ -291,15 +241,21 @@ async def do_update(self, data):
 
         return await self.config()
 
-    @accepts(roles=['SYSTEM_ADVANCED_READ'])
-    @returns(Bool('sed_global_password_is_set'))
+    @api_method(
+        SystemAdvancedSEDGlobalPasswordIsSetArgs,
+        SystemAdvancedSEDGlobalPasswordIsSetResult,
+        roles=['SYSTEM_ADVANCED_READ']
+    )
     async def sed_global_password_is_set(self):
         """Returns a boolean identifying whether or not a global
         SED password has been set"""
         return bool(await self.sed_global_password())
 
-    @accepts(roles=['SYSTEM_ADVANCED_READ'])
-    @returns(Password('sed_global_password'))
+    @api_method(
+        SystemAdvancedSEDGlobalPasswordArgs,
+        SystemAdvancedSEDGlobalPasswordResult,
+        roles=['SYSTEM_ADVANCED_READ']
+    )
     async def sed_global_password(self):
         """Returns configured global SED password in clear-text if one
         is configured, otherwise an empty string"""
@@ -308,9 +264,7 @@ async def sed_global_password(self):
         ))['sed_passwd']
         return passwd if passwd else await self.middleware.call('kmip.sed_global_password')
 
-    @no_auth_required
-    @accepts()
-    @returns(Str())
+    @api_method(SystemAdvancedLoginBannerArgs, SystemAdvancedLoginBannerResult, authentication_required=False)
     def login_banner(self):
         """Returns user set login banner"""
         # NOTE: This endpoint doesn't require authentication because

src/middlewared/middlewared/plugins/system_advanced/serial.py

@@ -1,4 +1,5 @@
-from middlewared.schema import accepts, Dict, returns
+from middlewared.api import api_method
+from middlewared.api.current import SystemAdvancedSerialPortChoicesArgs, SystemAdvancedSerialPortChoicesResult
 from middlewared.service import private, Service
 from middlewared.utils import run
 
@@ -9,8 +10,7 @@ class Config:
         namespace = 'system.advanced'
         cli_namespace = 'system.advanced'
 
-    @accepts()
-    @returns(Dict('serial_port_choices', additional_attrs=True))
+    @api_method(SystemAdvancedSerialPortChoicesArgs, SystemAdvancedSerialPortChoicesResult, roles=['READONLY_ADMIN'])
     async def serial_port_choices(self):
         """
         Get available choices for `serialport`.

src/middlewared/middlewared/plugins/system_advanced/syslog.py

@@ -1,4 +1,8 @@
-from middlewared.schema import accepts, Dict, returns
+from middlewared.api import api_method
+from middlewared.api.current import (
+    SystemAdvancedSyslogCertificateChoicesArgs, SystemAdvancedSyslogCertificateChoicesResult,
+    SystemAdvancedSyslogCertificateAuthorityChoicesArgs, SystemAdvancedSyslogCertificateAuthorityChoicesResult
+)
 from middlewared.service import Service
 
 
@@ -8,11 +12,11 @@ class Config:
         namespace = 'system.advanced'
         cli_namespace = 'system.advanced'
 
-    @accepts()
-    @returns(Dict(
-        additional_attrs=True,
-        title='Syslog Certificate Choices',
-    ))
+    @api_method(
+        SystemAdvancedSyslogCertificateChoicesArgs,
+        SystemAdvancedSyslogCertificateChoicesResult,
+        roles=['READONLY_ADMIN']
+    )
     async def syslog_certificate_choices(self):
         """
         Return choices of certificates which can be used for `syslog_tls_certificate`.
@@ -24,11 +28,11 @@ async def syslog_certificate_choices(self):
             )
         }
 
-    @accepts()
-    @returns(Dict(
-        additional_attrs=True,
-        title='Syslog Certificate Authority Choices',
-    ))
+    @api_method(
+        SystemAdvancedSyslogCertificateAuthorityChoicesArgs,
+        SystemAdvancedSyslogCertificateAuthorityChoicesResult,
+        authorization_required=False
+    )
     async def syslog_certificate_authority_choices(self):
         """
         Return choices of certificate authorities which can be used for `syslog_tls_certificate_authority`.