1 //! Datastore Management
3 use std
::collections
::HashSet
;
5 use std
::os
::unix
::ffi
::OsStrExt
;
6 use std
::path
::PathBuf
;
8 use anyhow
::{bail, format_err, Error}
;
10 use hyper
::http
::request
::Parts
;
11 use hyper
::{header, Body, Response, StatusCode}
;
12 use serde_json
::{json, Value}
;
13 use tokio_stream
::wrappers
::ReceiverStream
;
16 api
, ApiResponseFuture
, ApiHandler
, ApiMethod
, Router
,
17 RpcEnvironment
, RpcEnvironmentType
, Permission
19 use proxmox
::api
::router
::{ReturnType, SubdirMap}
;
20 use proxmox
::api
::schema
::*;
21 use proxmox
::tools
::fs
::{
22 file_read_firstline
, file_read_optional_string
, replace_file
, CreateOptions
,
24 use proxmox
::{http_err, identity, list_subdirs_api_method, sortable}
;
26 use pxar
::accessor
::aio
::Accessor
;
29 use crate::api2
::types
::*;
30 use crate::api2
::node
::rrd
::create_value_from_rrd
;
31 use crate::api2
::helpers
;
33 use crate::config
::datastore
;
34 use crate::config
::cached_user_info
::CachedUserInfo
;
35 use crate::pxar
::create_zip
;
37 use crate::server
::{jobstate::Job, WorkerTask}
;
40 AsyncChannelWriter
, AsyncReaderStream
, WrappedReaderStream
,
43 use crate::config
::acl
::{
45 PRIV_DATASTORE_MODIFY
,
48 PRIV_DATASTORE_BACKUP
,
49 PRIV_DATASTORE_VERIFY
,
52 const GROUP_NOTES_FILE_NAME
: &str = "notes";
54 fn get_group_note_path(store
: &DataStore
, group
: &BackupGroup
) -> PathBuf
{
55 let mut note_path
= store
.base_path();
56 note_path
.push(group
.group_path());
57 note_path
.push(GROUP_NOTES_FILE_NAME
);
61 fn check_priv_or_backup_owner(
66 ) -> Result
<(), Error
> {
67 let user_info
= CachedUserInfo
::new()?
;
68 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", store
.name()]);
70 if privs
& required_privs
== 0 {
71 let owner
= store
.get_owner(group
)?
;
72 check_backup_owner(&owner
, auth_id
)?
;
77 fn check_backup_owner(
80 ) -> Result
<(), Error
> {
81 let correct_owner
= owner
== auth_id
82 || (owner
.is_token() && &Authid
::from(owner
.user().clone()) == auth_id
);
84 bail
!("backup owner check failed ({} != {})", auth_id
, owner
);
91 backup_dir
: &BackupDir
,
92 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
94 let (manifest
, index_size
) = store
.load_manifest(backup_dir
)?
;
96 let mut result
= Vec
::new();
97 for item
in manifest
.files() {
98 result
.push(BackupContent
{
99 filename
: item
.filename
.clone(),
100 crypt_mode
: Some(item
.crypt_mode
),
101 size
: Some(item
.size
),
105 result
.push(BackupContent
{
106 filename
: MANIFEST_BLOB_NAME
.to_string(),
107 crypt_mode
: match manifest
.signature
{
108 Some(_
) => Some(CryptMode
::SignOnly
),
109 None
=> Some(CryptMode
::None
),
111 size
: Some(index_size
),
114 Ok((manifest
, result
))
117 fn get_all_snapshot_files(
120 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
122 let (manifest
, mut files
) = read_backup_index(&store
, &info
.backup_dir
)?
;
124 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
125 acc
.insert(item
.filename
.clone());
129 for file
in &info
.files
{
130 if file_set
.contains(file
) { continue; }
131 files
.push(BackupContent
{
132 filename
: file
.to_string(),
138 Ok((manifest
, files
))
145 schema
: DATASTORE_SCHEMA
,
151 description
: "Returns the list of backup groups.",
157 permission
: &Permission
::Privilege(
158 &["datastore", "{store}"],
159 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
163 /// List backup groups.
166 rpcenv
: &mut dyn RpcEnvironment
,
167 ) -> Result
<Vec
<GroupListItem
>, Error
> {
169 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
170 let user_info
= CachedUserInfo
::new()?
;
171 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
173 let datastore
= DataStore
::lookup_datastore(&store
)?
