1 //! Datastore Management
3 use std
::collections
::HashSet
;
5 use std
::os
::unix
::ffi
::OsStrExt
;
6 use std
::path
::PathBuf
;
8 use anyhow
::{bail, format_err, Error}
;
10 use hyper
::http
::request
::Parts
;
11 use hyper
::{header, Body, Response, StatusCode}
;
12 use serde_json
::{json, Value}
;
13 use tokio_stream
::wrappers
::ReceiverStream
;
15 use proxmox_sys
::sortable
;
16 use proxmox_sys
::fs
::{
17 file_read_firstline
, file_read_optional_string
, replace_file
, CreateOptions
,
20 list_subdirs_api_method
, http_err
, ApiResponseFuture
, ApiHandler
, ApiMethod
, Router
,
21 RpcEnvironment
, RpcEnvironmentType
, SubdirMap
, Permission
,
23 use proxmox_schema
::*;
24 use proxmox_sys
::{task_log, task_warn}
;
25 use proxmox_async
::blocking
::WrappedReaderStream
;
26 use proxmox_async
::{io::AsyncChannelWriter, stream::AsyncReaderStream}
;
28 use pxar
::accessor
::aio
::Accessor
;
31 use pbs_api_types
::{ Authid
, BackupContent
, Counts
, CryptMode
,
32 DataStoreListItem
, GarbageCollectionStatus
, GroupListItem
,
33 SnapshotListItem
, SnapshotVerifyState
, PruneOptions
,
34 DataStoreStatus
, RRDMode
, RRDTimeFrame
,
35 BACKUP_ARCHIVE_NAME_SCHEMA
, BACKUP_ID_SCHEMA
, BACKUP_TIME_SCHEMA
,
36 BACKUP_TYPE_SCHEMA
, DATASTORE_SCHEMA
,
37 IGNORE_VERIFIED_BACKUPS_SCHEMA
, UPID_SCHEMA
,
38 VERIFICATION_OUTDATED_AFTER_SCHEMA
, PRIV_DATASTORE_AUDIT
,
39 PRIV_DATASTORE_MODIFY
, PRIV_DATASTORE_READ
, PRIV_DATASTORE_PRUNE
,
40 PRIV_DATASTORE_BACKUP
, PRIV_DATASTORE_VERIFY
,
43 use pbs_client
::pxar
::create_zip
;
45 check_backup_owner
, DataStore
, BackupDir
, BackupGroup
, StoreProgress
, LocalChunkReader
,
48 use pbs_datastore
::backup_info
::BackupInfo
;
49 use pbs_datastore
::cached_chunk_reader
::CachedChunkReader
;
50 use pbs_datastore
::catalog
::{ArchiveEntry, CatalogReader}
;
51 use pbs_datastore
::data_blob
::DataBlob
;
52 use pbs_datastore
::data_blob_reader
::DataBlobReader
;
53 use pbs_datastore
::dynamic_index
::{BufferedDynamicReader, DynamicIndexReader, LocalDynamicReadAt}
;
54 use pbs_datastore
::fixed_index
::{FixedIndexReader}
;
55 use pbs_datastore
::index
::IndexFile
;
56 use pbs_datastore
::manifest
::{BackupManifest, CLIENT_LOG_BLOB_NAME, MANIFEST_BLOB_NAME}
;
57 use pbs_datastore
::prune
::compute_prune_info
;
58 use pbs_tools
::json
::{required_integer_param, required_string_param}
;
59 use pbs_config
::CachedUserInfo
;
60 use proxmox_rest_server
::{WorkerTask, formatter}
;
62 use crate::api2
::node
::rrd
::create_value_from_rrd
;
64 verify_all_backups
, verify_backup_group
, verify_backup_dir
, verify_filter
,
67 use crate::server
::jobstate
::Job
;
70 const GROUP_NOTES_FILE_NAME
: &str = "notes";
72 fn get_group_note_path(store
: &DataStore
, group
: &BackupGroup
) -> PathBuf
{
73 let mut note_path
= store
.base_path();
74 note_path
.push(group
.group_path());
75 note_path
.push(GROUP_NOTES_FILE_NAME
);
79 fn check_priv_or_backup_owner(
84 ) -> Result
<(), Error
> {
85 let user_info
= CachedUserInfo
::new()?
;
86 let privs
= user_info
.lookup_privs(auth_id
, &["datastore", store
.name()]);
88 if privs
& required_privs
== 0 {
89 let owner
= store
.get_owner(group
)?
;
90 check_backup_owner(&owner
, auth_id
)?
;
97 backup_dir
: &BackupDir
,
98 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
100 let (manifest
, index_size
) = store
.load_manifest(backup_dir
)?
;
102 let mut result
= Vec
::new();
103 for item
in manifest
.files() {
104 result
.push(BackupContent
{
105 filename
: item
.filename
.clone(),
106 crypt_mode
: Some(item
.crypt_mode
),
107 size
: Some(item
.size
),
111 result
.push(BackupContent
{
112 filename
: MANIFEST_BLOB_NAME
.to_string(),
113 crypt_mode
: match manifest
.signature
{
114 Some(_
) => Some(CryptMode
::SignOnly
),
115 None
=> Some(CryptMode
::None
),
117 size
: Some(index_size
),
120 Ok((manifest
, result
))
123 fn get_all_snapshot_files(
126 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
128 let (manifest
, mut files
) = read_backup_index(store
, &info
.backup_dir
)?
