2 use ::serde
::{Deserialize, Serialize}
;
4 use proxmox
::api
::{api, schema::*}
;
5 use proxmox
::const_regex
;
6 use proxmox
::{IPRE, IPV4RE, IPV6RE, IPV4OCTET, IPV6H16, IPV6LS32}
;
8 // File names: may not contain slashes, may not start with "."
9 pub const FILENAME_FORMAT
: ApiStringFormat
= ApiStringFormat
::VerifyFn(|name
| {
10 if name
.starts_with('
.'
) {
11 bail
!("file names may not start with '.'");
13 if name
.contains('
/'
) {
14 bail
!("file names may not contain slashes");
19 macro_rules
! DNS_LABEL { () => (r"(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?)") }
20 macro_rules
! DNS_NAME { () => (concat!(r"(?:", DNS_LABEL!() , r"\.)*", DNS_LABEL!())) }
22 // we only allow a limited set of characters
23 // colon is not allowed, because we store usernames in
24 // colon separated lists)!
25 // slash is not allowed because it is used as pve API delimiter
26 // also see "man useradd"
27 macro_rules
! USER_NAME_REGEX_STR { () => (r"(?:[^\s:/[:cntrl:]]+)") }
29 macro_rules
! PROXMOX_SAFE_ID_REGEX_STR { () => (r"(?:[A-Za-z0-9_][A-Za-z0-9._\-]*)") }
32 pub IP_FORMAT_REGEX
= IPRE
!();
33 pub SHA256_HEX_REGEX
= r
"^[a-f0-9]{64}$"; // fixme: define in common_regex ?
34 pub SYSTEMD_DATETIME_REGEX
= r
"^\d{4}-\d{2}-\d{2}( \d{2}:\d{2}(:\d{2})?)?$"; // fixme: define in common_regex ?
36 pub PASSWORD_REGEX
= r
"^[[:^cntrl:]]*$"; // everything but control characters
38 /// Regex for safe identifiers.
41 /// [article](https://dwheeler.com/essays/fixing-unix-linux-filenames.html)
42 /// contains further information why it is reasonable to restict
43 /// names this way. This is not only useful for filenames, but for
44 /// any identifier command line tools work with.
45 pub PROXMOX_SAFE_ID_REGEX
= concat
!(r
"^", PROXMOX_SAFE_ID_REGEX_STR
!(), r
"$");
47 pub SINGLE_LINE_COMMENT_REGEX
= r
"^[[:^cntrl:]]*$";
49 pub HOSTNAME_REGEX
= r
"^(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?)$";
51 pub DNS_NAME_REGEX
= concat
!(r
"^", DNS_NAME
!(), r
"$");
53 pub DNS_NAME_OR_IP_REGEX
= concat
!(r
"^", DNS_NAME
!(), "|", IPRE
!(), r
"$");
55 pub PROXMOX_USER_ID_REGEX
= concat
!(r
"^", USER_NAME_REGEX_STR
!(), r
"@", PROXMOX_SAFE_ID_REGEX_STR
!(), r
"$");
57 pub CERT_FINGERPRINT_SHA256_REGEX
= r
"^(?:[0-9a-fA-F][0-9a-fA-F])(?::[0-9a-fA-F][0-9a-fA-F]){31}$";
59 pub ACL_PATH_REGEX
= concat
!(r
"^(?:\/|", r
"(?:\/", PROXMOX_SAFE_ID_REGEX_STR
!(), ")+", r
")$");
62 pub const SYSTEMD_DATETIME_FORMAT
: ApiStringFormat
=
63 ApiStringFormat
::Pattern(&SYSTEMD_DATETIME_REGEX
);
65 pub const IP_FORMAT
: ApiStringFormat
=
66 ApiStringFormat
::Pattern(&IP_FORMAT_REGEX
);
68 pub const PVE_CONFIG_DIGEST_FORMAT
: ApiStringFormat
=
69 ApiStringFormat
::Pattern(&SHA256_HEX_REGEX
);
71 pub const CERT_FINGERPRINT_SHA256_FORMAT
: ApiStringFormat
=
72 ApiStringFormat
::Pattern(&CERT_FINGERPRINT_SHA256_REGEX
);
74 pub const PROXMOX_SAFE_ID_FORMAT
: ApiStringFormat
=
75 ApiStringFormat
::Pattern(&PROXMOX_SAFE_ID_REGEX
);
