]> git.proxmox.com Git - proxmox-backup.git/blob - src/api2/config/remote.rs
projects / proxmox-backup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
move acl to pbs_config workspaces, pbs_api_types cleanups
[proxmox-backup.git] / src / api2 / config / remote.rs
1 use anyhow::{bail, format_err, Error};
2 use serde_json::Value;
3 use ::serde::{Deserialize, Serialize};
4
5 use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
6 use proxmox::http_err;
7
8 use pbs_client::{HttpClient, HttpClientOptions};
9 use pbs_api_types::{
10 REMOTE_ID_SCHEMA, REMOTE_PASSWORD_SCHEMA, Remote, RemoteConfig, RemoteConfigUpdater,
11 Authid, PROXMOX_CONFIG_DIGEST_SCHEMA, DataStoreListItem, SyncJobConfig,
12 PRIV_REMOTE_AUDIT, PRIV_REMOTE_MODIFY,
13 };
14 use pbs_config::sync;
15
16 use crate::config::cached_user_info::CachedUserInfo;
17
18 #[api(
19 input: {
20 properties: {},
21 },
22 returns: {
23 description: "The list of configured remotes (with config digest).",
24 type: Array,
25 items: { type: Remote },
26 },
27 access: {
28 description: "List configured remotes filtered by Remote.Audit privileges",
29 permission: &Permission::Anybody,
30 },
31 )]
32 /// List all remotes
33 pub fn list_remotes(
34 _param: Value,
35 _info: &ApiMethod,
36 mut rpcenv: &mut dyn RpcEnvironment,
37 ) -> Result<Vec<Remote>, Error> {
38 let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
39 let user_info = CachedUserInfo::new()?;
40
41 let (config, digest) = pbs_config::remote::config()?;
42
43 let mut list: Vec<Remote> = config.convert_to_typed_array("remote")?;
44 // don't return password in api
45 for remote in &mut list {
46 remote.password = "".to_string();
47 }
48
49 let list = list
50 .into_iter()
51 .filter(|remote| {
52 let privs = user_info.lookup_privs(&auth_id, &["remote", &remote.name]);
53 privs & PRIV_REMOTE_AUDIT != 0
54 })
55 .collect();
56
57 rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();
58 Ok(list)
59 }
60
61 #[api(
62 protected: true,
63 input: {
64 properties: {
65 name: {
66 schema: REMOTE_ID_SCHEMA,
67 },
68 config: {
69 type: RemoteConfig,
70 flatten: true,
71 },
72 password: {
73 // We expect the plain password here (not base64 encoded)
74 schema: REMOTE_PASSWORD_SCHEMA,
75 },
76 },
77 },
78 access: {
79 permission: &Permission::Privilege(&["remote"], PRIV_REMOTE_MODIFY, false),
80 },
81 )]
82 /// Create new remote.
83 pub fn create_remote(
84 name: String,
85 config: RemoteConfig,
86 password: String,
87 ) -> Result<(), Error> {
88
89 let _lock = pbs_config::remote::config()?;
90
91 let (mut section_config, _digest) = pbs_config::remote::config()?;
92
93 if section_config.sections.get(&name).is_some() {
94 bail!("remote '{}' already exists.", name);
95 }
96
97 let remote = Remote { name: name.clone(), config, password };
98
99 section_config.set_data(&name, "remote", &remote)?;
100
101 pbs_config::remote::save_config(&section_config)?;
102
103 Ok(())
104 }
105
106 #[api(
107 input: {
108 properties: {
109 name: {
110 schema: REMOTE_ID_SCHEMA,
111 },
112 },
113 },
114 returns: { type: Remote },
115 access: {
116 permission: &Permission::Privilege(&["remote", "{name}"], PRIV_REMOTE_AUDIT, false),
117 }
118 )]
119 /// Read remote configuration data.
120 pub fn read_remote(
121 name: String,
122 _info: &ApiMethod,
123 mut rpcenv: &mut dyn RpcEnvironment,
124 ) -> Result<Remote, Error> {
125 let (config, digest) = pbs_config::remote::config()?;
126 let mut data: Remote = config.lookup("remote", &name)?;
127 data.password = "".to_string(); // do not return password in api
128 rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();
129 Ok(data)
130 }
131
132 #[api()]
133 #[derive(Serialize, Deserialize)]
134 #[allow(non_camel_case_types)]
135 /// Deletable property name
136 pub enum DeletableProperty {
137 /// Delete the comment property.
138 comment,
139 /// Delete the fingerprint property.
140 fingerprint,
141 /// Delete the port property.
142 port,
143 }
144
145 #[api(
146 protected: true,
147 input: {
148 properties: {
149 name: {
150 schema: REMOTE_ID_SCHEMA,
151 },
152 update: {
153 type: RemoteConfigUpdater,
154 flatten: true,
155 },
156 password: {
157 // We expect the plain password here (not base64 encoded)
158 optional: true,
159 schema: REMOTE_PASSWORD_SCHEMA,
160 },
161 delete: {
162 description: "List of properties to delete.",
163 type: Array,
164 optional: true,
165 items: {
166 type: DeletableProperty,
167 }
168 },
169 digest: {
170 optional: true,
171 schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
172 },
173 },
174 },
175 access: {
176 permission: &Permission::Privilege(&["remote", "{name}"], PRIV_REMOTE_MODIFY, false),
177 },
178 )]
179 /// Update remote configuration.