;
130 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
131 acc
.insert(item
.filename
.clone());
135 for file
in &info
.files
{
136 if file_set
.contains(file
) { continue; }
137 files
.push(BackupContent
{
138 filename
: file
.to_string(),
144 Ok((manifest
, files
))
151 schema
: DATASTORE_SCHEMA
,
155 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_GROUPS_RETURN_TYPE
,
157 permission
: &Permission
::Privilege(
158 &["datastore", "{store}"],
159 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
163 /// List backup groups.
166 rpcenv
: &mut dyn RpcEnvironment
,
167 ) -> Result
<Vec
<GroupListItem
>, Error
> {
169 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
170 let user_info
= CachedUserInfo
::new()?
;
171 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
173 let datastore
= DataStore
::lookup_datastore(&store
)?
;
174 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
176 let backup_groups
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
178 let group_info
= backup_groups
180 .fold(Vec
::new(), |mut group_info
, group
| {
181 let owner
= match datastore
.get_owner(&group
) {
182 Ok(auth_id
) => auth_id
,
184 eprintln
!("Failed to get owner of group '{}/{}' - {}",
191 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
195 let snapshots
= match group
.list_backups(&datastore
.base_path()) {
196 Ok(snapshots
) => snapshots
,
202 let backup_count
: u64 = snapshots
.len() as u64;
203 if backup_count
== 0 {
207 let last_backup
= snapshots
209 .fold(&snapshots
[0], |last
, curr
| {
210 if curr
.is_finished()
211 && curr
.backup_dir
.backup_time() > last
.backup_dir
.backup_time() {
219 let note_path
= get_group_note_path(&datastore
, &group
);
220 let comment
= file_read_firstline(¬e_path
).ok();
222 group_info
.push(GroupListItem
{
223 backup_type
: group
.backup_type().to_string(),
224 backup_id
: group
.backup_id().to_string(),
225 last_backup
: last_backup
.backup_dir
.backup_time(),
228 files
: last_backup
.files
,
242 schema
: DATASTORE_SCHEMA
,
245 schema
: BACKUP_TYPE_SCHEMA
,
248 schema
: BACKUP_ID_SCHEMA
,
253 permission
: &Permission
::Privilege(
254 &["datastore", "{store}"],
255 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
259 /// Delete backup group including all snapshots.
265 rpcenv
: &mut dyn RpcEnvironment
,
266 ) -> Result
<Value
, Error
> {
268 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
270 let group
= BackupGroup
::new(backup_type
, backup_id
);
271 let datastore
= DataStore
::lookup_datastore(&store
)?
;
273 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
275 if !datastore
.remove_backup_group(&group
)?
{
276 bail
!("did not delete whole group because of protected snapthots");
286 schema
: DATASTORE_SCHEMA
,
289 schema
: BACKUP_TYPE_SCHEMA
,
292 schema
: BACKUP_ID_SCHEMA
,
295 schema
: BACKUP_TIME_SCHEMA
,
299 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_SNAPSHOT_FILES_RETURN_TYPE
,
301 permission
: &Permission
::Privilege(
302 &["datastore", "{store}"],
303 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
307 /// List snapshot files.
308 pub fn list_snapshot_files(
314 rpcenv
: &mut dyn RpcEnvironment
,
315 ) -> Result
<Vec
<BackupContent
>, Error
> {
317 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
318 let datastore
= DataStore
::lookup_datastore(&store
)?
;
320 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
322 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
)?
;
324 let info
= BackupInfo
::new(&datastore
.base_path(), snapshot
)?
;
326 let (_manifest
, files
) = get_all_snapshot_files(&datastore
, &info
)?
;
335 schema
: DATASTORE_SCHEMA
,
338 schema
: BACKUP_TYPE_SCHEMA
,
341 schema
: BACKUP_ID_SCHEMA
,
344 schema
: BACKUP_TIME_SCHEMA
,
349 permission
: &Permission
::Privilege(
350 &["datastore", "{store}"],
351 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
355 /// Delete backup snapshot.
356 pub fn delete_snapshot(
362 rpcenv
: &mut dyn RpcEnvironment
,
363 ) -> Result
<Value
, Error
> {
365 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
367 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
368 let datastore
= DataStore
::lookup_datastore(&store
)?
;
370 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
372 datastore
.remove_backup_dir(&snapshot
, false)?
;
381 schema
: DATASTORE_SCHEMA
,
385 schema
: BACKUP_TYPE_SCHEMA
,
389 schema
: BACKUP_ID_SCHEMA
,
393 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_SNAPSHOTS_RETURN_TYPE
,
395 permission
: &Permission
::Privilege(
396 &["datastore", "{store}"],
397 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
401 /// List backup snapshots.
402 pub fn list_snapshots (
404 backup_type
: Option
<String
>,
405 backup_id
: Option
<String
>,
408 rpcenv
: &mut dyn RpcEnvironment
,
409 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
411 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
412 let user_info
= CachedUserInfo
::new()?
;
413 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
415 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
417 let datastore
= DataStore
::lookup_datastore(&store
)?
;
419 let base_path
= datastore
.base_path();
421 let groups
= match (backup_type
, backup_id
) {
422 (Some(backup_type
), Some(backup_id
)) => {
423 let mut groups
= Vec
::with_capacity(1);
424 groups
.push(BackupGroup
::new(backup_type
, backup_id
));
427 (Some(backup_type
), None
) => {
428 BackupInfo
::list_backup_groups(&base_path
)?
