1 //! Datastore Management
3 use std
::collections
::HashSet
;
5 use std
::os
::unix
::ffi
::OsStrExt
;
6 use std
::path
::PathBuf
;
8 use anyhow
::{bail, format_err, Error}
;
10 use hyper
::http
::request
::Parts
;
11 use hyper
::{header, Body, Response, StatusCode}
;
12 use serde_json
::{json, Value}
;
13 use tokio_stream
::wrappers
::ReceiverStream
;
16 api
, ApiResponseFuture
, ApiHandler
, ApiMethod
, Router
,
17 RpcEnvironment
, RpcEnvironmentType
, Permission
19 use proxmox
::api
::router
::SubdirMap
;
20 use proxmox
::api
::schema
::*;
21 use proxmox
::tools
::fs
::{
22 file_read_firstline
, file_read_optional_string
, replace_file
, CreateOptions
,
24 use proxmox
::{http_err, identity, list_subdirs_api_method, sortable}
;
26 use pxar
::accessor
::aio
::Accessor
;
29 use pbs_client
::pxar
::create_zip
;
30 use pbs_tools
::json
::{required_integer_param, required_string_param}
;
32 use crate::api2
::types
::*;
33 use crate::api2
::node
::rrd
::create_value_from_rrd
;
34 use crate::api2
::helpers
;
36 use crate::config
::datastore
;
37 use crate::config
::cached_user_info
::CachedUserInfo
;
39 use crate::server
::{jobstate::Job, WorkerTask}
;
40 use crate::tools
::{AsyncChannelWriter, AsyncReaderStream, WrappedReaderStream}
;
42 use crate::config
::acl
::{
44 PRIV_DATASTORE_MODIFY
,
47 PRIV_DATASTORE_BACKUP
,
48 PRIV_DATASTORE_VERIFY
,
51 const GROUP_NOTES_FILE_NAME
: &str = "notes";
53 fn get_group_note_path(store
: &DataStore
, group
: &BackupGroup
) -> PathBuf
{
54 let mut note_path
= store
.base_path();
55 note_path
.push(group
.group_path());
56 note_path
.push(GROUP_NOTES_FILE_NAME
);
60 fn check_priv_or_backup_owner(
65 ) -> Result
<(), Error
> {
66 let user_info
= CachedUserInfo
::new()?
;
67 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", store
.name()]);
69 if privs
& required_privs
== 0 {
70 let owner
= store
.get_owner(group
)?
;
71 check_backup_owner(&owner
, auth_id
)?
;
78 backup_dir
: &BackupDir
,
79 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
81 let (manifest
, index_size
) = store
.load_manifest(backup_dir
)?
;
83 let mut result
= Vec
::new();
84 for item
in manifest
.files() {
85 result
.push(BackupContent
{
86 filename
: item
.filename
.clone(),
87 crypt_mode
: Some(item
.crypt_mode
),
88 size
: Some(item
.size
),
92 result
.push(BackupContent
{
93 filename
: MANIFEST_BLOB_NAME
.to_string(),
94 crypt_mode
: match manifest
.signature
{
95 Some(_
) => Some(CryptMode
::SignOnly
),
96 None
=> Some(CryptMode
::None
),
98 size
: Some(index_size
),
101 Ok((manifest
, result
))
104 fn get_all_snapshot_files(
107 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
109 let (manifest
, mut files
) = read_backup_index(&store
, &info
.backup_dir
)?
;
111 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
112 acc
.insert(item
.filename
.clone());
116 for file
in &info
.files
{
117 if file_set
.contains(file
) { continue; }
118 files
.push(BackupContent
{
119 filename
: file
.to_string(),
125 Ok((manifest
, files
))
132 schema
: DATASTORE_SCHEMA
,
138 description
: "Returns the list of backup groups.",
144 permission
: &Permission
::Privilege(
145 &["datastore", "{store}"],
146 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
150 /// List backup groups.
153 rpcenv
: &mut dyn RpcEnvironment
,
154 ) -> Result
<Vec
<GroupListItem
>, Error
> {
156 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
157 let user_info
= CachedUserInfo
::new()?
;
158 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
160 let datastore
= DataStore
::lookup_datastore(&store
)?
