use proxmox::const_regex;
use proxmox::{IPRE, IPRE_BRACKET, IPV4RE, IPV6RE, IPV4OCTET, IPV6H16, IPV6LS32};
-use crate::backup::CryptMode;
+use crate::backup::{CryptMode, Fingerprint, BACKUP_ID_REGEX};
use crate::server::UPID;
#[macro_use]
#[macro_use]
mod userid;
pub use userid::{Realm, RealmRef};
+pub use userid::{Tokenname, TokennameRef};
pub use userid::{Username, UsernameRef};
pub use userid::Userid;
-pub use userid::PROXMOX_GROUP_ID_SCHEMA;
+pub use userid::Authid;
+pub use userid::{PROXMOX_TOKEN_ID_SCHEMA, PROXMOX_TOKEN_NAME_SCHEMA, PROXMOX_GROUP_ID_SCHEMA};
+
+mod tape;
+pub use tape::*;
// File names: may not contain slashes, may not start with "."
pub const FILENAME_FORMAT: ApiStringFormat = ApiStringFormat::VerifyFn(|name| {
/// any identifier command line tools work with.
pub PROXMOX_SAFE_ID_REGEX = concat!(r"^", PROXMOX_SAFE_ID_REGEX_STR!(), r"$");
+ /// Regex for verification jobs 'DATASTORE:ACTUAL_JOB_ID'
+ pub VERIFICATION_JOB_WORKER_ID_REGEX = concat!(r"^(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):");
+ /// Regex for sync jobs 'REMOTE:REMOTE_DATASTORE:LOCAL_DATASTORE:ACTUAL_JOB_ID'
+ pub SYNC_JOB_WORKER_ID_REGEX = concat!(r"^(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):");
+
pub SINGLE_LINE_COMMENT_REGEX = r"^[[:^cntrl:]]*$";
pub HOSTNAME_REGEX = r"^(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?)$";
pub DNS_NAME_OR_IP_REGEX = concat!(r"^(?:", DNS_NAME!(), "|", IPRE!(), r")$");
- pub BACKUP_REPO_URL_REGEX = concat!(r"^^(?:(?:(", USER_ID_REGEX_STR!(), ")@)?(", DNS_NAME!(), "|", IPRE_BRACKET!() ,"):)?(?:([0-9]{1,5}):)?(", PROXMOX_SAFE_ID_REGEX_STR!(), r")$");
+ pub BACKUP_REPO_URL_REGEX = concat!(r"^^(?:(?:(", USER_ID_REGEX_STR!(), "|", APITOKEN_ID_REGEX_STR!(), ")@)?(", DNS_NAME!(), "|", IPRE_BRACKET!() ,"):)?(?:([0-9]{1,5}):)?(", PROXMOX_SAFE_ID_REGEX_STR!(), r")$");
- pub CERT_FINGERPRINT_SHA256_REGEX = r"^(?:[0-9a-fA-F][0-9a-fA-F])(?::[0-9a-fA-F][0-9a-fA-F]){31}$";
+ pub FINGERPRINT_SHA256_REGEX = r"^(?:[0-9a-fA-F][0-9a-fA-F])(?::[0-9a-fA-F][0-9a-fA-F]){31}$";
pub ACL_PATH_REGEX = concat!(r"^(?:/|", r"(?:/", PROXMOX_SAFE_ID_REGEX_STR!(), ")+", r")$");
+ pub SUBSCRIPTION_KEY_REGEX = concat!(r"^pbs(?:[cbsp])-[0-9a-f]{10}$");
+
pub BLOCKDEVICE_NAME_REGEX = r"^(:?(:?h|s|x?v)d[a-z]+)|(:?nvme\d+n\d+)$";
pub ZPOOL_NAME_REGEX = r"^[a-zA-Z][a-z0-9A-Z\-_.:]+$";
pub const PVE_CONFIG_DIGEST_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&SHA256_HEX_REGEX);
-pub const CERT_FINGERPRINT_SHA256_FORMAT: ApiStringFormat =
- ApiStringFormat::Pattern(&CERT_FINGERPRINT_SHA256_REGEX);
+pub const FINGERPRINT_SHA256_FORMAT: ApiStringFormat =
+ ApiStringFormat::Pattern(&FINGERPRINT_SHA256_REGEX);
pub const PROXMOX_SAFE_ID_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&PROXMOX_SAFE_ID_REGEX);
+pub const BACKUP_ID_FORMAT: ApiStringFormat =
+ ApiStringFormat::Pattern(&BACKUP_ID_REGEX);
+
pub const SINGLE_LINE_COMMENT_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&SINGLE_LINE_COMMENT_REGEX);
pub const CIDR_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&CIDR_REGEX);
+pub const SUBSCRIPTION_KEY_FORMAT: ApiStringFormat =
+ ApiStringFormat::Pattern(&SUBSCRIPTION_KEY_REGEX);
+
pub const BLOCKDEVICE_NAME_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&BLOCKDEVICE_NAME_REGEX);
pub const CERT_FINGERPRINT_SHA256_SCHEMA: Schema = StringSchema::new(
"X509 certificate fingerprint (sha256)."