430 .filter(|group
| group
.backup_type() == backup_type
)
433 (None
, Some(backup_id
)) => {
434 BackupInfo
::list_backup_groups(&base_path
)?
436 .filter(|group
| group
.backup_id() == backup_id
)
439 _
=> BackupInfo
::list_backup_groups(&base_path
)?
,
442 let info_to_snapshot_list_item
= |group
: &BackupGroup
, owner
, info
: BackupInfo
| {
443 let backup_type
= group
.backup_type().to_string();
444 let backup_id
= group
.backup_id().to_string();
445 let backup_time
= info
.backup_dir
.backup_time();
446 let protected
= info
.backup_dir
.is_protected(base_path
.clone());
448 match get_all_snapshot_files(&datastore
, &info
) {
449 Ok((manifest
, files
)) => {
450 // extract the first line from notes
451 let comment
: Option
<String
> = manifest
.unprotected
["notes"]
453 .and_then(|notes
| notes
.lines().next())
456 let fingerprint
= match manifest
.fingerprint() {
459 eprintln
!("error parsing fingerprint: '{}'", err
);
464 let verification
= manifest
.unprotected
["verify_state"].clone();
465 let verification
: Option
<SnapshotVerifyState
> = match serde_json
::from_value(verification
) {
466 Ok(verify
) => verify
,
468 eprintln
!("error parsing verification state : '{}'", err
);
473 let size
= Some(files
.iter().map(|x
| x
.size
.unwrap_or(0)).sum());
489 eprintln
!("error during snapshot file listing: '{}'", err
);
493 .map(|filename
| BackupContent
{
518 .try_fold(Vec
::new(), |mut snapshots
, group
| {
519 let owner
= match datastore
.get_owner(group
) {
520 Ok(auth_id
) => auth_id
,
522 eprintln
!("Failed to get owner of group '{}/{}' - {}",
526 return Ok(snapshots
);
530 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
531 return Ok(snapshots
);
534 let group_backups
= group
.list_backups(&datastore
.base_path())?
;
539 .map(|info
| info_to_snapshot_list_item(group
, Some(owner
.clone()), info
))
546 fn get_snapshots_count(store
: &DataStore
, filter_owner
: Option
<&Authid
>) -> Result
<Counts
, Error
> {
547 let base_path
= store
.base_path();
548 let groups
= BackupInfo
::list_backup_groups(&base_path
)?
;
552 let owner
= match store
.get_owner(group
) {
555 eprintln
!("Failed to get owner of group '{}/{}' - {}",
564 Some(filter
) => check_backup_owner(&owner
, filter
).is_ok(),
568 .try_fold(Counts
::default(), |mut counts
, group
| {
569 let snapshot_count
= group
.list_backups(&base_path
)?
.len() as u64;
571 // only include groups with snapshots (avoid confusing users
572 // by counting/displaying emtpy groups)
573 if snapshot_count
> 0 {
574 let type_count
= match group
.backup_type() {
575 "ct" => counts
.ct
.get_or_insert(Default
::default()),
576 "vm" => counts
.vm
.get_or_insert(Default
::default()),
577 "host" => counts
.host
.get_or_insert(Default
::default()),
578 _
=> counts
.other
.get_or_insert(Default
::default()),
581 type_count
.groups
+= 1;
582 type_count
.snapshots
+= snapshot_count
;
593 schema
: DATASTORE_SCHEMA
,
599 description
: "Include additional information like snapshot counts and GC status.",
605 type: DataStoreStatus
,
608 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
611 /// Get datastore status.
616 rpcenv
: &mut dyn RpcEnvironment
,
617 ) -> Result
<DataStoreStatus
, Error
> {
618 let datastore
= DataStore
::lookup_datastore(&store
)?
;
619 let storage
= crate::tools
::disks
::disk_usage(&datastore
.base_path())?
;
620 let (counts
, gc_status
) = if verbose
{
621 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
622 let user_info
= CachedUserInfo
::new()?
;
624 let store_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
625 let filter_owner
= if store_privs
& PRIV_DATASTORE_AUDIT
!= 0 {
631 let counts
= Some(get_snapshots_count(&datastore
, filter_owner
)?
);
632 let gc_status
= Some(datastore
.last_gc_status());
640 total
: storage
.total
,
642 avail
: storage
.avail
,
652 schema
: DATASTORE_SCHEMA
,
655 schema
: BACKUP_TYPE_SCHEMA
,
659 schema
: BACKUP_ID_SCHEMA
,
663 schema
: IGNORE_VERIFIED_BACKUPS_SCHEMA
,
667 schema
: VERIFICATION_OUTDATED_AFTER_SCHEMA
,
671 schema
: BACKUP_TIME_SCHEMA
,
680 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_VERIFY
| PRIV_DATASTORE_BACKUP
, true),
685 /// This function can verify a single backup snapshot, all backup from a backup group,
686 /// or all backups in the datastore.
689 backup_type
: Option
<String
>,
690 backup_id
: Option
<String
>,
691 backup_time
: Option
<i64>,
692 ignore_verified
: Option
<bool
>,
693 outdated_after
: Option
<i64>,
694 rpcenv
: &mut dyn RpcEnvironment
,
695 ) -> Result
<Value
, Error
> {
696 let datastore
= DataStore
::lookup_datastore(&store
)?