;
174 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
176 let backup_groups
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
178 let group_info
= backup_groups
180 .fold(Vec
::new(), |mut group_info
, group
| {
181 let owner
= match datastore
.get_owner(&group
) {
182 Ok(auth_id
) => auth_id
,
184 eprintln
!("Failed to get owner of group '{}/{}' - {}",
191 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
195 let snapshots
= match group
.list_backups(&datastore
.base_path()) {
196 Ok(snapshots
) => snapshots
,
202 let backup_count
: u64 = snapshots
.len() as u64;
203 if backup_count
== 0 {
207 let last_backup
= snapshots
209 .fold(&snapshots
[0], |last
, curr
| {
210 if curr
.is_finished()
211 && curr
.backup_dir
.backup_time() > last
.backup_dir
.backup_time() {
219 let note_path
= get_group_note_path(&datastore
, &group
);
220 let comment
= file_read_firstline(¬e_path
).ok();
222 group_info
.push(GroupListItem
{
223 backup_type
: group
.backup_type().to_string(),
224 backup_id
: group
.backup_id().to_string(),
225 last_backup
: last_backup
.backup_dir
.backup_time(),
228 files
: last_backup
.files
,
242 schema
: DATASTORE_SCHEMA
,
245 schema
: BACKUP_TYPE_SCHEMA
,
248 schema
: BACKUP_ID_SCHEMA
,
253 permission
: &Permission
::Privilege(
254 &["datastore", "{store}"],
255 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
259 /// Delete backup group including all snapshots.
265 rpcenv
: &mut dyn RpcEnvironment
,
266 ) -> Result
<Value
, Error
> {
268 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
270 let group
= BackupGroup
::new(backup_type
, backup_id
);
271 let datastore
= DataStore
::lookup_datastore(&store
)?
;
273 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
275 datastore
.remove_backup_group(&group
)?
;
284 schema
: DATASTORE_SCHEMA
,
287 schema
: BACKUP_TYPE_SCHEMA
,
290 schema
: BACKUP_ID_SCHEMA
,
293 schema
: BACKUP_TIME_SCHEMA
,
299 description
: "Returns the list of archive files inside a backup snapshots.",
305 permission
: &Permission
::Privilege(
306 &["datastore", "{store}"],
307 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
311 /// List snapshot files.
312 pub fn list_snapshot_files(
318 rpcenv
: &mut dyn RpcEnvironment
,
319 ) -> Result
<Vec
<BackupContent
>, Error
> {
321 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
322 let datastore
= DataStore
::lookup_datastore(&store
)?
;
324 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
326 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
)?
;
328 let info
= BackupInfo
::new(&datastore
.base_path(), snapshot
)?
;
330 let (_manifest
, files
) = get_all_snapshot_files(&datastore
, &info
)?
;
339 schema
: DATASTORE_SCHEMA
,
342 schema
: BACKUP_TYPE_SCHEMA
,
345 schema
: BACKUP_ID_SCHEMA
,
348 schema
: BACKUP_TIME_SCHEMA
,
353 permission
: &Permission
::Privilege(
354 &["datastore", "{store}"],
355 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
359 /// Delete backup snapshot.
360 pub fn delete_snapshot(
366 rpcenv
: &mut dyn RpcEnvironment
,
367 ) -> Result
<Value
, Error
> {
369 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
371 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
372 let datastore
= DataStore
::lookup_datastore(&store
)?
;
374 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
376 datastore
.remove_backup_dir(&snapshot
, false)?
;
385 schema
: DATASTORE_SCHEMA
,
389 schema
: BACKUP_TYPE_SCHEMA
,
393 schema
: BACKUP_ID_SCHEMA
,
399 description
: "Returns the list of snapshots.",
401 type: SnapshotListItem
,
405 permission
: &Permission
::Privilege(
406 &["datastore", "{store}"],
407 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
411 /// List backup snapshots.
412 pub fn list_snapshots (
414 backup_type
: Option
<String
>,
415 backup_id
: Option
<String
>,
418 rpcenv
: &mut dyn RpcEnvironment
,
419 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
421 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
422 let user_info
= CachedUserInfo
::new()?
;
423 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
425 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
427 let datastore
= DataStore
::lookup_datastore(&store
)?
;
429 let base_path
= datastore
.base_path();
431 let groups
= match (backup_type
, backup_id
) {
432 (Some(backup_type
), Some(backup_id
)) => {
433 let mut groups
= Vec
::with_capacity(1);
434 groups
.push(BackupGroup
::new(backup_type
, backup_id
));
437 (Some(backup_type
), None
) => {
438 BackupInfo
::list_backup_groups(&base_path
)?
440 .filter(|group
| group
.backup_type() == backup_type
)
443 (None
, Some(backup_id
)) => {
444 BackupInfo
::list_backup_groups(&base_path
)?
446 .filter(|group
| group
.backup_id() == backup_id
)
449 _
=> BackupInfo
::list_backup_groups(&base_path
)?
,
452 let info_to_snapshot_list_item
= |group
: &BackupGroup
, owner
, info
: BackupInfo
| {
453 let backup_type
= group
.backup_type().to_string();
454 let backup_id
= group
.backup_id().to_string();
455 let backup_time
= info
.backup_dir
.backup_time();
457 match get_all_snapshot_files(&datastore
, &info
) {
458 Ok((manifest
, files
)) => {
459 // extract the first line from notes
460 let comment
: Option
<String
> = manifest
.unprotected
["notes"]
462 .and_then(|notes
| notes
.lines().next())
465 let fingerprint
= match manifest
.fingerprint() {
468 eprintln
!("error parsing fingerprint: '{}'", err
);
473 let verification
= manifest
.unprotected
["verify_state"].clone();
474 let verification
: Option
<SnapshotVerifyState
> = match serde_json
::from_value(verification
) {
475 Ok(verify
) => verify
,
477 eprintln
!("error parsing verification state : '{}'", err
);
482 let size
= Some(files
.iter().map(|x
| x
.size
.unwrap_or(0)).sum());
497 eprintln
!("error during snapshot file listing: '{}'", err
);
501 .map(|filename
| BackupContent
{
525 .try_fold(Vec
::new(), |mut snapshots
, group
| {
526 let owner
= match datastore
.get_owner(group
) {
527 Ok(auth_id
) => auth_id
,
529 eprintln
!("Failed to get owner of group '{}/{}' - {}",
533 return Ok(snapshots
);
537 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
538 return Ok(snapshots
);
541 let group_backups
= group
.list_backups(&datastore
.base_path())?