77 pub const SINGLE_LINE_COMMENT_FORMAT
: ApiStringFormat
=
78 ApiStringFormat
::Pattern(&SINGLE_LINE_COMMENT_REGEX
);
80 pub const HOSTNAME_FORMAT
: ApiStringFormat
=
81 ApiStringFormat
::Pattern(&HOSTNAME_REGEX
);
83 pub const DNS_NAME_FORMAT
: ApiStringFormat
=
84 ApiStringFormat
::Pattern(&DNS_NAME_REGEX
);
86 pub const DNS_NAME_OR_IP_FORMAT
: ApiStringFormat
=
87 ApiStringFormat
::Pattern(&DNS_NAME_OR_IP_REGEX
);
89 pub const PROXMOX_USER_ID_FORMAT
: ApiStringFormat
=
90 ApiStringFormat
::Pattern(&PROXMOX_USER_ID_REGEX
);
92 pub const PASSWORD_FORMAT
: ApiStringFormat
=
93 ApiStringFormat
::Pattern(&PASSWORD_REGEX
);
95 pub const ACL_PATH_FORMAT
: ApiStringFormat
=
96 ApiStringFormat
::Pattern(&ACL_PATH_REGEX
);
99 pub const PASSWORD_SCHEMA
: Schema
= StringSchema
::new("Password.")
100 .format(&PASSWORD_FORMAT
)
105 pub const PBS_PASSWORD_SCHEMA
: Schema
= StringSchema
::new("User Password.")
106 .format(&PASSWORD_FORMAT
)
111 pub const CERT_FINGERPRINT_SHA256_SCHEMA
: Schema
= StringSchema
::new(
112 "X509 certificate fingerprint (sha256)."
114 .format(&CERT_FINGERPRINT_SHA256_FORMAT
)
117 pub const PROXMOX_CONFIG_DIGEST_SCHEMA
: Schema
= StringSchema
::new(r
#"\
118 Prevent changes if current configuration file has different SHA256 digest.
119 This can be used to prevent concurrent modifications.
122 .format(&PVE_CONFIG_DIGEST_FORMAT
)
126 pub const CHUNK_DIGEST_FORMAT
: ApiStringFormat
=
127 ApiStringFormat
::Pattern(&SHA256_HEX_REGEX
);
129 pub const CHUNK_DIGEST_SCHEMA
: Schema
= StringSchema
::new("Chunk digest (SHA256).")
130 .format(&CHUNK_DIGEST_FORMAT
)
133 pub const NODE_SCHEMA
: Schema
= StringSchema
::new("Node name (or 'localhost')")
134 .format(&ApiStringFormat
::VerifyFn(|node
| {
135 if node
== "localhost" || node
== proxmox
::tools
::nodename() {
138 bail
!("no such node '{}'", node
);
143 pub const SEARCH_DOMAIN_SCHEMA
: Schema
=
144 StringSchema
::new("Search domain for host-name lookup.").schema();
146 pub const FIRST_DNS_SERVER_SCHEMA
: Schema
=
147 StringSchema
::new("First name server IP address.")
151 pub const SECOND_DNS_SERVER_SCHEMA
: Schema
=
152 StringSchema
::new("Second name server IP address.")
156 pub const THIRD_DNS_SERVER_SCHEMA
: Schema
=
157 StringSchema
::new("Third name server IP address.")
161 pub const BACKUP_ARCHIVE_NAME_SCHEMA
: Schema
=
162 StringSchema
::new("Backup archive name.")
163 .format(&PROXMOX_SAFE_ID_FORMAT
)
166 pub const BACKUP_TYPE_SCHEMA
: Schema
=
167 StringSchema
::new("Backup type.")
168 .format(&ApiStringFormat
::Enum(&["vm", "ct", "host"]))
171 pub const BACKUP_ID_SCHEMA
: Schema
=
172 StringSchema
::new("Backup ID.")
173 .format(&PROXMOX_SAFE_ID_FORMAT
)
176 pub const BACKUP_TIME_SCHEMA
: Schema
=
177 IntegerSchema
::new("Backup time (Unix epoch.)")
178 .minimum(1_547_797_308)
181 pub const UPID_SCHEMA
: Schema
= StringSchema
::new("Unique Process/Task ID.")
185 pub const DATASTORE_SCHEMA
: Schema
= StringSchema
::new("Datastore name.")