;
697 let ignore_verified
= ignore_verified
.unwrap_or(true);
699 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
702 let mut backup_dir
= None
;
703 let mut backup_group
= None
;
704 let mut worker_type
= "verify";
706 match (backup_type
, backup_id
, backup_time
) {
707 (Some(backup_type
), Some(backup_id
), Some(backup_time
)) => {
708 worker_id
= format
!("{}:{}/{}/{:08X}", store
, backup_type
, backup_id
, backup_time
);
709 let dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
711 check_priv_or_backup_owner(&datastore
, dir
.group(), &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
713 backup_dir
= Some(dir
);
714 worker_type
= "verify_snapshot";
716 (Some(backup_type
), Some(backup_id
), None
) => {
717 worker_id
= format
!("{}:{}/{}", store
, backup_type
, backup_id
);
718 let group
= BackupGroup
::new(backup_type
, backup_id
);
720 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
722 backup_group
= Some(group
);
723 worker_type
= "verify_group";
725 (None
, None
, None
) => {
726 worker_id
= store
.clone();
728 _
=> bail
!("parameters do not specify a backup group or snapshot"),
731 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
733 let upid_str
= WorkerTask
::new_thread(
739 let verify_worker
= crate::backup
::VerifyWorker
::new(worker
.clone(), datastore
);
740 let failed_dirs
= if let Some(backup_dir
) = backup_dir
{
741 let mut res
= Vec
::new();
742 if !verify_backup_dir(
745 worker
.upid().clone(),
746 Some(&move |manifest
| {
747 verify_filter(ignore_verified
, outdated_after
, manifest
)
750 res
.push(backup_dir
.to_string());
753 } else if let Some(backup_group
) = backup_group
{
754 let failed_dirs
= verify_backup_group(
757 &mut StoreProgress
::new(1),
759 Some(&move |manifest
| {
760 verify_filter(ignore_verified
, outdated_after
, manifest
)
765 let privs
= CachedUserInfo
::new()?
766 .lookup_privs(&auth_id
, &["datastore", &store
]);
768 let owner
= if privs
& PRIV_DATASTORE_VERIFY
== 0 {
778 Some(&move |manifest
| {
779 verify_filter(ignore_verified
, outdated_after
, manifest
)
783 if !failed_dirs
.is_empty() {
784 task_log
!(worker
, "Failed to verify the following snapshots/groups:");
785 for dir
in failed_dirs
{
786 task_log
!(worker
, "\t{}", dir
);
788 bail
!("verification failed - please check the log for details");
801 schema
: BACKUP_ID_SCHEMA
,
804 schema
: BACKUP_TYPE_SCHEMA
,
810 description
: "Just show what prune would do, but do not delete anything.",
817 schema
: DATASTORE_SCHEMA
,
821 returns
: pbs_api_types
::ADMIN_DATASTORE_PRUNE_RETURN_TYPE
,
823 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
, true),
826 /// Prune a group on the datastore
831 prune_options
: PruneOptions
,
834 rpcenv
: &mut dyn RpcEnvironment
,
835 ) -> Result
<Value
, Error
> {
837 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
839 let group
= BackupGroup
::new(&backup_type
, &backup_id
);
841 let datastore
= DataStore
::lookup_datastore(&store
)?
;
843 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
845 let worker_id
= format
!("{}:{}/{}", store
, &backup_type
, &backup_id
);
847 let mut prune_result
= Vec
::new();
849 let list
= group
.list_backups(&datastore
.base_path())?
;
851 let mut prune_info
= compute_prune_info(list
, &prune_options
)?
;
853 prune_info
.reverse(); // delete older snapshots first
855 let keep_all
= !pbs_datastore
::prune
::keeps_something(&prune_options
);
858 for (info
, mark
) in prune_info
{
859 let keep
= keep_all
|| mark
.keep();
861 let backup_time
= info
.backup_dir
.backup_time();
862 let group
= info
.backup_dir
.group();
864 prune_result
.push(json
!({
865 "backup-type": group
.backup_type(),
866 "backup-id": group
.backup_id(),
867 "backup-time": backup_time
,
869 "protected": mark
.protected(),
872 return Ok(json
!(prune_result
));
876 // We use a WorkerTask just to have a task log, but run synchrounously
877 let worker
= WorkerTask
::new("prune", Some(worker_id
), auth_id
.to_string(), true)?
;
880 task_log
!(worker
, "No prune selection - keeping all files.");
882 task_log
!(worker
, "retention options: {}", pbs_datastore
::prune
::cli_options_string(&prune_options
));
883 task_log
!(worker
, "Starting prune on store \"{}\" group \"{}/{}\"",
884 store
, backup_type
, backup_id
);
887 for (info
, mark
) in prune_info
{
888 let keep
= keep_all
|| mark
.keep();
890 let backup_time
= info
.backup_dir
.backup_time();
891 let timestamp
= info
.backup_dir
.backup_time_string();
892 let group
= info
.backup_dir
.group();
903 task_log
!(worker
, "{}", msg
);
905 prune_result
.push(json
!({
906 "backup-type": group
.backup_type(),
907 "backup-id": group
.backup_id(),
908 "backup-time": backup_time
,
910 "protected": mark
.protected(),
913 if !(dry_run
|| keep
) {
914 if let Err(err
) = datastore
.remove_backup_dir(&info
.backup_dir
, false) {
917 "failed to remove dir {:?}: {}",
918 info
.backup_dir
.relative_path(),
925 worker
.log_result(&Ok(()));
927 Ok(json
!(prune_result
))
937 description
: "Just show what prune would do, but do not delete anything.",
944 schema
: DATASTORE_SCHEMA
,
952 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
, true),
955 /// Prune the datastore
956 pub fn prune_datastore(
958 prune_options
: PruneOptions
,
961 rpcenv
: &mut dyn RpcEnvironment
,
962 ) -> Result
<String
, Error
> {
964 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
966 let datastore
= DataStore
::lookup_datastore(&store
)?