;
546 .map(|info
| info_to_snapshot_list_item(&group
, Some(owner
.clone()), info
))
553 fn get_snapshots_count(store
: &DataStore
, filter_owner
: Option
<&Authid
>) -> Result
<Counts
, Error
> {
554 let base_path
= store
.base_path();
555 let groups
= BackupInfo
::list_backup_groups(&base_path
)?
;
559 let owner
= match store
.get_owner(&group
) {
562 eprintln
!("Failed to get owner of group '{}/{}' - {}",
571 Some(filter
) => check_backup_owner(&owner
, filter
).is_ok(),
575 .try_fold(Counts
::default(), |mut counts
, group
| {
576 let snapshot_count
= group
.list_backups(&base_path
)?
.len() as u64;
578 let type_count
= match group
.backup_type() {
579 "ct" => counts
.ct
.get_or_insert(Default
::default()),
580 "vm" => counts
.vm
.get_or_insert(Default
::default()),
581 "host" => counts
.host
.get_or_insert(Default
::default()),
582 _
=> counts
.other
.get_or_insert(Default
::default()),
585 type_count
.groups
+= 1;
586 type_count
.snapshots
+= snapshot_count
;
596 schema
: DATASTORE_SCHEMA
,
602 description
: "Include additional information like snapshot counts and GC status.",
608 type: DataStoreStatus
,
611 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
614 /// Get datastore status.
619 rpcenv
: &mut dyn RpcEnvironment
,
620 ) -> Result
<DataStoreStatus
, Error
> {
621 let datastore
= DataStore
::lookup_datastore(&store
)?
;
622 let storage
= crate::tools
::disks
::disk_usage(&datastore
.base_path())?
;
623 let (counts
, gc_status
) = if verbose
{
624 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
625 let user_info
= CachedUserInfo
::new()?
;
627 let store_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
628 let filter_owner
= if store_privs
& PRIV_DATASTORE_AUDIT
!= 0 {
634 let counts
= Some(get_snapshots_count(&datastore
, filter_owner
)?
);
635 let gc_status
= Some(datastore
.last_gc_status());
643 total
: storage
.total
,
645 avail
: storage
.avail
,
655 schema
: DATASTORE_SCHEMA
,
658 schema
: BACKUP_TYPE_SCHEMA
,
662 schema
: BACKUP_ID_SCHEMA
,
666 schema
: IGNORE_VERIFIED_BACKUPS_SCHEMA
,
670 schema
: VERIFICATION_OUTDATED_AFTER_SCHEMA
,
674 schema
: BACKUP_TIME_SCHEMA
,
683 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_VERIFY
| PRIV_DATASTORE_BACKUP
, true),
688 /// This function can verify a single backup snapshot, all backup from a backup group,
689 /// or all backups in the datastore.
692 backup_type
: Option
<String
>,
693 backup_id
: Option
<String
>,
694 backup_time
: Option
<i64>,
695 ignore_verified
: Option
<bool
>,
696 outdated_after
: Option
<i64>,
697 rpcenv
: &mut dyn RpcEnvironment
,
698 ) -> Result
<Value
, Error
> {
699 let datastore
= DataStore
::lookup_datastore(&store
)?
;
700 let ignore_verified
= ignore_verified
.unwrap_or(true);
702 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
705 let mut backup_dir
= None
;
706 let mut backup_group
= None
;
707 let mut worker_type
= "verify";
709 match (backup_type
, backup_id
, backup_time
) {
710 (Some(backup_type
), Some(backup_id
), Some(backup_time
)) => {
711 worker_id
= format
!("{}:{}/{}/{:08X}", store
, backup_type
, backup_id
, backup_time
);
712 let dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
714 check_priv_or_backup_owner(&datastore
, dir
.group(), &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
716 backup_dir
= Some(dir
);
717 worker_type
= "verify_snapshot";
719 (Some(backup_type
), Some(backup_id
), None
) => {
720 worker_id
= format
!("{}:{}/{}", store
, backup_type
, backup_id
);
721 let group
= BackupGroup
::new(backup_type
, backup_id
);
723 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
725 backup_group
= Some(group
);
726 worker_type
= "verify_group";
728 (None
, None
, None
) => {
729 worker_id
= store
.clone();
731 _
=> bail
!("parameters do not specify a backup group or snapshot"),
734 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
736 let upid_str
= WorkerTask
::new_thread(
742 let verify_worker
= crate::backup
::VerifyWorker
::new(worker
.clone(), datastore
);
743 let failed_dirs
= if let Some(backup_dir
) = backup_dir
{
744 let mut res
= Vec
::new();
745 if !verify_backup_dir(
748 worker
.upid().clone(),
749 Some(&move |manifest
| {
750 verify_filter(ignore_verified
, outdated_after
, manifest
)
753 res
.push(backup_dir
.to_string());
756 } else if let Some(backup_group
) = backup_group
{
757 let failed_dirs
= verify_backup_group(
760 &mut StoreProgress
::new(1),
762 Some(&move |manifest
| {
763 verify_filter(ignore_verified
, outdated_after
, manifest
)
768 let privs
= CachedUserInfo
::new()?