;
161 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
163 let backup_groups
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
165 let group_info
= backup_groups
167 .fold(Vec
::new(), |mut group_info
, group
| {
168 let owner
= match datastore
.get_owner(&group
) {
169 Ok(auth_id
) => auth_id
,
171 eprintln
!("Failed to get owner of group '{}/{}' - {}",
178 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
182 let snapshots
= match group
.list_backups(&datastore
.base_path()) {
183 Ok(snapshots
) => snapshots
,
189 let backup_count
: u64 = snapshots
.len() as u64;
190 if backup_count
== 0 {
194 let last_backup
= snapshots
196 .fold(&snapshots
[0], |last
, curr
| {
197 if curr
.is_finished()
198 && curr
.backup_dir
.backup_time() > last
.backup_dir
.backup_time() {
206 let note_path
= get_group_note_path(&datastore
, &group
);
207 let comment
= file_read_firstline(¬e_path
).ok();
209 group_info
.push(GroupListItem
{
210 backup_type
: group
.backup_type().to_string(),
211 backup_id
: group
.backup_id().to_string(),
212 last_backup
: last_backup
.backup_dir
.backup_time(),
215 files
: last_backup
.files
,
229 schema
: DATASTORE_SCHEMA
,
232 schema
: BACKUP_TYPE_SCHEMA
,
235 schema
: BACKUP_ID_SCHEMA
,
240 permission
: &Permission
::Privilege(
241 &["datastore", "{store}"],
242 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
246 /// Delete backup group including all snapshots.
252 rpcenv
: &mut dyn RpcEnvironment
,
253 ) -> Result
<Value
, Error
> {
255 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
257 let group
= BackupGroup
::new(backup_type
, backup_id
);
258 let datastore
= DataStore
::lookup_datastore(&store
)?
;
260 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
262 datastore
.remove_backup_group(&group
)?
;
271 schema
: DATASTORE_SCHEMA
,
274 schema
: BACKUP_TYPE_SCHEMA
,
277 schema
: BACKUP_ID_SCHEMA
,
280 schema
: BACKUP_TIME_SCHEMA
,
286 description
: "Returns the list of archive files inside a backup snapshots.",
292 permission
: &Permission
::Privilege(
293 &["datastore", "{store}"],
294 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
298 /// List snapshot files.
299 pub fn list_snapshot_files(
305 rpcenv
: &mut dyn RpcEnvironment
,
306 ) -> Result
<Vec
<BackupContent
>, Error
> {
308 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
309 let datastore
= DataStore
::lookup_datastore(&store
)?
;
311 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
313 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
)?
;
315 let info
= BackupInfo
::new(&datastore
.base_path(), snapshot
)?
;
317 let (_manifest
, files
) = get_all_snapshot_files(&datastore
, &info
)?
;
326 schema
: DATASTORE_SCHEMA
,
329 schema
: BACKUP_TYPE_SCHEMA
,
332 schema
: BACKUP_ID_SCHEMA
,
335 schema
: BACKUP_TIME_SCHEMA
,
340 permission
: &Permission
::Privilege(
341 &["datastore", "{store}"],
342 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
346 /// Delete backup snapshot.
347 pub fn delete_snapshot(
353 rpcenv
: &mut dyn RpcEnvironment
,
354 ) -> Result
<Value
, Error
> {
356 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
358 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
359 let datastore
= DataStore
::lookup_datastore(&store
)?
;
361 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
363 datastore
.remove_backup_dir(&snapshot
, false)?
;
372 schema
: DATASTORE_SCHEMA
,
376 schema
: BACKUP_TYPE_SCHEMA
,
380 schema
: BACKUP_ID_SCHEMA
,
386 description
: "Returns the list of snapshots.",
388 type: SnapshotListItem
,
392 permission
: &Permission
::Privilege(
393 &["datastore", "{store}"],
394 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
398 /// List backup snapshots.
399 pub fn list_snapshots (
401 backup_type
: Option
<String
>,
402 backup_id
: Option
<String
>,
405 rpcenv
: &mut dyn RpcEnvironment
,
406 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
408 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
409 let user_info
= CachedUserInfo
::new()?
;
410 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
412 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
414 let datastore
= DataStore
::lookup_datastore(&store
)?
;
416 let base_path
= datastore
.base_path();
418 let groups
= match (backup_type
, backup_id
) {
419 (Some(backup_type
), Some(backup_id
)) => {
420 let mut groups
= Vec
::with_capacity(1);
421 groups
.push(BackupGroup
::new(backup_type
, backup_id
));
424 (Some(backup_type
), None
) => {
425 BackupInfo
::list_backup_groups(&base_path
)?
427 .filter(|group
| group
.backup_type() == backup_type
)
430 (None
, Some(backup_id
)) => {
431 BackupInfo
::list_backup_groups(&base_path
)?
433 .filter(|group
| group
.backup_id() == backup_id
)
436 _
=> BackupInfo
::list_backup_groups(&base_path
)?