;
968 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
970 let upid_str
= WorkerTask
::new_thread(
975 move |worker
| crate::server
::prune_datastore(
992 schema
: DATASTORE_SCHEMA
,
1000 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
1003 /// Start garbage collection.
1004 pub fn start_garbage_collection(
1007 rpcenv
: &mut dyn RpcEnvironment
,
1008 ) -> Result
<Value
, Error
> {
1010 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1011 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1013 let job
= Job
::new("garbage_collection", &store
)
1014 .map_err(|_
| format_err
!("garbage collection already running"))?
;
1016 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
1018 let upid_str
= crate::server
::do_garbage_collection_job(job
, datastore
, &auth_id
, None
, to_stdout
)
1019 .map_err(|err
| format_err
!("unable to start garbage collection job on datastore {} - {}", store
, err
))?
;
1028 schema
: DATASTORE_SCHEMA
,
1033 type: GarbageCollectionStatus
,
1036 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
1039 /// Garbage collection status.
1040 pub fn garbage_collection_status(
1043 _rpcenv
: &mut dyn RpcEnvironment
,
1044 ) -> Result
<GarbageCollectionStatus
, Error
> {
1046 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1048 let status
= datastore
.last_gc_status();
1055 description
: "List the accessible datastores.",
1057 items
: { type: DataStoreListItem }
,
1060 permission
: &Permission
::Anybody
,
1064 pub fn get_datastore_list(
1067 rpcenv
: &mut dyn RpcEnvironment
,
1068 ) -> Result
<Vec
<DataStoreListItem
>, Error
> {
1070 let (config
, _digest
) = pbs_config
::datastore
::config()?
;
1072 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1073 let user_info
= CachedUserInfo
::new()?
;
1075 let mut list
= Vec
::new();
1077 for (store
, (_
, data
)) in &config
.sections
{
1078 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", store
]);
1079 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
1083 store
: store
.clone(),
1084 comment
: data
["comment"].as_str().map(String
::from
),
1094 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
1095 &ApiHandler
::AsyncHttp(&download_file
),
1097 "Download single raw file from backup snapshot.",
1099 ("store", false, &DATASTORE_SCHEMA
),
1100 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1101 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1102 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1103 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1106 ).access(None
, &Permission
::Privilege(
1107 &["datastore", "{store}"],
1108 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1112 pub fn download_file(
1117 rpcenv
: Box
<dyn RpcEnvironment
>,
1118 ) -> ApiResponseFuture
{
1121 let store
= required_string_param(¶m
, "store")?
;
1122 let datastore
= DataStore
::lookup_datastore(store
)?
;
1124 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1126 let file_name
= required_string_param(¶m
, "file-name")?
.to_owned();
1128 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1129 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1130 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1132 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1134 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1136 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1138 let mut path
= datastore
.base_path();
1139 path
.push(backup_dir
.relative_path());
1140 path
.push(&file_name
);
1142 let file
= tokio
::fs
::File
::open(&path
)
1144 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1146 let payload
= tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
1147 .map_ok(|bytes
| bytes
.freeze())
1148 .map_err(move |err
| {
1149 eprintln
!("error during streaming of '{:?}' - {}", &path
, err
);
1152 let body
= Body
::wrap_stream(payload
);
1154 // fixme: set other headers ?
1155 Ok(Response
::builder()
1156 .status(StatusCode
::OK
)
1157 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1164 pub const API_METHOD_DOWNLOAD_FILE_DECODED
: ApiMethod
= ApiMethod
::new(
1165 &ApiHandler
::AsyncHttp(&download_file_decoded
),
1167 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
1169 ("store", false, &DATASTORE_SCHEMA
),
1170 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1171 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1172 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1173 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1176 ).access(None
, &Permission
::Privilege(
1177 &["datastore", "{store}"],
1178 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1182 pub fn download_file_decoded(
1187 rpcenv
: Box
<dyn RpcEnvironment
>,
1188 ) -> ApiResponseFuture
{
1191 let store
= required_string_param(¶m
, "store")?
;
1192 let datastore
= DataStore
::lookup_datastore(store
)?
;
1194 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1196 let file_name
= required_string_param(¶m
, "file-name")?
.to_owned();
1198 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1199 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1200 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1202 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1204 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1206 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1208 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1209 bail
!("cannot decode '{}' - is encrypted", file_name
);
1213 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1215 let mut path
= datastore
.base_path();
1216 path
.push(backup_dir
.relative_path());
1217 path
.push(&file_name
);
1219 let extension
= file_name
.rsplitn(2, '
.'
).next().unwrap();
1221 let body
= match extension
{
1223 let index
= DynamicIndexReader
::open(&path
)
1224 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1225 let (csum
, size
) = index
.compute_csum();
1226 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1228 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1229 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1230 Body
::wrap_stream(AsyncReaderStream
::new(reader
)
1231 .map_err(move |err
| {
1232 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1237 let index
= FixedIndexReader
::open(&path
)
1238 .map_err(|err
| format_err
!("unable to read fixed index '{:?}' - {}", &path
, err
))?