186 .format(&PROXMOX_SAFE_ID_FORMAT
)
191 pub const REMOTE_ID_SCHEMA
: Schema
= StringSchema
::new("Remote ID.")
192 .format(&PROXMOX_SAFE_ID_FORMAT
)
197 pub const SINGLE_LINE_COMMENT_SCHEMA
: Schema
= StringSchema
::new("Comment (single line).")
198 .format(&SINGLE_LINE_COMMENT_FORMAT
)
201 pub const HOSTNAME_SCHEMA
: Schema
= StringSchema
::new("Hostname (as defined in RFC1123).")
202 .format(&HOSTNAME_FORMAT
)
205 pub const DNS_NAME_OR_IP_SCHEMA
: Schema
= StringSchema
::new("DNS name or IP address.")
206 .format(&DNS_NAME_OR_IP_FORMAT
)
209 pub const PROXMOX_AUTH_REALM_SCHEMA
: Schema
= StringSchema
::new("Authentication domain ID")
210 .format(&PROXMOX_SAFE_ID_FORMAT
)
215 pub const PROXMOX_USER_ID_SCHEMA
: Schema
= StringSchema
::new("User ID")
216 .format(&PROXMOX_USER_ID_FORMAT
)
222 // Complex type definitions
227 schema
: BACKUP_TYPE_SCHEMA
,
230 schema
: BACKUP_ID_SCHEMA
,
233 schema
: BACKUP_TIME_SCHEMA
,
240 schema
: BACKUP_ARCHIVE_NAME_SCHEMA
245 #[derive(Serialize, Deserialize)]
246 #[serde(rename_all="kebab-case")]
247 /// Basic information about a backup group.
248 pub struct GroupListItem
{
249 pub backup_type
: String
, // enum
250 pub backup_id
: String
,
251 pub last_backup
: i64,
252 /// Number of contained snapshots
253 pub backup_count
: u64,
254 /// List of contained archive files.
255 pub files
: Vec
<String
>,
261 schema
: BACKUP_TYPE_SCHEMA
,
264 schema
: BACKUP_ID_SCHEMA
,
267 schema
: BACKUP_TIME_SCHEMA
,
271 schema
: BACKUP_ARCHIVE_NAME_SCHEMA
276 #[derive(Serialize, Deserialize)]
277 #[serde(rename_all="kebab-case")]
278 /// Basic information about backup snapshot.
279 pub struct SnapshotListItem
{
280 pub backup_type
: String
, // enum
281 pub backup_id
: String
,
282 pub backup_time
: i64,
283 /// List of contained archive files.
284 pub files
: Vec
<String
>,
285 /// Overall snapshot size (sum of all archive sizes).
286 #[serde(skip_serializing_if="Option::is_none")]
287 pub size
: Option
<u64>,
293 schema
: BACKUP_ARCHIVE_NAME_SCHEMA
,
297 #[derive(Serialize, Deserialize)]
298 #[serde(rename_all="kebab-case")]
299 /// Basic information about archive files inside a backup snapshot.
300 pub struct BackupContent
{
301 pub filename
: String
,
302 /// Archive size (from backup manifest).
303 #[serde(skip_serializing_if="Option::is_none")]
304 pub size
: Option
<u64>,
315 #[derive(Clone, Serialize, Deserialize)]
316 #[serde(rename_all="kebab-case")]
317 /// Garbage collection status.
318 pub struct GarbageCollectionStatus
{
319 pub upid
: Option
<String
>,
320 /// Number of processed index files.
321 pub index_file_count
: usize,
322 /// Sum of bytes referred by index files.
323 pub index_data_bytes
: u64,
324 /// Bytes used on disk.
326 /// Chunks used on disk.
327 pub disk_chunks
: usize,
328 /// Sum of removed bytes.
329 pub removed_bytes
: u64,
330 /// Number of removed chunks.
331 pub removed_chunks
: usize,
332 /// Sum of pending bytes (pending removal - kept for safety).
333 pub pending_bytes
: u64,
334 /// Number of pending chunks (pending removal - kept for safety).
335 pub pending_chunks
: usize,
338 impl Default
for GarbageCollectionStatus
{
339 fn default() -> Self {
340 GarbageCollectionStatus
{
356 #[derive(Serialize, Deserialize)]
357 /// Storage space usage information.
358 pub struct StorageStatus
{
359 /// Total space (bytes).
361 /// Used space (bytes).