)
- .format(&CERT_FINGERPRINT_SHA256_FORMAT)
+ .format(&FINGERPRINT_SHA256_FORMAT)
.schema();
-pub const PROXMOX_CONFIG_DIGEST_SCHEMA: Schema = StringSchema::new(r#"\
-Prevent changes if current configuration file has different SHA256 digest.
-This can be used to prevent concurrent modifications.
-"#
+pub const TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA: Schema = StringSchema::new(
+ "Tape encryption key fingerprint (sha256)."
)
- .format(&PVE_CONFIG_DIGEST_FORMAT)
+ .format(&FINGERPRINT_SHA256_FORMAT)
.schema();
+pub const PROXMOX_CONFIG_DIGEST_SCHEMA: Schema = StringSchema::new(
+ "Prevent changes if current configuration file has different \
+ SHA256 digest. This can be used to prevent concurrent \
+ modifications."
+)
+ .format(&PVE_CONFIG_DIGEST_FORMAT) .schema();
+
pub const CHUNK_DIGEST_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&SHA256_HEX_REGEX);
pub const BACKUP_ID_SCHEMA: Schema =
StringSchema::new("Backup ID.")
- .format(&PROXMOX_SAFE_ID_FORMAT)
+ .format(&BACKUP_ID_FORMAT)
.schema();
pub const BACKUP_TIME_SCHEMA: Schema =
.default(true)
.schema();
+pub const IGNORE_VERIFIED_BACKUPS_SCHEMA: Schema = BooleanSchema::new(
+ "Do not verify backups that are already verified if their verification is not outdated.")
+ .default(true)
+ .schema();
+
+pub const VERIFICATION_OUTDATED_AFTER_SCHEMA: Schema = IntegerSchema::new(
+ "Days after that a verification becomes outdated")
+ .minimum(1)
+ .schema();
+
pub const SINGLE_LINE_COMMENT_SCHEMA: Schema = StringSchema::new("Comment (single line).")
.format(&SINGLE_LINE_COMMENT_FORMAT)
.schema();
.format(&DNS_NAME_OR_IP_FORMAT)
.schema();
+pub const SUBSCRIPTION_KEY_SCHEMA: Schema = StringSchema::new("Proxmox Backup Server subscription key.")
+ .format(&SUBSCRIPTION_KEY_FORMAT)
+ .min_length(15)
+ .max_length(16)
+ .schema();
+
pub const BLOCKDEVICE_NAME_SCHEMA: Schema = StringSchema::new("Block device name (/sys/block/<name>).")
.format(&BLOCKDEVICE_NAME_FORMAT)
.min_length(3)
// Complex type definitions
+#[api(
+ properties: {
+ store: {
+ schema: DATASTORE_SCHEMA,
+ },
+ comment: {
+ optional: true,
+ schema: SINGLE_LINE_COMMENT_SCHEMA,
+ },
+ },
+)]
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all="kebab-case")]
+/// Basic information about a datastore.
+pub struct DataStoreListItem {
+ pub store: String,
+ pub comment: Option<String>,
+}
+
#[api(
properties: {
"backup-type": {
},
},
owner: {
- type: Userid,
+ type: Authid,
optional: true,
},
},
pub files: Vec<String>,
/// The owner of group
#[serde(skip_serializing_if="Option::is_none")]
- pub owner: Option<Userid>,
+ pub owner: Option<Authid>,
}
#[api()]
type: SnapshotVerifyState,
optional: true,
},
+ fingerprint: {
+ type: String,
+ optional: true,
+ },
files: {
items: {
schema: BACKUP_ARCHIVE_NAME_SCHEMA
},
},
owner: {
- type: Userid,
+ type: Authid,
optional: true,
},
},
/// The result of the last run verify task
#[serde(skip_serializing_if="Option::is_none")]
pub verification: Option<SnapshotVerifyState>,
+ /// Fingerprint of encryption key
+ #[serde(skip_serializing_if="Option::is_none")]
+ pub fingerprint: Option<Fingerprint>,
/// List of contained archive files.
pub files: Vec<BackupContent>,
/// Overall snapshot size (sum of all archive sizes).
pub size: Option<u64>,
/// The owner of the snapshots group
#[serde(skip_serializing_if="Option::is_none")]
- pub owner: Option<Userid>,
+ pub owner: Option<Authid>,
}
#[api(
pub pending_chunks: usize,
/// Number of chunks marked as .bad by verify that have been removed by GC.
pub removed_bad: usize,
+ /// Number of chunks still marked as .bad after garbage collection.
+ pub still_bad: usize,
}
impl Default for GarbageCollectionStatus {
pending_bytes: 0,
pending_chunks: 0,
removed_bad: 0,
+ still_bad: 0,
}
}
}
pub avail: u64,
}
+#[api()]
+#[derive(Serialize, Deserialize, Default)]
+/// Backup Type group/snapshot counts.