;
1240 let (csum
, size
) = index
.compute_csum();
1241 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1243 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1244 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1245 Body
::wrap_stream(AsyncReaderStream
::with_buffer_size(reader
, 4*1024*1024)
1246 .map_err(move |err
| {
1247 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1252 let file
= std
::fs
::File
::open(&path
)
1253 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1255 // FIXME: load full blob to verify index checksum?
1258 WrappedReaderStream
::new(DataBlobReader
::new(file
, None
)?
)
1259 .map_err(move |err
| {
1260 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1266 bail
!("cannot download '{}' files", extension
);
1270 // fixme: set other headers ?
1271 Ok(Response
::builder()
1272 .status(StatusCode
::OK
)
1273 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1280 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
1281 &ApiHandler
::AsyncHttp(&upload_backup_log
),
1283 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
1285 ("store", false, &DATASTORE_SCHEMA
),
1286 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1287 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1288 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1292 Some("Only the backup creator/owner is allowed to do this."),
1293 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP
, false)
1296 pub fn upload_backup_log(
1301 rpcenv
: Box
<dyn RpcEnvironment
>,
1302 ) -> ApiResponseFuture
{
1305 let store
= required_string_param(¶m
, "store")?
;
1306 let datastore
= DataStore
::lookup_datastore(store
)?
;
1308 let file_name
= CLIENT_LOG_BLOB_NAME
;
1310 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1311 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1312 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1314 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1316 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1317 let owner
= datastore
.get_owner(backup_dir
.group())?
;
1318 check_backup_owner(&owner
, &auth_id
)?
;
1320 let mut path
= datastore
.base_path();
1321 path
.push(backup_dir
.relative_path());
1322 path
.push(&file_name
);
1325 bail
!("backup already contains a log.");
1328 println
!("Upload backup log to {}/{}/{}/{}/{}", store
,
1329 backup_type
, backup_id
, backup_dir
.backup_time_string(), file_name
);
1332 .map_err(Error
::from
)
1333 .try_fold(Vec
::new(), |mut acc
, chunk
| {
1334 acc
.extend_from_slice(&*chunk
);
1335 future
::ok
::<_
, Error
>(acc
)
1339 // always verify blob/CRC at server side
1340 let blob
= DataBlob
::load_from_reader(&mut &data
[..])?
;
1342 replace_file(&path
, blob
.raw_data(), CreateOptions
::new(), false)?
;
1344 // fixme: use correct formatter
1345 Ok(formatter
::JSON_FORMATTER
.format_data(Value
::Null
, &*rpcenv
))
1353 schema
: DATASTORE_SCHEMA
,
1356 schema
: BACKUP_TYPE_SCHEMA
,
1359 schema
: BACKUP_ID_SCHEMA
,
1362 schema
: BACKUP_TIME_SCHEMA
,
1365 description
: "Base64 encoded path.",
1371 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1374 /// Get the entries of the given path of the catalog
1377 backup_type
: String
,
1381 rpcenv
: &mut dyn RpcEnvironment
,
1382 ) -> Result
<Vec
<ArchiveEntry
>, Error
> {
1383 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1385 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1387 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1389 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1391 let file_name
= CATALOG_NAME
;
1393 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1395 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1396 bail
!("cannot decode '{}' - is encrypted", file_name
);
1400 let mut path
= datastore
.base_path();
1401 path
.push(backup_dir
.relative_path());
1402 path
.push(file_name
);
1404 let index
= DynamicIndexReader
::open(&path
)
1405 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1407 let (csum
, size
) = index
.compute_csum();
1408 manifest
.verify_file(file_name
, &csum
, size
)?
;
1410 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1411 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1413 let mut catalog_reader
= CatalogReader
::new(reader
);
1415 let path
= if filepath
!= "root" && filepath
!= "/" {
1416 base64
::decode(filepath
)?
1421 catalog_reader
.list_dir_contents(&path
)
1425 pub const API_METHOD_PXAR_FILE_DOWNLOAD
: ApiMethod
= ApiMethod
::new(
1426 &ApiHandler
::AsyncHttp(&pxar_file_download
),
1428 "Download single file from pxar file of a backup snapshot. Only works if it's not encrypted.",
1430 ("store", false, &DATASTORE_SCHEMA
),
1431 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1432 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1433 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1434 ("filepath", false, &StringSchema
::new("Base64 encoded path").schema()),
1437 ).access(None
, &Permission
::Privilege(
1438 &["datastore", "{store}"],
1439 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1443 pub fn pxar_file_download(
1448 rpcenv
: Box
<dyn RpcEnvironment
>,
1449 ) -> ApiResponseFuture
{
1452 let store
= required_string_param(¶m
, "store")?
;
1453 let datastore
= DataStore
::lookup_datastore(store
)?
;
1455 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1457 let filepath
= required_string_param(¶m
, "filepath")?
.to_owned();
1459 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1460 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1461 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1463 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1465 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1467 let mut components
= base64
::decode(&filepath
)?
;
1468 if !components
.is_empty() && components
[0] == b'
/'
{
1469 components
.remove(0);
1472 let mut split
= components
.splitn(2, |c
| *c
== b'
/'
);
1473 let pxar_name
= std
::str::from_utf8(split
.next().unwrap())?