,
439 let info_to_snapshot_list_item
= |group
: &BackupGroup
, owner
, info
: BackupInfo
| {
440 let backup_type
= group
.backup_type().to_string();
441 let backup_id
= group
.backup_id().to_string();
442 let backup_time
= info
.backup_dir
.backup_time();
444 match get_all_snapshot_files(&datastore
, &info
) {
445 Ok((manifest
, files
)) => {
446 // extract the first line from notes
447 let comment
: Option
<String
> = manifest
.unprotected
["notes"]
449 .and_then(|notes
| notes
.lines().next())
452 let fingerprint
= match manifest
.fingerprint() {
455 eprintln
!("error parsing fingerprint: '{}'", err
);
460 let verification
= manifest
.unprotected
["verify_state"].clone();
461 let verification
: Option
<SnapshotVerifyState
> = match serde_json
::from_value(verification
) {
462 Ok(verify
) => verify
,
464 eprintln
!("error parsing verification state : '{}'", err
);
469 let size
= Some(files
.iter().map(|x
| x
.size
.unwrap_or(0)).sum());
484 eprintln
!("error during snapshot file listing: '{}'", err
);
488 .map(|filename
| BackupContent
{
512 .try_fold(Vec
::new(), |mut snapshots
, group
| {
513 let owner
= match datastore
.get_owner(group
) {
514 Ok(auth_id
) => auth_id
,
516 eprintln
!("Failed to get owner of group '{}/{}' - {}",
520 return Ok(snapshots
);
524 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
525 return Ok(snapshots
);
528 let group_backups
= group
.list_backups(&datastore
.base_path())?
;
533 .map(|info
| info_to_snapshot_list_item(&group
, Some(owner
.clone()), info
))
540 fn get_snapshots_count(store
: &DataStore
, filter_owner
: Option
<&Authid
>) -> Result
<Counts
, Error
> {
541 let base_path
= store
.base_path();
542 let groups
= BackupInfo
::list_backup_groups(&base_path
)?
;
546 let owner
= match store
.get_owner(&group
) {
549 eprintln
!("Failed to get owner of group '{}/{}' - {}",
558 Some(filter
) => check_backup_owner(&owner
, filter
).is_ok(),
562 .try_fold(Counts
::default(), |mut counts
, group
| {
563 let snapshot_count
= group
.list_backups(&base_path
)?
.len() as u64;
565 let type_count
= match group
.backup_type() {
566 "ct" => counts
.ct
.get_or_insert(Default
::default()),
567 "vm" => counts
.vm
.get_or_insert(Default
::default()),
568 "host" => counts
.host
.get_or_insert(Default
::default()),
569 _
=> counts
.other
.get_or_insert(Default
::default()),
572 type_count
.groups
+= 1;
573 type_count
.snapshots
+= snapshot_count
;
583 schema
: DATASTORE_SCHEMA
,
589 description
: "Include additional information like snapshot counts and GC status.",
595 type: DataStoreStatus
,
598 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
601 /// Get datastore status.
606 rpcenv
: &mut dyn RpcEnvironment
,
607 ) -> Result
<DataStoreStatus
, Error
> {
608 let datastore
= DataStore
::lookup_datastore(&store
)?
;
609 let storage
= crate::tools
::disks
::disk_usage(&datastore
.base_path())?
;
610 let (counts
, gc_status
) = if verbose
{
611 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
612 let user_info
= CachedUserInfo
::new()?
;
614 let store_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
615 let filter_owner
= if store_privs
& PRIV_DATASTORE_AUDIT
!= 0 {
621 let counts
= Some(get_snapshots_count(&datastore
, filter_owner
)?
);
622 let gc_status
= Some(datastore
.last_gc_status());
630 total
: storage
.total
,
632 avail
: storage
.avail
,
642 schema
: DATASTORE_SCHEMA
,
645 schema
: BACKUP_TYPE_SCHEMA
,
649 schema
: BACKUP_ID_SCHEMA
,
653 schema
: IGNORE_VERIFIED_BACKUPS_SCHEMA
,
657 schema
: VERIFICATION_OUTDATED_AFTER_SCHEMA
,
661 schema
: BACKUP_TIME_SCHEMA
,
670 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_VERIFY
| PRIV_DATASTORE_BACKUP
, true),
675 /// This function can verify a single backup snapshot, all backup from a backup group,
676 /// or all backups in the datastore.
679 backup_type
: Option
<String
>,
680 backup_id
: Option
<String
>,
681 backup_time
: Option
<i64>,
682 ignore_verified
: Option
<bool
>,
683 outdated_after
: Option
<i64>,
684 rpcenv
: &mut dyn RpcEnvironment
,
685 ) -> Result
<Value
, Error
> {
686 let datastore
= DataStore
::lookup_datastore(&store
)?