769 .lookup_privs(&auth_id
, &["datastore", &store
]);
771 let owner
= if privs
& PRIV_DATASTORE_VERIFY
== 0 {
781 Some(&move |manifest
| {
782 verify_filter(ignore_verified
, outdated_after
, manifest
)
786 if !failed_dirs
.is_empty() {
787 worker
.log("Failed to verify the following snapshots/groups:");
788 for dir
in failed_dirs
{
789 worker
.log(format
!("\t{}", dir
));
791 bail
!("verification failed - please check the log for details");
801 macro_rules
! add_common_prune_prameters
{
802 ( [ $
( $list1
:tt
)* ] ) => {
803 add_common_prune_prameters
!([$
( $list1
)* ] , [])
805 ( [ $
( $list1
:tt
)* ] , [ $
( $list2
:tt
)* ] ) => {
811 &PRUNE_SCHEMA_KEEP_DAILY
,
816 &PRUNE_SCHEMA_KEEP_HOURLY
,
821 &PRUNE_SCHEMA_KEEP_LAST
,
826 &PRUNE_SCHEMA_KEEP_MONTHLY
,
831 &PRUNE_SCHEMA_KEEP_WEEKLY
,
836 &PRUNE_SCHEMA_KEEP_YEARLY
,
843 pub const API_RETURN_SCHEMA_PRUNE
: Schema
= ArraySchema
::new(
844 "Returns the list of snapshots and a flag indicating if there are kept or removed.",
845 &PruneListItem
::API_SCHEMA
848 pub const API_METHOD_PRUNE
: ApiMethod
= ApiMethod
::new(
849 &ApiHandler
::Sync(&prune
),
851 "Prune the datastore.",
852 &add_common_prune_prameters
!([
853 ("backup-id", false, &BACKUP_ID_SCHEMA
),
854 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
855 ("dry-run", true, &BooleanSchema
::new(
856 "Just show what prune would do, but do not delete anything.")
860 ("store", false, &DATASTORE_SCHEMA
),
863 .returns(ReturnType
::new(false, &API_RETURN_SCHEMA_PRUNE
))
864 .access(None
, &Permission
::Privilege(
865 &["datastore", "{store}"],
866 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
873 rpcenv
: &mut dyn RpcEnvironment
,
874 ) -> Result
<Value
, Error
> {
876 let store
= tools
::required_string_param(¶m
, "store")?
;
877 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
878 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
880 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
882 let dry_run
= param
["dry-run"].as_bool().unwrap_or(false);
884 let group
= BackupGroup
::new(backup_type
, backup_id
);
886 let datastore
= DataStore
::lookup_datastore(&store
)?
;
888 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
890 let prune_options
= PruneOptions
{
891 keep_last
: param
["keep-last"].as_u64(),
892 keep_hourly
: param
["keep-hourly"].as_u64(),
893 keep_daily
: param
["keep-daily"].as_u64(),
894 keep_weekly
: param
["keep-weekly"].as_u64(),
895 keep_monthly
: param
["keep-monthly"].as_u64(),
896 keep_yearly
: param
["keep-yearly"].as_u64(),
899 let worker_id
= format
!("{}:{}/{}", store
, backup_type
, backup_id
);
901 let mut prune_result
= Vec
::new();
903 let list
= group
.list_backups(&datastore
.base_path())?
;
905 let mut prune_info
= compute_prune_info(list
, &prune_options
)?
;
907 prune_info
.reverse(); // delete older snapshots first
909 let keep_all
= !prune_options
.keeps_something();
912 for (info
, mut keep
) in prune_info
{
913 if keep_all { keep = true; }
915 let backup_time
= info
.backup_dir
.backup_time();
916 let group
= info
.backup_dir
.group();
918 prune_result
.push(json
!({
919 "backup-type": group
.backup_type(),
920 "backup-id": group
.backup_id(),
921 "backup-time": backup_time
,
925 return Ok(json
!(prune_result
));
929 // We use a WorkerTask just to have a task log, but run synchrounously
930 let worker
= WorkerTask
::new("prune", Some(worker_id
), auth_id
, true)?