;
1474 let file_path
= split
.next().unwrap_or(b
"/");
1475 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1477 if file
.filename
== pxar_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1478 bail
!("cannot decode '{}' - is encrypted", pxar_name
);
1482 let mut path
= datastore
.base_path();
1483 path
.push(backup_dir
.relative_path());
1484 path
.push(pxar_name
);
1486 let index
= DynamicIndexReader
::open(&path
)
1487 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1489 let (csum
, size
) = index
.compute_csum();
1490 manifest
.verify_file(pxar_name
, &csum
, size
)?
;
1492 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1493 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1494 let archive_size
= reader
.archive_size();
1495 let reader
= LocalDynamicReadAt
::new(reader
);
1497 let decoder
= Accessor
::new(reader
, archive_size
).await?
;
1498 let root
= decoder
.open_root().await?
;
1499 let path
= OsStr
::from_bytes(file_path
).to_os_string();
1501 .lookup(&path
).await?
1502 .ok_or_else(|| format_err
!("error opening '{:?}'", path
))?
;
1504 let body
= match file
.kind() {
1505 EntryKind
::File { .. }
=> Body
::wrap_stream(
1506 AsyncReaderStream
::new(file
.contents().await?
).map_err(move |err
| {
1507 eprintln
!("error during streaming of file '{:?}' - {}", filepath
, err
);
1511 EntryKind
::Hardlink(_
) => Body
::wrap_stream(
1512 AsyncReaderStream
::new(decoder
.follow_hardlink(&file
).await?
.contents().await?
)
1513 .map_err(move |err
| {
1515 "error during streaming of hardlink '{:?}' - {}",
1521 EntryKind
::Directory
=> {
1522 let (sender
, receiver
) = tokio
::sync
::mpsc
::channel(100);
1523 let channelwriter
= AsyncChannelWriter
::new(sender
, 1024 * 1024);
1524 proxmox_rest_server
::spawn_internal_task(
1525 create_zip(channelwriter
, decoder
, path
.clone(), false)
1527 Body
::wrap_stream(ReceiverStream
::new(receiver
).map_err(move |err
| {
1528 eprintln
!("error during streaming of zip '{:?}' - {}", path
, err
);
1532 other
=> bail
!("cannot download file of type {:?}", other
),
1535 // fixme: set other headers ?
1536 Ok(Response
::builder()
1537 .status(StatusCode
::OK
)
1538 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1548 schema
: DATASTORE_SCHEMA
,
1559 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1562 /// Read datastore stats
1563 pub fn get_rrd_stats(
1565 timeframe
: RRDTimeFrame
,
1568 ) -> Result
<Value
, Error
> {
1570 create_value_from_rrd(
1571 &format
!("datastore/{}", store
),
1574 "read_ios", "read_bytes",
1575 "write_ios", "write_bytes",
1587 schema
: DATASTORE_SCHEMA
,
1590 schema
: BACKUP_TYPE_SCHEMA
,
1593 schema
: BACKUP_ID_SCHEMA
,
1598 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1601 /// Get "notes" for a backup group
1602 pub fn get_group_notes(
1604 backup_type
: String
,
1606 rpcenv
: &mut dyn RpcEnvironment
,
1607 ) -> Result
<String
, Error
> {
1608 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1610 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1611 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1613 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1615 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1616 Ok(file_read_optional_string(note_path
)?
.unwrap_or_else(|| "".to_owned()))
1623 schema
: DATASTORE_SCHEMA
,
1626 schema
: BACKUP_TYPE_SCHEMA
,
1629 schema
: BACKUP_ID_SCHEMA
,
1632 description
: "A multiline text.",
1637 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1638 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1642 /// Set "notes" for a backup group
1643 pub fn set_group_notes(
1645 backup_type
: String
,
1648 rpcenv
: &mut dyn RpcEnvironment
,
1649 ) -> Result
<(), Error
> {
1650 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1652 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1653 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1655 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1657 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1658 replace_file(note_path
, notes
.as_bytes(), CreateOptions
::new(), false)?
;
1667 schema
: DATASTORE_SCHEMA
,
1670 schema
: BACKUP_TYPE_SCHEMA
,
1673 schema
: BACKUP_ID_SCHEMA
,
1676 schema
: BACKUP_TIME_SCHEMA
,
1681 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1684 /// Get "notes" for a specific backup
1687 backup_type
: String
,
1690 rpcenv
: &mut dyn RpcEnvironment
,
1691 ) -> Result
<String
, Error
> {
1692 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1694 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1695 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1697 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1699 let (manifest
, _
) = datastore
.load_manifest(&backup_dir
)?
;
1701 let notes
= manifest
.unprotected
["notes"]
1705 Ok(String
::from(notes
))
1712 schema
: DATASTORE_SCHEMA
,
1715 schema
: BACKUP_TYPE_SCHEMA
,
1718 schema
: BACKUP_ID_SCHEMA
,
1721 schema
: BACKUP_TIME_SCHEMA
,
1724 description
: "A multiline text.",
1729 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1730 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1734 /// Set "notes" for a specific backup
1737 backup_type
: String
,
1741 rpcenv
: &mut dyn RpcEnvironment
,
1742 ) -> Result
<(), Error
> {
1743 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1745 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1746 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1748 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1750 datastore
.update_manifest(&backup_dir
,|manifest
| {
1751 manifest
.unprotected
["notes"] = notes
.into();
1752 }).map_err(|err
| format_err
!("unable to update manifest blob - {}", err
))?