+pub struct TypeCounts {
+ /// The number of groups of the type.
+ pub groups: u64,
+ /// The number of snapshots of the type.
+ pub snapshots: u64,
+}
+
+#[api(
+ properties: {
+ ct: {
+ type: TypeCounts,
+ optional: true,
+ },
+ host: {
+ type: TypeCounts,
+ optional: true,
+ },
+ vm: {
+ type: TypeCounts,
+ optional: true,
+ },
+ other: {
+ type: TypeCounts,
+ optional: true,
+ },
+ },
+)]
+#[derive(Serialize, Deserialize, Default)]
+/// Counts of groups/snapshots per BackupType.
+pub struct Counts {
+ /// The counts for CT backups
+ pub ct: Option<TypeCounts>,
+ /// The counts for Host backups
+ pub host: Option<TypeCounts>,
+ /// The counts for VM backups
+ pub vm: Option<TypeCounts>,
+ /// The counts for other backup types
+ pub other: Option<TypeCounts>,
+}
+
+#[api(
+ properties: {
+ "gc-status": {
+ type: GarbageCollectionStatus,
+ optional: true,
+ },
+ counts: {
+ type: Counts,
+ optional: true,
+ },
+ },
+)]
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all="kebab-case")]
+/// Overall Datastore status and useful information.
+pub struct DataStoreStatus {
+ /// Total space (bytes).
+ pub total: u64,
+ /// Used space (bytes).
+ pub used: u64,
+ /// Available space (bytes).
+ pub avail: u64,
+ /// Status of last GC
+ #[serde(skip_serializing_if="Option::is_none")]
+ pub gc_status: Option<GarbageCollectionStatus>,
+ /// Group/Snapshot counts
+ #[serde(skip_serializing_if="Option::is_none")]
+ pub counts: Option<Counts>,
+}
+
#[api(
properties: {
upid: { schema: UPID_SCHEMA },
- user: { type: Userid },
+ user: { type: Authid },
},
)]
#[derive(Serialize, Deserialize)]
pub worker_type: String,
/// Worker ID (arbitrary ASCII string)
pub worker_id: Option<String>,
- /// The user who started the task
- pub user: Userid,
+ /// The authenticated entity who started the task
+ pub user: Authid,
/// The task end time (Epoch)
#[serde(skip_serializing_if="Option::is_none")]
pub endtime: Option<i64>,
starttime: info.upid.starttime,
worker_type: info.upid.worker_type,
worker_id: info.upid.worker_id,
- user: info.upid.userid,
+ user: info.upid.auth_id,
endtime,
status,
}
];
for fingerprint in invalid_fingerprints.iter() {
- if let Ok(_) = parse_simple_value(fingerprint, &schema) {
+ if parse_simple_value(fingerprint, &schema).is_ok() {
bail!("test fingerprint '{}' failed - got Ok() while exception an error.", fingerprint);
}
}
];
for name in invalid_user_ids.iter() {
- if let Ok(_) = parse_simple_value(name, &Userid::API_SCHEMA) {
+ if parse_simple_value(name, &Userid::API_SCHEMA).is_ok() {
bail!("test userid '{}' failed - got Ok() while exception an error.", name);
}
}
}
#[api()]
-#[derive(Serialize, Deserialize)]
+#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
/// Describes a package for which an update is available.
pub struct APTUpdateInfo {
pub section: String,
/// URL under which the package's changelog can be retrieved
pub change_log_url: String,
+ /// Custom extra field for additional package information
+ #[serde(skip_serializing_if="Option::is_none")]
+ pub extra_info: Option<String>,
+}
+
+#[api()]
+#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)]
+#[serde(rename_all = "lowercase")]
+/// When do we send notifications
+pub enum Notify {
+ /// Never send notification
+ Never,
+ /// Send notifications for failed and sucessful jobs
+ Always,
+ /// Send notifications for failed jobs only
+ Error,
}
+
+#[api(
+ properties: {
+ gc: {
+ type: Notify,
+ optional: true,
+ },
+ verify: {
+ type: Notify,
+ optional: true,
+ },
+ sync: {
+ type: Notify,
+ optional: true,
+ },
+ },
+)]
+#[derive(Debug, Serialize, Deserialize)]
+/// Datastore notify settings
+pub struct DatastoreNotify {
+ /// Garbage collection settings
+ pub gc: Option<Notify>,
+ /// Verify job setting
+ pub verify: Option<Notify>,
+ /// Sync job setting
+ pub sync: Option<Notify>,
+}
+
+pub const DATASTORE_NOTIFY_STRING_SCHEMA: Schema = StringSchema::new(
+ "Datastore notification setting")
+ .format(&ApiStringFormat::PropertyString(&DatastoreNotify::API_SCHEMA))
+ .schema();