;
687 let ignore_verified
= ignore_verified
.unwrap_or(true);
689 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
692 let mut backup_dir
= None
;
693 let mut backup_group
= None
;
694 let mut worker_type
= "verify";
696 match (backup_type
, backup_id
, backup_time
) {
697 (Some(backup_type
), Some(backup_id
), Some(backup_time
)) => {
698 worker_id
= format
!("{}:{}/{}/{:08X}", store
, backup_type
, backup_id
, backup_time
);
699 let dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
701 check_priv_or_backup_owner(&datastore
, dir
.group(), &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
703 backup_dir
= Some(dir
);
704 worker_type
= "verify_snapshot";
706 (Some(backup_type
), Some(backup_id
), None
) => {
707 worker_id
= format
!("{}:{}/{}", store
, backup_type
, backup_id
);
708 let group
= BackupGroup
::new(backup_type
, backup_id
);
710 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
712 backup_group
= Some(group
);
713 worker_type
= "verify_group";
715 (None
, None
, None
) => {
716 worker_id
= store
.clone();
718 _
=> bail
!("parameters do not specify a backup group or snapshot"),
721 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
723 let upid_str
= WorkerTask
::new_thread(
729 let verify_worker
= crate::backup
::VerifyWorker
::new(worker
.clone(), datastore
);
730 let failed_dirs
= if let Some(backup_dir
) = backup_dir
{
731 let mut res
= Vec
::new();
732 if !verify_backup_dir(
735 worker
.upid().clone(),
736 Some(&move |manifest
| {
737 verify_filter(ignore_verified
, outdated_after
, manifest
)
740 res
.push(backup_dir
.to_string());
743 } else if let Some(backup_group
) = backup_group
{
744 let failed_dirs
= verify_backup_group(
747 &mut StoreProgress
::new(1),
749 Some(&move |manifest
| {
750 verify_filter(ignore_verified
, outdated_after
, manifest
)
755 let privs
= CachedUserInfo
::new()?
756 .lookup_privs(&auth_id
, &["datastore", &store
]);
758 let owner
= if privs
& PRIV_DATASTORE_VERIFY
== 0 {
768 Some(&move |manifest
| {
769 verify_filter(ignore_verified
, outdated_after
, manifest
)
773 if !failed_dirs
.is_empty() {
774 worker
.log("Failed to verify the following snapshots/groups:");
775 for dir
in failed_dirs
{
776 worker
.log(format
!("\t{}", dir
));
778 bail
!("verification failed - please check the log for details");
791 schema
: BACKUP_ID_SCHEMA
,
794 schema
: BACKUP_TYPE_SCHEMA
,
800 description
: "Just show what prune would do, but do not delete anything.",
807 schema
: DATASTORE_SCHEMA
,
813 description
: "Returns the list of snapshots and a flag indicating if there are kept or removed.",
819 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
, true),
822 /// Prune a group on the datastore
827 prune_options
: PruneOptions
,
830 rpcenv
: &mut dyn RpcEnvironment
,
831 ) -> Result
<Value
, Error
> {
833 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
835 let group
= BackupGroup
::new(&backup_type
, &backup_id
);
837 let datastore
= DataStore
::lookup_datastore(&store
)?
;
839 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
841 let worker_id
= format
!("{}:{}/{}", store
, &backup_type
, &backup_id
);
843 let mut prune_result
= Vec
::new();
845 let list
= group
.list_backups(&datastore
.base_path())?
;
847 let mut prune_info
= compute_prune_info(list
, &prune_options
)?
;
849 prune_info
.reverse(); // delete older snapshots first
851 let keep_all
= !prune_options
.keeps_something();
854 for (info
, mut keep
) in prune_info
{
855 if keep_all { keep = true; }
857 let backup_time
= info
.backup_dir
.backup_time();
858 let group
= info
.backup_dir
.group();
860 prune_result
.push(json
!({
861 "backup-type": group
.backup_type(),
862 "backup-id": group
.backup_id(),
863 "backup-time": backup_time
,
867 return Ok(json
!(prune_result
));
871 // We use a WorkerTask just to have a task log, but run synchrounously
872 let worker
= WorkerTask
::new("prune", Some(worker_id
), auth_id
, true)?
;
875 worker
.log("No prune selection - keeping all files.");
877 worker
.log(format
!("retention options: {}", prune_options
.cli_options_string()));
878 worker
.log(format
!("Starting prune on store \"{}\" group \"{}/{}\"",
879 store
, backup_type
, backup_id
));
882 for (info
, mut keep
) in prune_info
{
883 if keep_all { keep = true; }
885 let backup_time
= info
.backup_dir
.backup_time();
886 let timestamp
= info
.backup_dir
.backup_time_string();
887 let group
= info
.backup_dir
.group();
895 if keep { "keep" }
else { "remove" }
,
900 prune_result
.push(json
!({
901 "backup-type": group
.backup_type(),
902 "backup-id": group
.backup_id(),
903 "backup-time": backup_time
,
907 if !(dry_run
|| keep
) {
908 if let Err(err
) = datastore
.remove_backup_dir(&info
.backup_dir
, false) {
911 "failed to remove dir {:?}: {}",
912 info
.backup_dir
.relative_path(), err
919 worker
.log_result(&Ok(()));
921 Ok(json
!(prune_result
))
931 description
: "Just show what prune would do, but do not delete anything.",
938 schema
: DATASTORE_SCHEMA
,
946 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
, true),
949 /// Prune the datastore
950 pub fn prune_datastore(
952 prune_options
: PruneOptions
,
955 rpcenv
: &mut dyn RpcEnvironment
,
956 ) -> Result
<String
, Error
> {
958 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
960 let datastore
= DataStore
::lookup_datastore(&store
)?