;
933 worker
.log("No prune selection - keeping all files.");
935 worker
.log(format
!("retention options: {}", prune_options
.cli_options_string()));
936 worker
.log(format
!("Starting prune on store \"{}\" group \"{}/{}\"",
937 store
, backup_type
, backup_id
));
940 for (info
, mut keep
) in prune_info
{
941 if keep_all { keep = true; }
943 let backup_time
= info
.backup_dir
.backup_time();
944 let timestamp
= info
.backup_dir
.backup_time_string();
945 let group
= info
.backup_dir
.group();
953 if keep { "keep" }
else { "remove" }
,
958 prune_result
.push(json
!({
959 "backup-type": group
.backup_type(),
960 "backup-id": group
.backup_id(),
961 "backup-time": backup_time
,
965 if !(dry_run
|| keep
) {
966 if let Err(err
) = datastore
.remove_backup_dir(&info
.backup_dir
, false) {
969 "failed to remove dir {:?}: {}",
970 info
.backup_dir
.relative_path(), err
977 worker
.log_result(&Ok(()));
979 Ok(json
!(prune_result
))
986 schema
: DATASTORE_SCHEMA
,
994 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
997 /// Start garbage collection.
998 pub fn start_garbage_collection(
1001 rpcenv
: &mut dyn RpcEnvironment
,
1002 ) -> Result
<Value
, Error
> {
1004 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1005 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1007 let job
= Job
::new("garbage_collection", &store
)
1008 .map_err(|_
| format_err
!("garbage collection already running"))?
;
1010 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
1012 let upid_str
= crate::server
::do_garbage_collection_job(job
, datastore
, &auth_id
, None
, to_stdout
)
1013 .map_err(|err
| format_err
!("unable to start garbage collection job on datastore {} - {}", store
, err
))?
;
1022 schema
: DATASTORE_SCHEMA
,
1027 type: GarbageCollectionStatus
,
1030 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
1033 /// Garbage collection status.
1034 pub fn garbage_collection_status(
1037 _rpcenv
: &mut dyn RpcEnvironment
,
1038 ) -> Result
<GarbageCollectionStatus
, Error
> {
1040 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1042 let status
= datastore
.last_gc_status();
1049 description
: "List the accessible datastores.",
1051 items
: { type: DataStoreListItem }
,
1054 permission
: &Permission
::Anybody
,
1058 pub fn get_datastore_list(
1061 rpcenv
: &mut dyn RpcEnvironment
,
1062 ) -> Result
<Vec
<DataStoreListItem
>, Error
> {
1064 let (config
, _digest
) = datastore
::config()?
;
1066 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1067 let user_info
= CachedUserInfo
::new()?
;
1069 let mut list
= Vec
::new();
1071 for (store
, (_
, data
)) in &config
.sections
{
1072 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1073 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
1077 store
: store
.clone(),
1078 comment
: data
["comment"].as_str().map(String
::from
),
1088 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
1089 &ApiHandler
::AsyncHttp(&download_file
),
1091 "Download single raw file from backup snapshot.",
1093 ("store", false, &DATASTORE_SCHEMA
),
1094 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1095 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1096 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1097 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1100 ).access(None
, &Permission
::Privilege(
1101 &["datastore", "{store}"],
1102 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1106 pub fn download_file(
1111 rpcenv
: Box
<dyn RpcEnvironment
>,
1112 ) -> ApiResponseFuture
{
1115 let store
= tools
::required_string_param(¶m
, "store")?
;
1116 let datastore
= DataStore
::lookup_datastore(store
)?
;
1118 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1120 let file_name
= tools
::required_string_param(¶m
, "file-name")?
.to_owned();
1122 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1123 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1124 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1126 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1128 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1130 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1132 let mut path
= datastore
.base_path();
1133 path
.push(backup_dir
.relative_path());
1134 path
.push(&file_name
);
1136 let file
= tokio
::fs
::File
::open(&path
)
1138 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1140 let payload
= tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
1141 .map_ok(|bytes
| bytes
.freeze())
1142 .map_err(move |err
| {
1143 eprintln
!("error during streaming of '{:?}' - {}", &path
, err
);
1146 let body
= Body
::wrap_stream(payload
);
1148 // fixme: set other headers ?
1149 Ok(Response
::builder()
1150 .status(StatusCode
::OK
)
1151 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1158 pub const API_METHOD_DOWNLOAD_FILE_DECODED
: ApiMethod
= ApiMethod
::new(
1159 &ApiHandler
::AsyncHttp(&download_file_decoded
),
1161 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
1163 ("store", false, &DATASTORE_SCHEMA
),
1164 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1165 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1166 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1167 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1170 ).access(None
, &Permission
::Privilege(
1171 &["datastore", "{store}"],
1172 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1176 pub fn download_file_decoded(
1181 rpcenv
: Box
<dyn RpcEnvironment
>,
1182 ) -> ApiResponseFuture
{
1185 let store
= tools
::required_string_param(¶m
, "store")?
;
1186 let datastore
= DataStore
::lookup_datastore(store
)?
;
1188 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1190 let file_name
= tools
::required_string_param(¶m
, "file-name")?