;
1761 schema
: DATASTORE_SCHEMA
,
1764 schema
: BACKUP_TYPE_SCHEMA
,
1767 schema
: BACKUP_ID_SCHEMA
,
1770 schema
: BACKUP_TIME_SCHEMA
,
1775 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1778 /// Query protection for a specific backup
1779 pub fn get_protection(
1781 backup_type
: String
,
1784 rpcenv
: &mut dyn RpcEnvironment
,
1785 ) -> Result
<bool
, Error
> {
1786 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1788 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1789 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1791 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1793 Ok(backup_dir
.is_protected(datastore
.base_path()))
1800 schema
: DATASTORE_SCHEMA
,
1803 schema
: BACKUP_TYPE_SCHEMA
,
1806 schema
: BACKUP_ID_SCHEMA
,
1809 schema
: BACKUP_TIME_SCHEMA
,
1812 description
: "Enable/disable protection.",
1817 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1818 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1822 /// En- or disable protection for a specific backup
1823 pub fn set_protection(
1825 backup_type
: String
,
1829 rpcenv
: &mut dyn RpcEnvironment
,
1830 ) -> Result
<(), Error
> {
1831 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1833 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1834 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1836 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1838 datastore
.update_protection(&backup_dir
, protected
)
1845 schema
: DATASTORE_SCHEMA
,
1848 schema
: BACKUP_TYPE_SCHEMA
,
1851 schema
: BACKUP_ID_SCHEMA
,
1859 permission
: &Permission
::Anybody
,
1860 description
: "Datastore.Modify on whole datastore, or changing ownership between user and a user's token for owned backups with Datastore.Backup"
1863 /// Change owner of a backup group
1864 pub fn set_backup_owner(
1866 backup_type
: String
,
1869 rpcenv
: &mut dyn RpcEnvironment
,
1870 ) -> Result
<(), Error
> {
1872 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1874 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1876 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1878 let user_info
= CachedUserInfo
::new()?
;
1880 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1882 let allowed
= if (privs
& PRIV_DATASTORE_MODIFY
) != 0 {
1883 // High-privilege user/token
1885 } else if (privs
& PRIV_DATASTORE_BACKUP
) != 0 {
1886 let owner
= datastore
.get_owner(&backup_group
)?
;
1888 match (owner
.is_token(), new_owner
.is_token()) {
1890 // API token to API token, owned by same user
1891 let owner
= owner
.user();
1892 let new_owner
= new_owner
.user();
1893 owner
== new_owner
&& Authid
::from(owner
.clone()) == auth_id
1896 // API token to API token owner
1897 Authid
::from(owner
.user().clone()) == auth_id
1898 && new_owner
== auth_id
1901 // API token owner to API token
1903 && Authid
::from(new_owner
.user().clone()) == auth_id
1906 // User to User, not allowed for unprivileged users
1915 return Err(http_err
!(UNAUTHORIZED
,
1916 "{} does not have permission to change owner of backup group '{}' to {}",
1923 if !user_info
.is_active_auth_id(&new_owner
) {
1924 bail
!("{} '{}' is inactive or non-existent",
1925 if new_owner
.is_token() {
1926 "API token".to_string()
1933 datastore
.set_owner(&backup_group
, &new_owner
, true)?
;
1939 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
1943 .get(&API_METHOD_CATALOG
)
1948 .post(&API_METHOD_SET_BACKUP_OWNER
)
1953 .download(&API_METHOD_DOWNLOAD_FILE
)
1958 .download(&API_METHOD_DOWNLOAD_FILE_DECODED
)
1963 .get(&API_METHOD_LIST_SNAPSHOT_FILES
)
1968 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
1969 .post(&API_METHOD_START_GARBAGE_COLLECTION
)
1974 .get(&API_METHOD_GET_GROUP_NOTES
)
1975 .put(&API_METHOD_SET_GROUP_NOTES
)
1980 .get(&API_METHOD_LIST_GROUPS
)
1981 .delete(&API_METHOD_DELETE_GROUP
)
1986 .get(&API_METHOD_GET_NOTES
)
1987 .put(&API_METHOD_SET_NOTES
)
1992 .get(&API_METHOD_GET_PROTECTION
)
1993 .put(&API_METHOD_SET_PROTECTION
)
1998 .post(&API_METHOD_PRUNE
)
2003 .post(&API_METHOD_PRUNE_DATASTORE
)
2006 "pxar-file-download",
2008 .download(&API_METHOD_PXAR_FILE_DOWNLOAD
)
2013 .get(&API_METHOD_GET_RRD_STATS
)
2018 .get(&API_METHOD_LIST_SNAPSHOTS
)
2019 .delete(&API_METHOD_DELETE_SNAPSHOT
)
2024 .get(&API_METHOD_STATUS
)
2027 "upload-backup-log",
2029 .upload(&API_METHOD_UPLOAD_BACKUP_LOG
)
2034 .post(&API_METHOD_VERIFY
)
2038 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
2039 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
2040 .subdirs(DATASTORE_INFO_SUBDIRS
);
2043 pub const ROUTER
: Router
= Router
::new()
2044 .get(&API_METHOD_GET_DATASTORE_LIST
)
2045 .match_all("store", &DATASTORE_INFO_ROUTER
);