180 pub fn update_remote(
181 name: String,
182 update: RemoteConfigUpdater,
183 password: Option<String>,
184 delete: Option<Vec<DeletableProperty>>,
185 digest: Option<String>,
186 ) -> Result<(), Error> {
187
188 let _lock = pbs_config::remote::config()?;
189
190 let (mut config, expected_digest) = pbs_config::remote::config()?;
191
192 if let Some(ref digest) = digest {
193 let digest = proxmox::tools::hex_to_digest(digest)?;
194 crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
195 }
196
197 let mut data: Remote = config.lookup("remote", &name)?;
198
199 if let Some(delete) = delete {
200 for delete_prop in delete {
201 match delete_prop {
202 DeletableProperty::comment => { data.config.comment = None; },
203 DeletableProperty::fingerprint => { data.config.fingerprint = None; },
204 DeletableProperty::port => { data.config.port = None; },
205 }
206 }
207 }
208
209 if let Some(comment) = update.comment {
210 let comment = comment.trim().to_string();
211 if comment.is_empty() {
212 data.config.comment = None;
213 } else {
214 data.config.comment = Some(comment);
215 }
216 }
217 if let Some(host) = update.host { data.config.host = host; }
218 if update.port.is_some() { data.config.port = update.port; }
219 if let Some(auth_id) = update.auth_id { data.config.auth_id = auth_id; }
220 if let Some(password) = password { data.password = password; }
221
222 if update.fingerprint.is_some() { data.config.fingerprint = update.fingerprint; }
223
224 config.set_data(&name, "remote", &data)?;
225
226 pbs_config::remote::save_config(&config)?;
227
228 Ok(())
229 }
230
231 #[api(
232 protected: true,
233 input: {
234 properties: {
235 name: {
236 schema: REMOTE_ID_SCHEMA,
237 },
238 digest: {
239 optional: true,
240 schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
241 },
242 },
243 },
244 access: {
245 permission: &Permission::Privilege(&["remote", "{name}"], PRIV_REMOTE_MODIFY, false),
246 },
247 )]
248 /// Remove a remote from the configuration file.
249 pub fn delete_remote(name: String, digest: Option<String>) -> Result<(), Error> {
250
251 let (sync_jobs, _) = sync::config()?;
252
253 let job_list: Vec<SyncJobConfig> = sync_jobs.convert_to_typed_array("sync")?;
254 for job in job_list {
255 if job.remote == name {
256 bail!("remote '{}' is used by sync job '{}' (datastore '{}')", name, job.id, job.store);
257 }
258 }
259
260 let _lock = pbs_config::remote::config()?;
261
262 let (mut config, expected_digest) = pbs_config::remote::config()?;
263
264 if let Some(ref digest) = digest {
265 let digest = proxmox::tools::hex_to_digest(digest)?;
266 crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
267 }
268
269 match config.sections.get(&name) {
270 Some(_) => { config.sections.remove(&name); },
271 None => bail!("remote '{}' does not exist.", name),
272 }
273
274 pbs_config::remote::save_config(&config)?;
275
276 Ok(())
277 }
278
279 /// Helper to get client for remote.cfg entry
280 pub async fn remote_client(remote: Remote) -> Result<HttpClient, Error> {
281 let options = HttpClientOptions::new_non_interactive(remote.password.clone(), remote.config.fingerprint.clone());
282
283 let client = HttpClient::new(
284 &remote.config.host,
285 remote.config.port.unwrap_or(8007),
286 &remote.config.auth_id,
287 options)?;
288 let _auth_info = client.login() // make sure we can auth
289 .await
290 .map_err(|err| format_err!("remote connection to '{}' failed - {}", remote.config.host, err))?;
291
292 Ok(client)
293 }
294
295
296 #[api(
297 input: {
298 properties: {
299 name: {
300 schema: REMOTE_ID_SCHEMA,
301 },
302 },
303 },
304 access: {
305 permission: &Permission::Privilege(&["remote", "{name}"], PRIV_REMOTE_AUDIT, false),
306 },
307 returns: {
308 description: "List the accessible datastores.",
309 type: Array,
310 items: { type: DataStoreListItem },
311 },
312 )]
313 /// List datastores of a remote.cfg entry
314 pub async fn scan_remote_datastores(name: String) -> Result<Vec<DataStoreListItem>, Error> {
315 let (remote_config, _digest) = pbs_config::remote::config()?;
316 let remote: Remote = remote_config.lookup("remote", &name)?;
317
318 let map_remote_err = |api_err| {
319 http_err!(INTERNAL_SERVER_ERROR,
320 "failed to scan remote '{}' - {}",
321 &name,
322 api_err)
323 };
324
325 let client = remote_client(remote)
326 .await
327 .map_err(map_remote_err)?;
328 let api_res = client
329 .get("api2/json/admin/datastore", None)
330 .await
331 .map_err(map_remote_err)?;
332 let parse_res = match api_res.get("data") {
333 Some(data) => serde_json::from_value::<Vec<DataStoreListItem>>(data.to_owned()),
334 None => bail!("remote {} did not return any datastore list data", &name),
335 };
336
337 match parse_res {
338 Ok(parsed) => Ok(parsed),
339 Err(_) => bail!("Failed to parse remote scan api result."),
340 }
341 }
342
343 const SCAN_ROUTER: Router = Router::new()
344 .get(&API_METHOD_SCAN_REMOTE_DATASTORES);
345
346 const ITEM_ROUTER: Router = Router::new()
347 .get(&API_METHOD_READ_REMOTE)
348 .put(&API_METHOD_UPDATE_REMOTE)
349 .delete(&API_METHOD_DELETE_REMOTE)
350 .subdirs(&[("scan", &SCAN_ROUTER)]);
351
352 pub const ROUTER: Router = Router::new()
353 .get(&API_METHOD_LIST_REMOTES)
354 .post(&API_METHOD_CREATE_REMOTE)
355 .match_all("name", &ITEM_ROUTER);
Proxmox Backup Server and Client