.to_owned();
1192 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1193 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1194 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1196 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1198 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1200 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1202 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1203 bail
!("cannot decode '{}' - is encrypted", file_name
);
1207 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1209 let mut path
= datastore
.base_path();
1210 path
.push(backup_dir
.relative_path());
1211 path
.push(&file_name
);
1213 let extension
= file_name
.rsplitn(2, '
.'
).next().unwrap();
1215 let body
= match extension
{
1217 let index
= DynamicIndexReader
::open(&path
)
1218 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1219 let (csum
, size
) = index
.compute_csum();
1220 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1222 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1223 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1224 Body
::wrap_stream(AsyncReaderStream
::new(reader
)
1225 .map_err(move |err
| {
1226 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1231 let index
= FixedIndexReader
::open(&path
)
1232 .map_err(|err
| format_err
!("unable to read fixed index '{:?}' - {}", &path
, err
))?
;
1234 let (csum
, size
) = index
.compute_csum();
1235 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1237 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1238 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1239 Body
::wrap_stream(AsyncReaderStream
::with_buffer_size(reader
, 4*1024*1024)
1240 .map_err(move |err
| {
1241 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1246 let file
= std
::fs
::File
::open(&path
)
1247 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1249 // FIXME: load full blob to verify index checksum?
1252 WrappedReaderStream
::new(DataBlobReader
::new(file
, None
)?
)
1253 .map_err(move |err
| {
1254 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1260 bail
!("cannot download '{}' files", extension
);
1264 // fixme: set other headers ?
1265 Ok(Response
::builder()
1266 .status(StatusCode
::OK
)
1267 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1274 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
1275 &ApiHandler
::AsyncHttp(&upload_backup_log
),
1277 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
1279 ("store", false, &DATASTORE_SCHEMA
),
1280 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1281 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1282 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1286 Some("Only the backup creator/owner is allowed to do this."),
1287 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP
, false)
1290 pub fn upload_backup_log(
1295 rpcenv
: Box
<dyn RpcEnvironment
>,
1296 ) -> ApiResponseFuture
{
1299 let store
= tools
::required_string_param(¶m
, "store")?
;
1300 let datastore
= DataStore
::lookup_datastore(store
)?
;
1302 let file_name
= CLIENT_LOG_BLOB_NAME
;
1304 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1305 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1306 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1308 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1310 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1311 let owner
= datastore
.get_owner(backup_dir
.group())?
;
1312 check_backup_owner(&owner
, &auth_id
)?
;
1314 let mut path
= datastore
.base_path();
1315 path
.push(backup_dir
.relative_path());
1316 path
.push(&file_name
);
1319 bail
!("backup already contains a log.");
1322 println
!("Upload backup log to {}/{}/{}/{}/{}", store
,
1323 backup_type
, backup_id
, backup_dir
.backup_time_string(), file_name
);
1326 .map_err(Error
::from
)
1327 .try_fold(Vec
::new(), |mut acc
, chunk
| {
1328 acc
.extend_from_slice(&*chunk
);
1329 future
::ok
::<_
, Error
>(acc
)
1333 // always verify blob/CRC at server side
1334 let blob
= DataBlob
::load_from_reader(&mut &data
[..])?
;
1336 replace_file(&path
, blob
.raw_data(), CreateOptions
::new())?
;
1338 // fixme: use correct formatter
1339 Ok(crate::server
::formatter
::json_response(Ok(Value
::Null
)))
1347 schema
: DATASTORE_SCHEMA
,
1350 schema
: BACKUP_TYPE_SCHEMA
,
1353 schema
: BACKUP_ID_SCHEMA
,
1356 schema
: BACKUP_TIME_SCHEMA
,
1359 description
: "Base64 encoded path.",
1365 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1368 /// Get the entries of the given path of the catalog
1371 backup_type
: String
,
1375 rpcenv
: &mut dyn RpcEnvironment
,
1376 ) -> Result
<Vec
<ArchiveEntry
>, Error
> {
1377 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1379 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1381 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1383 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1385 let file_name
= CATALOG_NAME
;
1387 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1389 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1390 bail
!("cannot decode '{}' - is encrypted", file_name
);
1394 let mut path
= datastore
.base_path();
1395 path
.push(backup_dir
.relative_path());
1396 path
.push(file_name
);
1398 let index
= DynamicIndexReader
::open(&path
)
1399 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1401 let (csum
, size
) = index
.compute_csum();
1402 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1404 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1405 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1407 let mut catalog_reader
= CatalogReader
::new(reader
);
1409 let path
= if filepath
!= "root" && filepath
!= "/" {
1410 base64
::decode(filepath
)?
1415 helpers
::list_dir_content(&mut catalog_reader
, &path
)
1419 pub const API_METHOD_PXAR_FILE_DOWNLOAD
: ApiMethod
= ApiMethod
::new(
1420 &ApiHandler
::AsyncHttp(&pxar_file_download
),
1422 "Download single file from pxar file of a backup snapshot. Only works if it's not encrypted.",
1424 ("store", false, &DATASTORE_SCHEMA
),
1425 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1426 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1427 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1428 ("filepath", false, &StringSchema
::new("Base64 encoded path").schema()),
1431 ).access(None
, &Permission
::Privilege(
1432 &["datastore", "{store}"],
1433 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1437 pub fn pxar_file_download(
1442 rpcenv
: Box
<dyn RpcEnvironment
>,
1443 ) -> ApiResponseFuture
{
1446 let store
= tools
::required_string_param(¶m
, "store")?