;
962 let upid_str
= WorkerTask
::new_thread(
967 move |worker
| crate::server
::prune_datastore(
984 schema
: DATASTORE_SCHEMA
,
992 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
995 /// Start garbage collection.
996 pub fn start_garbage_collection(
999 rpcenv
: &mut dyn RpcEnvironment
,
1000 ) -> Result
<Value
, Error
> {
1002 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1003 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1005 let job
= Job
::new("garbage_collection", &store
)
1006 .map_err(|_
| format_err
!("garbage collection already running"))?
;
1008 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
1010 let upid_str
= crate::server
::do_garbage_collection_job(job
, datastore
, &auth_id
, None
, to_stdout
)
1011 .map_err(|err
| format_err
!("unable to start garbage collection job on datastore {} - {}", store
, err
))?
;
1020 schema
: DATASTORE_SCHEMA
,
1025 type: GarbageCollectionStatus
,
1028 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
1031 /// Garbage collection status.
1032 pub fn garbage_collection_status(
1035 _rpcenv
: &mut dyn RpcEnvironment
,
1036 ) -> Result
<GarbageCollectionStatus
, Error
> {
1038 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1040 let status
= datastore
.last_gc_status();
1047 description
: "List the accessible datastores.",
1049 items
: { type: DataStoreListItem }
,
1052 permission
: &Permission
::Anybody
,
1056 pub fn get_datastore_list(
1059 rpcenv
: &mut dyn RpcEnvironment
,
1060 ) -> Result
<Vec
<DataStoreListItem
>, Error
> {
1062 let (config
, _digest
) = datastore
::config()?
;
1064 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1065 let user_info
= CachedUserInfo
::new()?
;
1067 let mut list
= Vec
::new();
1069 for (store
, (_
, data
)) in &config
.sections
{
1070 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1071 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
1075 store
: store
.clone(),
1076 comment
: data
["comment"].as_str().map(String
::from
),
1086 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
1087 &ApiHandler
::AsyncHttp(&download_file
),
1089 "Download single raw file from backup snapshot.",
1091 ("store", false, &DATASTORE_SCHEMA
),
1092 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1093 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1094 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1095 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1098 ).access(None
, &Permission
::Privilege(
1099 &["datastore", "{store}"],
1100 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1104 pub fn download_file(
1109 rpcenv
: Box
<dyn RpcEnvironment
>,
1110 ) -> ApiResponseFuture
{
1113 let store
= required_string_param(¶m
, "store")?
;
1114 let datastore
= DataStore
::lookup_datastore(store
)?
;
1116 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1118 let file_name
= required_string_param(¶m
, "file-name")?
.to_owned();
1120 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1121 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1122 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1124 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1126 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1128 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1130 let mut path
= datastore
.base_path();
1131 path
.push(backup_dir
.relative_path());
1132 path
.push(&file_name
);
1134 let file
= tokio
::fs
::File
::open(&path
)
1136 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1138 let payload
= tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
1139 .map_ok(|bytes
| bytes
.freeze())
1140 .map_err(move |err
| {
1141 eprintln
!("error during streaming of '{:?}' - {}", &path
, err
);
1144 let body
= Body
::wrap_stream(payload
);
1146 // fixme: set other headers ?
1147 Ok(Response
::builder()
1148 .status(StatusCode
::OK
)
1149 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1156 pub const API_METHOD_DOWNLOAD_FILE_DECODED
: ApiMethod
= ApiMethod
::new(
1157 &ApiHandler
::AsyncHttp(&download_file_decoded
),
1159 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
1161 ("store", false, &DATASTORE_SCHEMA
),
1162 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1163 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1164 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1165 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1168 ).access(None
, &Permission
::Privilege(
1169 &["datastore", "{store}"],
1170 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1174 pub fn download_file_decoded(
1179 rpcenv
: Box
<dyn RpcEnvironment
>,
1180 ) -> ApiResponseFuture
{
1183 let store
= required_string_param(¶m
, "store")?
;
1184 let datastore
= DataStore
::lookup_datastore(store
)?
;
1186 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1188 let file_name
= required_string_param(¶m
, "file-name")?
.to_owned();
1190 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1191 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1192 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1194 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1196 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1198 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1200 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1201 bail
!("cannot decode '{}' - is encrypted", file_name
);
1205 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1207 let mut path
= datastore
.base_path();
1208 path
.push(backup_dir
.relative_path());
1209 path
.push(&file_name
);
1211 let extension
= file_name
.rsplitn(2, '
.'
).next().unwrap();
1213 let body
= match extension
{
1215 let index
= DynamicIndexReader
::open(&path
)
1216 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1217 let (csum
, size
) = index
.compute_csum();
1218 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1220 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1221 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1222 Body
::wrap_stream(AsyncReaderStream
::new(reader
)
1223 .map_err(move |err
| {
1224 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1229 let index
= FixedIndexReader
::open(&path
)
1230 .map_err(|err
| format_err
!("unable to read fixed index '{:?}' - {}", &path
, err
))?
