src/api2/admin/verify.rs

   1 use anyhow::{format_err, Error};
   2
   3 use proxmox::api::router::SubdirMap;
   4 use proxmox::{list_subdirs_api_method, sortable};
   5 use proxmox::api::{api, ApiMethod, Permission, Router, RpcEnvironment};
   6
   7 use crate::api2::types::*;
   8 use crate::server::do_verification_job;
   9 use crate::server::jobstate::{Job, JobState};
  10 use crate::config::acl::{
  11     PRIV_DATASTORE_AUDIT,
  12     PRIV_DATASTORE_VERIFY,
  13 };
  14 use crate::config::cached_user_info::CachedUserInfo;
  15 use crate::config::verify;
  16 use crate::config::verify::{VerificationJobConfig, VerificationJobStatus};
  17 use serde_json::Value;
  18 use crate::tools::systemd::time::{parse_calendar_event, compute_next_event};
  19 use crate::server::UPID;
  20
  21 #[api(
  22     input: {
  23         properties: {
  24             store: {
  25                 schema: DATASTORE_SCHEMA,
  26                 optional: true,
  27             },
  28         },
  29     },
  30     returns: {
  31         description: "List configured jobs and their status (filtered by access)",
  32         type: Array,
  33         items: { type: verify::VerificationJobStatus },
  34     },
  35     access: {
  36         permission: &Permission::Anybody,
  37         description: "Requires Datastore.Audit or Datastore.Verify on datastore.",
  38     },
  39 )]
  40 /// List all verification jobs
  41 pub fn list_verification_jobs(
  42     store: Option<String>,
  43     _param: Value,
  44     mut rpcenv: &mut dyn RpcEnvironment,
  45 ) -> Result<Vec<VerificationJobStatus>, Error> {
  46     let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
  47     let user_info = CachedUserInfo::new()?;
  48
  49     let required_privs = PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_VERIFY;
  50
  51     let (config, digest) = verify::config()?;
  52
  53     let mut list: Vec<VerificationJobStatus> = config
  54         .convert_to_typed_array("verification")?
  55         .into_iter()
  56         .filter(|job: &VerificationJobStatus| {
  57             let privs = user_info.lookup_privs(&auth_id, &["datastore", &job.store]);
  58             if privs & required_privs == 0 {
  59                 return false;
  60             }
  61
  62             if let Some(store) = &store {
  63                 &job.store == store
  64             } else {
  65                 true
  66             }
  67         }).collect();
  68
  69     for job in &mut list {
  70         let last_state = JobState::load("verificationjob", &job.id)
  71             .map_err(|err| format_err!("could not open statefile for {}: {}", &job.id, err))?;
  72
  73         let (upid, endtime, state, starttime) = match last_state {
  74             JobState::Created { time } => (None, None, None, time),
  75             JobState::Started { upid } => {
  76                 let parsed_upid: UPID = upid.parse()?;
  77                 (Some(upid), None, None, parsed_upid.starttime)
  78             },
  79             JobState::Finished { upid, state } => {
  80                 let parsed_upid: UPID = upid.parse()?;
  81                 (Some(upid), Some(state.endtime()), Some(state.to_string()), parsed_upid.starttime)
  82             },
  83         };
  84
  85         job.last_run_upid = upid;
  86         job.last_run_state = state;
  87         job.last_run_endtime = endtime;
  88
  89         let last = job.last_run_endtime.unwrap_or(starttime);
  90
  91         job.next_run = (|| -> Option<i64> {
  92             let schedule = job.schedule.as_ref()?;
  93             let event = parse_calendar_event(&schedule).ok()?;
  94             // ignore errors
  95             compute_next_event(&event, last, false).unwrap_or(None)
  96         })();
  97     }
  98
  99     rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();
 100
 101     Ok(list)
 102 }
 103
 104 #[api(
 105     input: {
 106         properties: {
 107             id: {
 108                 schema: JOB_ID_SCHEMA,
 109             }
 110         }
 111     },
 112     access: {
 113         permission: &Permission::Anybody,
 114         description: "Requires Datastore.Verify on job's datastore.",
 115     },
 116 )]
 117 /// Runs a verification job manually.
 118 fn run_verification_job(
 119     id: String,
 120     _info: &ApiMethod,
 121     rpcenv: &mut dyn RpcEnvironment,
 122 ) -> Result<String, Error> {
 123     let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
 124     let user_info = CachedUserInfo::new()?;
 125
 126     let (config, _digest) = verify::config()?;
 127     let verification_job: VerificationJobConfig = config.lookup("verification", &id)?;
 128
 129     user_info.check_privs(&auth_id, &["datastore", &verification_job.store], PRIV_DATASTORE_VERIFY, true)?;
 130
 131     let job = Job::new("verificationjob", &id)?;
 132
 133     let upid_str = do_verification_job(job, verification_job, &auth_id, None)?;
 134
 135     Ok(upid_str)
 136 }
 137
 138 #[sortable]
 139 const VERIFICATION_INFO_SUBDIRS: SubdirMap = &[("run", &Router::new().post(&API_METHOD_RUN_VERIFICATION_JOB))];
 140
 141 const VERIFICATION_INFO_ROUTER: Router = Router::new()
 142     .get(&list_subdirs_api_method!(VERIFICATION_INFO_SUBDIRS))
 143     .subdirs(VERIFICATION_INFO_SUBDIRS);
 144
 145 pub const ROUTER: Router = Router::new()
 146     .get(&API_METHOD_LIST_VERIFICATION_JOBS)
 147     .match_all("id", &VERIFICATION_INFO_ROUTER);