363 /// Available space (bytes).
369 "upid": { schema: UPID_SCHEMA }
,
372 #[derive(Serialize, Deserialize)]
374 pub struct TaskListItem
{
376 /// The node name where the task is running on.
380 /// The task start time (Epoch)
382 /// The task start time (Epoch)
384 /// Worker type (arbitrary ASCII string)
385 pub worker_type
: String
,
386 /// Worker ID (arbitrary ASCII string)
387 pub worker_id
: Option
<String
>,
388 /// The user who started the task
390 /// The task end time (Epoch)
391 #[serde(skip_serializing_if="Option::is_none")]
392 pub endtime
: Option
<i64>,
394 #[serde(skip_serializing_if="Option::is_none")]
395 pub status
: Option
<String
>,
401 fn test_cert_fingerprint_schema() -> Result
<(), Error
> {
403 let schema
= CERT_FINGERPRINT_SHA256_SCHEMA
;
405 let invalid_fingerprints
= [
406 "86:88:7c:be:26:77:a5:62:67:d9:06:f5:e4::61:3e:20:dc:cd:43:92:07:7f:fb:65:54:6c:ff:d2:96:36:f8",
407 "88:7C:BE:26:77:a5:62:67:D9:06:f5:e4:14:61:3e:20:dc:cd:43:92:07:7f:fb:65:54:6c:ff:d2:96:36:f8",
408 "86:88:7c:be:26:77:a5:62:67:d9:06:f5:e4::14:61:3e:20:dc:cd:43:92:07:7f:fb:65:54:6c:ff:d2:96:36:f8:ff",
409 "XX:88:7c:be:26:77:a5:62:67:d9:06:f5:e4::14:61:3e:20:dc:cd:43:92:07:7f:fb:65:54:6c:ff:d2:96:36:f8",
410 "86:88:Y4:be:26:77:a5:62:67:d9:06:f5:e4:14:61:3e:20:dc:cd:43:92:07:7f:fb:65:54:6c:ff:d2:96:36:f8",
411 "86:88:0:be:26:77:a5:62:67:d9:06:f5:e4:14:61:3e:20:dc:cd:43:92:07:7f:fb:65:54:6c:ff:d2:96:36:f8",
414 for fingerprint
in invalid_fingerprints
.iter() {
415 if let Ok(_
) = parse_simple_value(fingerprint
, &schema
) {
416 bail
!("test fingerprint '{}' failed - got Ok() while expection an error.", fingerprint
);
420 let valid_fingerprints
= [
421 "86:88:7c:be:26:77:a5:62:67:d9:06:f5:e4:14:61:3e:20:dc:cd:43:92:07:7f:fb:65:54:6c:ff:d2:96:36:f8",
422 "86:88:7C:BE:26:77:a5:62:67:D9:06:f5:e4:14:61:3e:20:dc:cd:43:92:07:7f:fb:65:54:6c:ff:d2:96:36:f8",
425 for fingerprint
in valid_fingerprints
.iter() {
426 let v
= match parse_simple_value(fingerprint
, &schema
) {
429 bail
!("unable to parse fingerprint '{}' - {}", fingerprint
, err
);
433 if v
!= serde_json
::json
!(fingerprint
) {
434 bail
!("unable to parse fingerprint '{}' - got wrong value {:?}", fingerprint
, v
);
442 fn test_proxmox_user_id_schema() -> Result
<(), Error
> {
444 let schema
= PROXMOX_USER_ID_SCHEMA
;
446 let invalid_user_ids
= [
451 "xx x@test", // contains space
452 "xx\nx@test", // contains control character
453 "x:xx@test", // contains collon
454 "xx/x@test", // contains slash
455 "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@test", // too long
458 for name
in invalid_user_ids
.iter() {
459 if let Ok(_
) = parse_simple_value(name
, &schema
) {
460 bail
!("test userid '{}' failed - got Ok() while expection an error.", name
);
464 let valid_user_ids
= [
468 "xxx@_T_E_S_T-it.com",
469 "x_x-x.x@test-it.com",
472 for name
in valid_user_ids
.iter() {
473 let v
= match parse_simple_value(name
, &schema
) {
476 bail
!("unable to parse userid '{}' - {}", name
, err
);
480 if v
!= serde_json
::json
!(name
) {
481 bail
!("unable to parse userid '{}' - got wrong value {:?}", name
, v
);