;
1232 let (csum
, size
) = index
.compute_csum();
1233 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1235 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1236 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1237 Body
::wrap_stream(AsyncReaderStream
::with_buffer_size(reader
, 4*1024*1024)
1238 .map_err(move |err
| {
1239 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1244 let file
= std
::fs
::File
::open(&path
)
1245 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1247 // FIXME: load full blob to verify index checksum?
1250 WrappedReaderStream
::new(DataBlobReader
::new(file
, None
)?
)
1251 .map_err(move |err
| {
1252 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1258 bail
!("cannot download '{}' files", extension
);
1262 // fixme: set other headers ?
1263 Ok(Response
::builder()
1264 .status(StatusCode
::OK
)
1265 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1272 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
1273 &ApiHandler
::AsyncHttp(&upload_backup_log
),
1275 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
1277 ("store", false, &DATASTORE_SCHEMA
),
1278 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1279 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1280 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1284 Some("Only the backup creator/owner is allowed to do this."),
1285 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP
, false)
1288 pub fn upload_backup_log(
1293 rpcenv
: Box
<dyn RpcEnvironment
>,
1294 ) -> ApiResponseFuture
{
1297 let store
= required_string_param(¶m
, "store")?
;
1298 let datastore
= DataStore
::lookup_datastore(store
)?
;
1300 let file_name
= CLIENT_LOG_BLOB_NAME
;
1302 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1303 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1304 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1306 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1308 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1309 let owner
= datastore
.get_owner(backup_dir
.group())?
;
1310 check_backup_owner(&owner
, &auth_id
)?
;
1312 let mut path
= datastore
.base_path();
1313 path
.push(backup_dir
.relative_path());
1314 path
.push(&file_name
);
1317 bail
!("backup already contains a log.");
1320 println
!("Upload backup log to {}/{}/{}/{}/{}", store
,
1321 backup_type
, backup_id
, backup_dir
.backup_time_string(), file_name
);
1324 .map_err(Error
::from
)
1325 .try_fold(Vec
::new(), |mut acc
, chunk
| {
1326 acc
.extend_from_slice(&*chunk
);
1327 future
::ok
::<_
, Error
>(acc
)
1331 // always verify blob/CRC at server side
1332 let blob
= DataBlob
::load_from_reader(&mut &data
[..])?
;
1334 replace_file(&path
, blob
.raw_data(), CreateOptions
::new())?
;
1336 // fixme: use correct formatter
1337 Ok(crate::server
::formatter
::json_response(Ok(Value
::Null
)))
1345 schema
: DATASTORE_SCHEMA
,
1348 schema
: BACKUP_TYPE_SCHEMA
,
1351 schema
: BACKUP_ID_SCHEMA
,
1354 schema
: BACKUP_TIME_SCHEMA
,
1357 description
: "Base64 encoded path.",
1363 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1366 /// Get the entries of the given path of the catalog
1369 backup_type
: String
,
1373 rpcenv
: &mut dyn RpcEnvironment
,
1374 ) -> Result
<Vec
<ArchiveEntry
>, Error
> {
1375 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1377 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1379 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1381 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1383 let file_name
= CATALOG_NAME
;
1385 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1387 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1388 bail
!("cannot decode '{}' - is encrypted", file_name
);
1392 let mut path
= datastore
.base_path();
1393 path
.push(backup_dir
.relative_path());
1394 path
.push(file_name
);
1396 let index
= DynamicIndexReader
::open(&path
)
1397 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1399 let (csum
, size
) = index
.compute_csum();
1400 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1402 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1403 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1405 let mut catalog_reader
= CatalogReader
::new(reader
);
1407 let path
= if filepath
!= "root" && filepath
!= "/" {
1408 base64
::decode(filepath
)?
1413 helpers
::list_dir_content(&mut catalog_reader
, &path
)
1417 pub const API_METHOD_PXAR_FILE_DOWNLOAD
: ApiMethod
= ApiMethod
::new(
1418 &ApiHandler
::AsyncHttp(&pxar_file_download
),
1420 "Download single file from pxar file of a backup snapshot. Only works if it's not encrypted.",
1422 ("store", false, &DATASTORE_SCHEMA
),
1423 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1424 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1425 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1426 ("filepath", false, &StringSchema
::new("Base64 encoded path").schema()),
1429 ).access(None
, &Permission
::Privilege(
1430 &["datastore", "{store}"],
1431 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1435 pub fn pxar_file_download(
1440 rpcenv
: Box
<dyn RpcEnvironment
>,
1441 ) -> ApiResponseFuture
{
1444 let store
= required_string_param(¶m
, "store")?
;
1445 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1447 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1449 let filepath
= required_string_param(¶m
, "filepath")?