;
1447 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1449 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1451 let filepath
= tools
::required_string_param(¶m
, "filepath")?
.to_owned();
1453 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1454 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1455 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1457 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1459 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1461 let mut components
= base64
::decode(&filepath
)?
;
1462 if !components
.is_empty() && components
[0] == b'
/'
{
1463 components
.remove(0);
1466 let mut split
= components
.splitn(2, |c
| *c
== b'
/'
);
1467 let pxar_name
= std
::str::from_utf8(split
.next().unwrap())?
;
1468 let file_path
= split
.next().unwrap_or(b
"/");
1469 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1471 if file
.filename
== pxar_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1472 bail
!("cannot decode '{}' - is encrypted", pxar_name
);
1476 let mut path
= datastore
.base_path();
1477 path
.push(backup_dir
.relative_path());
1478 path
.push(pxar_name
);
1480 let index
= DynamicIndexReader
::open(&path
)
1481 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1483 let (csum
, size
) = index
.compute_csum();
1484 manifest
.verify_file(&pxar_name
, &csum
, size
)?
;
1486 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1487 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1488 let archive_size
= reader
.archive_size();
1489 let reader
= LocalDynamicReadAt
::new(reader
);
1491 let decoder
= Accessor
::new(reader
, archive_size
).await?
;
1492 let root
= decoder
.open_root().await?
;
1493 let path
= OsStr
::from_bytes(file_path
).to_os_string();
1495 .lookup(&path
).await?
1496 .ok_or_else(|| format_err
!("error opening '{:?}'", path
))?
;
1498 let body
= match file
.kind() {
1499 EntryKind
::File { .. }
=> Body
::wrap_stream(
1500 AsyncReaderStream
::new(file
.contents().await?
).map_err(move |err
| {
1501 eprintln
!("error during streaming of file '{:?}' - {}", filepath
, err
);
1505 EntryKind
::Hardlink(_
) => Body
::wrap_stream(
1506 AsyncReaderStream
::new(decoder
.follow_hardlink(&file
).await?
.contents().await?
)
1507 .map_err(move |err
| {
1509 "error during streaming of hardlink '{:?}' - {}",
1515 EntryKind
::Directory
=> {
1516 let (sender
, receiver
) = tokio
::sync
::mpsc
::channel(100);
1517 let channelwriter
= AsyncChannelWriter
::new(sender
, 1024 * 1024);
1518 crate::server
::spawn_internal_task(
1519 create_zip(channelwriter
, decoder
, path
.clone(), false)
1521 Body
::wrap_stream(ReceiverStream
::new(receiver
).map_err(move |err
| {
1522 eprintln
!("error during streaming of zip '{:?}' - {}", path
, err
);
1526 other
=> bail
!("cannot download file of type {:?}", other
),
1529 // fixme: set other headers ?
1530 Ok(Response
::builder()
1531 .status(StatusCode
::OK
)
1532 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1542 schema
: DATASTORE_SCHEMA
,
1545 type: RRDTimeFrameResolution
,
1553 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1556 /// Read datastore stats
1557 pub fn get_rrd_stats(
1559 timeframe
: RRDTimeFrameResolution
,
1562 ) -> Result
<Value
, Error
> {
1564 create_value_from_rrd(
1565 &format
!("datastore/{}", store
),
1568 "read_ios", "read_bytes",
1569 "write_ios", "write_bytes",
1581 schema
: DATASTORE_SCHEMA
,
1584 schema
: BACKUP_TYPE_SCHEMA
,
1587 schema
: BACKUP_ID_SCHEMA
,
1592 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1595 /// Get "notes" for a backup group
1596 pub fn get_group_notes(
1598 backup_type
: String
,
1600 rpcenv
: &mut dyn RpcEnvironment
,
1601 ) -> Result
<String
, Error
> {
1602 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1604 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1605 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1607 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1609 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1610 Ok(file_read_optional_string(note_path
)?
.unwrap_or_else(|| "".to_owned()))
1617 schema
: DATASTORE_SCHEMA
,
1620 schema
: BACKUP_TYPE_SCHEMA
,
1623 schema
: BACKUP_ID_SCHEMA
,
1626 description
: "A multiline text.",
1631 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1632 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1636 /// Set "notes" for a backup group
1637 pub fn set_group_notes(
1639 backup_type
: String
,
1642 rpcenv
: &mut dyn RpcEnvironment
,
1643 ) -> Result
<(), Error
> {
1644 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1646 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1647 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1649 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1651 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1652 replace_file(note_path
, notes
.as_bytes(), CreateOptions
::new())?
