verify: introduce & use new Datastore.Verify privilege

[proxmox-backup.git] / src / server / verify_job.rs

diff --git a/src/server/verify_job.rs b/src/server/verify_job.rs
index e5d932d4e98edf19c527f64a3b541d7b2414d6a9..c98cd5b22b14d2735e9a1b46a9e3de5219afba73 100644 (file)
--- a/src/server/verify_job.rs
+++ b/src/server/verify_job.rs
@@ -7,7 +7,7 @@ use crate::{
     config::verify::VerificationJobConfig,
     backup::{
         DataStore,
-        BackupInfo,
+        BackupManifest,
         verify_all_backups,
     },
     task_log,
@@ -17,48 +17,45 @@ use crate::{
 pub fn do_verification_job(
     mut job: Job,
     verification_job: VerificationJobConfig,
-    userid: &Userid,
+    auth_id: &Authid,
     schedule: Option<String>,
 ) -> Result<String, Error> {
 
     let datastore = DataStore::lookup_datastore(&verification_job.store)?;
 
-    let datastore2 = datastore.clone();
-
     let outdated_after = verification_job.outdated_after.clone();
-    let ignore_verified = verification_job.ignore_verified.unwrap_or(true);
+    let ignore_verified_snapshots = verification_job.ignore_verified.unwrap_or(true);
 
-    let filter = move |backup_info: &BackupInfo| {
-        if !ignore_verified {
+    let filter = move |manifest: &BackupManifest| {
+        if !ignore_verified_snapshots {
             return true;
         }
-        let manifest = match datastore2.load_manifest(&backup_info.backup_dir) {
-            Ok((manifest, _)) => manifest,
-            Err(_) => return false,
-        };
 
         let raw_verify_state = manifest.unprotected["verify_state"].clone();
-        let last_state = match serde_json::from_value::<SnapshotVerifyState>(raw_verify_state) {
-            Ok(last_state) => last_state,
-            Err(_) => return true,
-        };
-
-        let now = proxmox::tools::time::epoch_i64();
-        let days_since_last_verify = (now - last_state.upid.starttime) / 86400;
-
-        outdated_after
-            .map(|v| days_since_last_verify > v)
-            .unwrap_or(true)
+        match serde_json::from_value::<SnapshotVerifyState>(raw_verify_state) {
+            Err(_) => return true, // no last verification, always include
+            Ok(last_verify) => {
+                match outdated_after {
+                    None => false, // never re-verify if ignored and no max age
+                    Some(max_age) => {
+                        let now = proxmox::tools::time::epoch_i64();
+                        let days_since_last_verify = (now - last_verify.upid.starttime) / 86400;
+
+                        days_since_last_verify > max_age
+                    }
+                }
+            }
+        }
     };
 
-    let email = crate::server::lookup_user_email(userid);
+    let email = crate::server::lookup_user_email(auth_id.user());
 
     let job_id = job.jobname().to_string();
     let worker_type = job.jobtype().to_string();
     let upid_str = WorkerTask::new_thread(
         &worker_type,
         Some(job.jobname().to_string()),
-        userid.clone(),
+        auth_id.clone(),
         false,
         move |worker| {
             job.start(&worker.upid().to_string())?;
@@ -68,7 +65,7 @@ pub fn do_verification_job(
                 task_log!(worker,"task triggered by schedule '{}'", event_str);
             }
 
-            let result = verify_all_backups(datastore, worker.clone(), worker.upid(), &filter);
+            let result = verify_all_backups(datastore, worker.clone(), worker.upid(), None, Some(&filter));
             let job_result = match result {
                 Ok(ref errors) if errors.is_empty() => Ok(()),
                 Ok(_) => Err(format_err!("verification failed - please check the log for details")),