.to_owned();
1451 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1452 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1453 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1455 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1457 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1459 let mut components
= base64
::decode(&filepath
)?
;
1460 if !components
.is_empty() && components
[0] == b'
/'
{
1461 components
.remove(0);
1464 let mut split
= components
.splitn(2, |c
| *c
== b'
/'
);
1465 let pxar_name
= std
::str::from_utf8(split
.next().unwrap())?
;
1466 let file_path
= split
.next().unwrap_or(b
"/");
1467 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1469 if file
.filename
== pxar_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1470 bail
!("cannot decode '{}' - is encrypted", pxar_name
);
1474 let mut path
= datastore
.base_path();
1475 path
.push(backup_dir
.relative_path());
1476 path
.push(pxar_name
);
1478 let index
= DynamicIndexReader
::open(&path
)
1479 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1481 let (csum
, size
) = index
.compute_csum();
1482 manifest
.verify_file(&pxar_name
, &csum
, size
)?
;
1484 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1485 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1486 let archive_size
= reader
.archive_size();
1487 let reader
= LocalDynamicReadAt
::new(reader
);
1489 let decoder
= Accessor
::new(reader
, archive_size
).await?
;
1490 let root
= decoder
.open_root().await?
;
1491 let path
= OsStr
::from_bytes(file_path
).to_os_string();
1493 .lookup(&path
).await?
1494 .ok_or_else(|| format_err
!("error opening '{:?}'", path
))?
;
1496 let body
= match file
.kind() {
1497 EntryKind
::File { .. }
=> Body
::wrap_stream(
1498 AsyncReaderStream
::new(file
.contents().await?
).map_err(move |err
| {
1499 eprintln
!("error during streaming of file '{:?}' - {}", filepath
, err
);
1503 EntryKind
::Hardlink(_
) => Body
::wrap_stream(
1504 AsyncReaderStream
::new(decoder
.follow_hardlink(&file
).await?
.contents().await?
)
1505 .map_err(move |err
| {
1507 "error during streaming of hardlink '{:?}' - {}",
1513 EntryKind
::Directory
=> {
1514 let (sender
, receiver
) = tokio
::sync
::mpsc
::channel(100);
1515 let channelwriter
= AsyncChannelWriter
::new(sender
, 1024 * 1024);
1516 crate::server
::spawn_internal_task(
1517 create_zip(channelwriter
, decoder
, path
.clone(), false)
1519 Body
::wrap_stream(ReceiverStream
::new(receiver
).map_err(move |err
| {
1520 eprintln
!("error during streaming of zip '{:?}' - {}", path
, err
);
1524 other
=> bail
!("cannot download file of type {:?}", other
),
1527 // fixme: set other headers ?
1528 Ok(Response
::builder()
1529 .status(StatusCode
::OK
)
1530 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1540 schema
: DATASTORE_SCHEMA
,
1543 type: RRDTimeFrameResolution
,
1551 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1554 /// Read datastore stats
1555 pub fn get_rrd_stats(
1557 timeframe
: RRDTimeFrameResolution
,
1560 ) -> Result
<Value
, Error
> {
1562 create_value_from_rrd(
1563 &format
!("datastore/{}", store
),
1566 "read_ios", "read_bytes",
1567 "write_ios", "write_bytes",
1579 schema
: DATASTORE_SCHEMA
,
1582 schema
: BACKUP_TYPE_SCHEMA
,
1585 schema
: BACKUP_ID_SCHEMA
,
1590 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1593 /// Get "notes" for a backup group
1594 pub fn get_group_notes(
1596 backup_type
: String
,
1598 rpcenv
: &mut dyn RpcEnvironment
,
1599 ) -> Result
<String
, Error
> {
1600 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1602 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1603 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1605 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1607 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1608 Ok(file_read_optional_string(note_path
)?
.unwrap_or_else(|| "".to_owned()))
1615 schema
: DATASTORE_SCHEMA
,
1618 schema
: BACKUP_TYPE_SCHEMA
,
1621 schema
: BACKUP_ID_SCHEMA
,
1624 description
: "A multiline text.",
1629 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1630 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1634 /// Set "notes" for a backup group
1635 pub fn set_group_notes(
1637 backup_type
: String
,
1640 rpcenv
: &mut dyn RpcEnvironment
,
1641 ) -> Result
<(), Error
> {
1642 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1644 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1645 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1647 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1649 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1650 replace_file(note_path
, notes
.as_bytes(), CreateOptions
::new())?
;
1659 schema
: DATASTORE_SCHEMA
,
1662 schema
: BACKUP_TYPE_SCHEMA
,
1665 schema
: BACKUP_ID_SCHEMA
,
1668 schema
: BACKUP_TIME_SCHEMA
,
1673 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1676 /// Get "notes" for a specific backup
1679 backup_type
: String
,
1682 rpcenv
: &mut dyn RpcEnvironment
,
1683 ) -> Result
<String
, Error
> {
1684 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1686 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1687 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1689 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1691 let (manifest
, _
) = datastore
.load_manifest(&backup_dir
)?