;
1661 schema
: DATASTORE_SCHEMA
,
1664 schema
: BACKUP_TYPE_SCHEMA
,
1667 schema
: BACKUP_ID_SCHEMA
,
1670 schema
: BACKUP_TIME_SCHEMA
,
1675 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1678 /// Get "notes" for a specific backup
1681 backup_type
: String
,
1684 rpcenv
: &mut dyn RpcEnvironment
,
1685 ) -> Result
<String
, Error
> {
1686 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1688 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1689 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1691 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1693 let (manifest
, _
) = datastore
.load_manifest(&backup_dir
)?
;
1695 let notes
= manifest
.unprotected
["notes"]
1699 Ok(String
::from(notes
))
1706 schema
: DATASTORE_SCHEMA
,
1709 schema
: BACKUP_TYPE_SCHEMA
,
1712 schema
: BACKUP_ID_SCHEMA
,
1715 schema
: BACKUP_TIME_SCHEMA
,
1718 description
: "A multiline text.",
1723 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1724 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1728 /// Set "notes" for a specific backup
1731 backup_type
: String
,
1735 rpcenv
: &mut dyn RpcEnvironment
,
1736 ) -> Result
<(), Error
> {
1737 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1739 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1740 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1742 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1744 datastore
.update_manifest(&backup_dir
,|manifest
| {
1745 manifest
.unprotected
["notes"] = notes
.into();
1746 }).map_err(|err
| format_err
!("unable to update manifest blob - {}", err
))?
;
1755 schema
: DATASTORE_SCHEMA
,
1758 schema
: BACKUP_TYPE_SCHEMA
,
1761 schema
: BACKUP_ID_SCHEMA
,
1769 permission
: &Permission
::Anybody
,
1770 description
: "Datastore.Modify on whole datastore, or changing ownership between user and a user's token for owned backups with Datastore.Backup"
1773 /// Change owner of a backup group
1774 pub fn set_backup_owner(
1776 backup_type
: String
,
1779 rpcenv
: &mut dyn RpcEnvironment
,
1780 ) -> Result
<(), Error
> {
1782 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1784 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1786 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1788 let user_info
= CachedUserInfo
::new()?
;
1790 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1792 let allowed
= if (privs
& PRIV_DATASTORE_MODIFY
) != 0 {
1793 // High-privilege user/token
1795 } else if (privs
& PRIV_DATASTORE_BACKUP
) != 0 {
1796 let owner
= datastore
.get_owner(&backup_group
)?
;
1798 match (owner
.is_token(), new_owner
.is_token()) {
1800 // API token to API token, owned by same user
1801 let owner
= owner
.user();
1802 let new_owner
= new_owner
.user();
1803 owner
== new_owner
&& Authid
::from(owner
.clone()) == auth_id
1806 // API token to API token owner
1807 Authid
::from(owner
.user().clone()) == auth_id
1808 && new_owner
== auth_id
1811 // API token owner to API token
1813 && Authid
::from(new_owner
.user().clone()) == auth_id
1816 // User to User, not allowed for unprivileged users
1825 return Err(http_err
!(UNAUTHORIZED
,
1826 "{} does not have permission to change owner of backup group '{}' to {}",
1833 if !user_info
.is_active_auth_id(&new_owner
) {
1834 bail
!("{} '{}' is inactive or non-existent",
1835 if new_owner
.is_token() {
1836 "API token".to_string()
1843 datastore
.set_owner(&backup_group
, &new_owner
, true)?
;
1849 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
1853 .get(&API_METHOD_CATALOG
)
1858 .post(&API_METHOD_SET_BACKUP_OWNER
)
1863 .download(&API_METHOD_DOWNLOAD_FILE
)
1868 .download(&API_METHOD_DOWNLOAD_FILE_DECODED
)
1873 .get(&API_METHOD_LIST_SNAPSHOT_FILES
)
1878 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
1879 .post(&API_METHOD_START_GARBAGE_COLLECTION
)
1884 .get(&API_METHOD_GET_GROUP_NOTES
)
1885 .put(&API_METHOD_SET_GROUP_NOTES
)
1890 .get(&API_METHOD_LIST_GROUPS
)
1891 .delete(&API_METHOD_DELETE_GROUP
)
1896 .get(&API_METHOD_GET_NOTES
)
1897 .put(&API_METHOD_SET_NOTES
)
1902 .post(&API_METHOD_PRUNE
)
1905 "pxar-file-download",
1907 .download(&API_METHOD_PXAR_FILE_DOWNLOAD
)
1912 .get(&API_METHOD_GET_RRD_STATS
)
1917 .get(&API_METHOD_LIST_SNAPSHOTS
)
1918 .delete(&API_METHOD_DELETE_SNAPSHOT
)
1923 .get(&API_METHOD_STATUS
)
1926 "upload-backup-log",
1928 .upload(&API_METHOD_UPLOAD_BACKUP_LOG
)
1933 .post(&API_METHOD_VERIFY
)
1937 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
1938 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
1939 .subdirs(DATASTORE_INFO_SUBDIRS
);
1942 pub const ROUTER
: Router
= Router
::new()
1943 .get(&API_METHOD_GET_DATASTORE_LIST
)
1944 .match_all("store", &DATASTORE_INFO_ROUTER
);