all lists on lists.proxmox.com
 help / color / mirror / Atom feed
From: Filip Schauer <f.schauer@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH vma-to-pbs] read args from environment variables as fallback
Date: Mon, 2 Dec 2024 13:34:21 +0100	[thread overview]
Message-ID: <0b76e789-cd70-4047-b40c-4ff56425836a@proxmox.com> (raw)
In-Reply-To: <20241202121726.83901-1-f.schauer@proxmox.com>

Superseded by:
https://lists.proxmox.com/pipermail/pbs-devel/2024-December/011956.html

On 02/12/2024 13:17, Filip Schauer wrote:
> Use the same environment variables that are used by
> proxmox-backup-client:
> * PBS_REPOSITORY
> * PBS_PASSWORD(|_FD|_FILE|_CMD)
> * PBS_ENCRYPTION_PASSWORD(|_FD|_FILE|_CMD)
>
> Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
> ---
>   src/main.rs | 66 +++++++++++++++++++++++++++++++++--------------------
>   1 file changed, 41 insertions(+), 25 deletions(-)
>
> diff --git a/src/main.rs b/src/main.rs
> index f942a73..4c5bc1d 100644
> --- a/src/main.rs
> +++ b/src/main.rs
> @@ -1,4 +1,5 @@
>   use std::collections::HashMap;
> +use std::env::VarError::{NotPresent, NotUnicode};
>   use std::ffi::OsString;
>   use std::fs::read_dir;
>   use std::io::{BufRead, BufReader, Write};
> @@ -7,6 +8,7 @@ use std::path::PathBuf;
>   use anyhow::{bail, Context, Error};
>   use chrono::NaiveDateTime;
>   use env_logger::Target;
> +use pbs_client::tools::get_secret_from_env;
>   use proxmox_sys::linux::tty;
>   use proxmox_time::epoch_i64;
>   use regex::Regex;
> @@ -27,7 +29,7 @@ Arguments:
>   
>   Options:
>         --repository <auth_id@host:port:datastore>
> -          Repository URL
> +          Repository URL [env: PBS_REPOSITORY]
>         [--ns <NAMESPACE>]
>             Namespace
>         [--vmid <VMID>]
> @@ -38,7 +40,7 @@ Options:
>         [--backup-time <EPOCH>]
>             Backup timestamp
>         --fingerprint <FINGERPRINT>
> -          Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT=]
> +          Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT]
>         --keyfile <KEYFILE>
>             Key file
>         --master-keyfile <MASTER_KEYFILE>
> @@ -48,9 +50,10 @@ Options:
>     -e, --encrypt
>             Encrypt the Backup
>         --password-file <PASSWORD_FILE>
> -          Password file
> +          Password file [env: PBS_PASSWORD, PBS_PASSWORD_FD, PBS_PASSWORD_FILE, PBS_PASSWORD_CMD]
>         --key-password-file <KEY_PASSWORD_FILE>
> -          Key password file
> +          Key password file [env: PBS_ENCRYPTION_PASSWORD, PBS_ENCRYPTION_PASSWORD_FD,
> +                             PBS_ENCRYPTION_PASSWORD_FILE, PBS_ENCRYPTION_PASSWORD_CMD]
>         [--notes-file <NOTES_FILE>]
>             File containing a comment/notes
>         [--log-file <LOG_FILE>]
> @@ -114,7 +117,7 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
>           std::process::exit(0);
>       }
>   
> -    let pbs_repository = args.value_from_str("--repository")?;
> +    let pbs_repository = args.opt_value_from_str("--repository")?;
>       let namespace = args.opt_value_from_str("--ns")?;
>       let vmid: Option<String> = args.opt_value_from_str("--vmid")?;
>       let backup_time: Option<i64> = args.opt_value_from_str("--backup-time")?;
> @@ -143,10 +146,22 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
>           bail!("unexpected extra arguments, use '-h' for usage");
>       }
>   
> +    let pbs_repository = match pbs_repository {
> +        Some(v) => v,
> +        None => match std::env::var("PBS_REPOSITORY") {
> +            Ok(v) => v,
> +            Err(NotPresent) => bail!("Repository not set. Use $PBS_REPOSITORY or --repository"),
> +            Err(NotUnicode(_)) => bail!("$PBS_REPOSITORY contains invalid unicode"),
> +        },
> +    };
> +
>       let fingerprint = match fingerprint {
>           Some(v) => v,
> -        None => std::env::var("PBS_FINGERPRINT")
> -            .context("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint")?,
> +        None => match std::env::var("PBS_FINGERPRINT") {
> +            Ok(v) => v,
> +            Err(NotPresent) => bail!("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint"),
> +            Err(NotUnicode(_)) => bail!("$PBS_FINGERPRINT contains invalid unicode"),
> +        },
>       };
>   
>       if forwarded_args.len() > 1 {
> @@ -155,30 +170,29 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
>   
>       let vma_file_path = forwarded_args.first();
>   
> -    let pbs_password = match password_file {
> -        Some(password_file) => {
> -            let mut password =
> -                std::fs::read_to_string(password_file).context("Could not read password file")?;
> +    let pbs_password = if let Some(password_file) = password_file {
> +        let mut password =
> +            std::fs::read_to_string(password_file).context("Could not read password file")?;
>   
> -            if password.ends_with('\n') || password.ends_with('\r') {
> +        if password.ends_with('\n') || password.ends_with('\r') {
> +            password.pop();
> +            if password.ends_with('\r') {
>                   password.pop();
> -                if password.ends_with('\r') {
> -                    password.pop();
> -                }
>               }
> -
> -            password
>           }
> -        None => {
> -            if vma_file_path.is_none() {
> -                bail!(
> -                    "Please use --password-file to provide the password \
> -                    when passing the VMA file to stdin"
> -                );
> -            }
>   
> -            String::from_utf8(tty::read_password("Password: ")?)?
> +        password
> +    } else if let Some(password) = get_secret_from_env("PBS_PASSWORD")? {
> +        password
> +    } else {
> +        if vma_file_path.is_none() {
> +            bail!(
> +                "Please use --password-file, $PBS_PASSWORD, $PBS_PASSWORD_FD, $PBS_PASSWORD_FILE, \
> +                or $PBS_PASSWORD_CMD to provide the password when passing the VMA file to stdin"
> +            );
>           }
> +
> +        String::from_utf8(tty::read_password("Password: ")?)?
>       };
>   
>       let key_password = if keyfile.is_some() {
> @@ -193,6 +207,8 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
>                   }
>               }
>   
> +            Some(key_password)
> +        } else if let Some(key_password) = get_secret_from_env("PBS_ENCRYPTION_PASSWORD")? {
>               Some(key_password)
>           } else if vma_file_path.is_none() {
>               log::info!(


_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel


      reply	other threads:[~2024-12-02 12:34 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-02 12:17 Filip Schauer
2024-12-02 12:34 ` Filip Schauer [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0b76e789-cd70-4047-b40c-4ff56425836a@proxmox.com \
    --to=f.schauer@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal