Always serialize method results (#14929)

src/middlewared/middlewared/api/base/handler/result.py

@@ -2,9 +2,6 @@
 
 
 def serialize_result(model, result, expose_secrets):
-    if expose_secrets:
-        return result
-
     return model(result=result).model_dump(
         context={"expose_secrets": expose_secrets},
         warnings=False,

src/middlewared/middlewared/api/v25_04_0/auth.py

@@ -2,7 +2,7 @@
 from middlewared.utils.auth import AuthMech, AuthResp
 from datetime import datetime
 from pydantic import Field, Secret
-from typing import Any, Literal
+from typing import Any, ForwardRef, Literal
 from .user import UserGetUserObjResult
 
 
@@ -129,8 +129,20 @@ class APIKeyCredentialData(UserCredentialData):
     api_key: APIKeySessionData
 
 
+class TokenParentCredentialsData(BaseModel):
+    credentials: Literal[
+        'UNIX_SOCKET',
+        'LOGIN_PASSWORD',
+        'LOGIN_TWOFACTOR',
+        'API_KEY',
+        'TOKEN',
+        'TRUENAS_NODE',
+    ]
+    credentials_data: BaseCredentialData | UserCredentialData | APIKeyCredentialData | ForwardRef("TokenCredentialData")
+
+
 class TokenCredentialData(BaseCredentialData):
-    parent: BaseCredentialData | UserCredentialData | APIKeyCredentialData
+    parent: TokenParentCredentialsData
     username: str | None
 
 

src/middlewared/middlewared/api/v25_04_0/fcport.py

@@ -11,13 +11,15 @@ class FCPortEntry(BaseModel):
     port: FibreChannelPortAlias
     wwpn: WWPN | None
     wwpn_b: WWPN | None
-    target_id: int
+    target: dict | None
 
 
 class FCPortCreate(FCPortEntry):
     id: Excluded = excluded_field()
     wwpn: Excluded = excluded_field()
     wwpn_b: Excluded = excluded_field()
+    target: Excluded = excluded_field()
+    target_id: int
 
 
 class FCPortCreateArgs(BaseModel):

src/middlewared/middlewared/api/v25_04_0/iscsi_extent.py

@@ -39,7 +39,7 @@ class IscsiExtentEntry(BaseModel):
     ro: bool = False
     enabled: bool = True
     vendor: str
-    locked: bool
+    locked: bool | None
 
 
 class IscsiExtentCreate(IscsiExtentEntry):

src/middlewared/middlewared/api/v25_04_0/keychain.py

@@ -92,8 +92,8 @@ class KeychainCredentialGenerateSSHKeyPairArgs(BaseModel):
 
 @single_argument_result
 class KeychainCredentialGenerateSSHKeyPairResult(BaseModel):
-    private_key: str
-    public_key: str
+    private_key: LongString
+    public_key: LongString
 
 
 @single_argument_args("keychain_remote_ssh_host_key_scan")

src/middlewared/middlewared/api/v25_04_0/virt.py

@@ -171,7 +171,7 @@ class VirtInstanceEntry(BaseModel):
     type: InstanceType = 'CONTAINER'
     status: Literal['RUNNING', 'STOPPED']
     cpu: str | None
-    memory: int
+    memory: int | None
     autostart: bool
     environment: dict[str, str]
     aliases: List[VirtInstanceAlias]

src/middlewared/middlewared/plugins/fcport.py

@@ -41,7 +41,8 @@ class Config:
         entry = FCPortEntry
         role_prefix = 'SHARING_ISCSI_TARGET'
 
-    @api_method(FCPortCreateArgs, FCPortCreateResult, audit='Create FC port mapping', audit_extended=lambda data: data['alias'])
+    @api_method(FCPortCreateArgs, FCPortCreateResult, audit='Create FC port mapping',
+                audit_extended=lambda data: data['alias'])
     async def do_create(self, data: dict) -> dict:
         """
         Creates mapping between a FC port and a target.

src/middlewared/middlewared/plugins/idmap.py

@@ -1238,14 +1238,12 @@ async def synthetic_user(self, passwd, sid):
             'locked': False,
             'sudo_commands': [],
             'sudo_commands_nopasswd': [],
-            'attributes': {},
             'groups': [],
             'sshpubkey': None,
             'local': False,
             'id_type_both': id_type_both,
             'roles': [],
             'api_keys': [],
-            'two_factor_auth_configured': False,
             'immutable': True,
             'smb': True,
             'sid': sid

src/middlewared/middlewared/service/sharing_service.py

@@ -114,6 +114,8 @@ async def sharing_task_extend(self, data, context):
             data[self.locked_field] = await self.middleware.call(
                 f'{self._config.namespace}.sharing_task_determine_locked', data, context['locked_datasets']
             )
+        else:
+            data[self.locked_field] = None
 
         return data
 

tests/api2/test_300_nfs.py

@@ -1664,7 +1664,7 @@ def test_nfsv4_acl_support(self, start_nfs):
 
                             result = call('filesystem.getacl', acl_nfs_path, not simplified)
                             for idx, ace in enumerate(result['acl']):
-                                assert ace == nfsacl[idx], str(ace)
+                                assert ace == {**nfsacl[idx], "who": None}, str(ace)
 
                         for flag in ("INHERIT_ONLY", "NO_PROPAGATE_INHERIT"):
                             theacl[4]['flags'][flag] = True
@@ -1675,7 +1675,7 @@ def test_nfsv4_acl_support(self, start_nfs):
 
                             result = call('filesystem.getacl', acl_nfs_path, not simplified)
                             for idx, ace in enumerate(result['acl']):
-                                assert ace == nfsacl[idx], str(ace)
+                                assert ace == {**nfsacl[idx], "who": None}, str(ace)
 
                         if test_acl_flag:
                             assert 'none' == n.getaclflag(".")

tests/api2/test_posix_acl.py

@@ -37,18 +37,21 @@ def getacl(self, perms=None):
                 "id": -1,
                 "perms": permfull,
                 "default": default,
+                "who": None,
             },
             {
                 "tag": "GROUP_OBJ",
                 "id": -1,
                 "perms": permfull,
                 "default": default,
+                "who": None,
             },
             {
                 "tag": "OTHER",
                 "id": -1,
                 "perms": permempty,
                 "default": default,
+                "who": None,
             },
         ]
 
@@ -166,6 +169,7 @@ def test_set_tag_(temp_ds, tag):
             "perms": test_permset,
             "id": 1000,
             "default": False,
+            "who": None,
         }
         if tag == "MASK":
             new_entry["id"] = -1
@@ -184,6 +188,7 @@ def test_set_tag_(temp_ds, tag):
             "perms": test_permset,
             "id": -1,
             "default": False,
+            "who": None,
         }
         payload["dacl"].insert(3, new_entry)
 
@@ -221,6 +226,7 @@ def test_set_default_tag_(temp_ds, tag):
             "perms": test_permset,
             "id": 1000,
             "default": True,
+            "who": None,
         }
         if tag == "MASK":
             new_entry["id"] = -1
@@ -239,6 +245,7 @@ def test_set_default_tag_(temp_ds, tag):
             "perms": test_permset,
             "id": -1,
             "default": True,
+            "who": None,
         }
         default.insert(3, new_entry)
 

tests/api2/test_user_create_dir.py

@@ -46,7 +46,6 @@ def test_create_homedir(setup_user):
     assert new2['home'] == new['home']
 
 
-
 def test_user_change_homedir_no_traverse(setup_user):
     """ we should not recurse into child datasets """
     with dataset(f'{DS_NAME}/subds') as subds:
@@ -95,7 +94,8 @@ def test_user_change_homedir_acl_preserve(setup_user):
         'id': -1,
         'perms': {'BASIC': 'FULL_CONTROL'},
         'flags': {'BASIC': 'INHERIT'},
-        'type': 'ALLOW'
+        'type': 'ALLOW',
+        'who': None,
     }]
     call('filesystem.mkdir', {'path': os.path.join(setup_user['home'], 'canary')})