;
1693 let notes
= manifest
.unprotected
["notes"]
1697 Ok(String
::from(notes
))
1704 schema
: DATASTORE_SCHEMA
,
1707 schema
: BACKUP_TYPE_SCHEMA
,
1710 schema
: BACKUP_ID_SCHEMA
,
1713 schema
: BACKUP_TIME_SCHEMA
,
1716 description
: "A multiline text.",
1721 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1722 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1726 /// Set "notes" for a specific backup
1729 backup_type
: String
,
1733 rpcenv
: &mut dyn RpcEnvironment
,
1734 ) -> Result
<(), Error
> {
1735 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1737 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1738 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1740 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1742 datastore
.update_manifest(&backup_dir
,|manifest
| {
1743 manifest
.unprotected
["notes"] = notes
.into();
1744 }).map_err(|err
| format_err
!("unable to update manifest blob - {}", err
))?
;
1753 schema
: DATASTORE_SCHEMA
,
1756 schema
: BACKUP_TYPE_SCHEMA
,
1759 schema
: BACKUP_ID_SCHEMA
,
1767 permission
: &Permission
::Anybody
,
1768 description
: "Datastore.Modify on whole datastore, or changing ownership between user and a user's token for owned backups with Datastore.Backup"
1771 /// Change owner of a backup group
1772 pub fn set_backup_owner(
1774 backup_type
: String
,
1777 rpcenv
: &mut dyn RpcEnvironment
,
1778 ) -> Result
<(), Error
> {
1780 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1782 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1784 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1786 let user_info
= CachedUserInfo
::new()?
;
1788 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1790 let allowed
= if (privs
& PRIV_DATASTORE_MODIFY
) != 0 {
1791 // High-privilege user/token
1793 } else if (privs
& PRIV_DATASTORE_BACKUP
) != 0 {
1794 let owner
= datastore
.get_owner(&backup_group
)?
;
1796 match (owner
.is_token(), new_owner
.is_token()) {
1798 // API token to API token, owned by same user
1799 let owner
= owner
.user();
1800 let new_owner
= new_owner
.user();
1801 owner
== new_owner
&& Authid
::from(owner
.clone()) == auth_id
1804 // API token to API token owner
1805 Authid
::from(owner
.user().clone()) == auth_id
1806 && new_owner
== auth_id
1809 // API token owner to API token
1811 && Authid
::from(new_owner
.user().clone()) == auth_id
1814 // User to User, not allowed for unprivileged users
1823 return Err(http_err
!(UNAUTHORIZED
,
1824 "{} does not have permission to change owner of backup group '{}' to {}",
1831 if !user_info
.is_active_auth_id(&new_owner
) {
1832 bail
!("{} '{}' is inactive or non-existent",
1833 if new_owner
.is_token() {
1834 "API token".to_string()
1841 datastore
.set_owner(&backup_group
, &new_owner
, true)?
;
1847 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
1851 .get(&API_METHOD_CATALOG
)
1856 .post(&API_METHOD_SET_BACKUP_OWNER
)
1861 .download(&API_METHOD_DOWNLOAD_FILE
)
1866 .download(&API_METHOD_DOWNLOAD_FILE_DECODED
)
1871 .get(&API_METHOD_LIST_SNAPSHOT_FILES
)
1876 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
1877 .post(&API_METHOD_START_GARBAGE_COLLECTION
)
1882 .get(&API_METHOD_GET_GROUP_NOTES
)
1883 .put(&API_METHOD_SET_GROUP_NOTES
)
1888 .get(&API_METHOD_LIST_GROUPS
)
1889 .delete(&API_METHOD_DELETE_GROUP
)
1894 .get(&API_METHOD_GET_NOTES
)
1895 .put(&API_METHOD_SET_NOTES
)
1900 .post(&API_METHOD_PRUNE
)
1905 .post(&API_METHOD_PRUNE_DATASTORE
)
1908 "pxar-file-download",
1910 .download(&API_METHOD_PXAR_FILE_DOWNLOAD
)
1915 .get(&API_METHOD_GET_RRD_STATS
)
1920 .get(&API_METHOD_LIST_SNAPSHOTS
)
1921 .delete(&API_METHOD_DELETE_SNAPSHOT
)
1926 .get(&API_METHOD_STATUS
)
1929 "upload-backup-log",
1931 .upload(&API_METHOD_UPLOAD_BACKUP_LOG
)
1936 .post(&API_METHOD_VERIFY
)
1940 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
1941 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
1942 .subdirs(DATASTORE_INFO_SUBDIRS
);
1945 pub const ROUTER
: Router
= Router
::new()
1946 .get(&API_METHOD_GET_DATASTORE_LIST
)
1947 .match_all("store", &DATASTORE_INFO_ROUTER
);