Re: [pbs-devel] [PATCH proxmox-backup 1/4] fix 3296: add api endpoint for set, get, rm proxy

[Dietmar Maurer <dietmar@proxmox.com>]

First, after applying this patch, the code does not compile. Seems it 
depends
on the next patch. This is bad, because it can break git bisect testing...

Also, I am not sure if we need "src/api2/config/node.rs" at all, because we
already have "src/api2/node/config.rs"

Anyways, more comments inline:

On 5/7/21 12:53 PM, Dylan Whyte wrote:
> adds command line options to proxmox-backup-manager and api endpoint
> for managing http proxy server, through a set of 'node' options
>
> Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
> ---
>   src/api2/config.rs                     |   2 +
>   src/api2/config/node.rs                | 102 +++++++++++++++++++++++++
>   src/bin/proxmox-backup-manager.rs      |   1 +
>   src/bin/proxmox_backup_manager/mod.rs  |   2 +
>   src/bin/proxmox_backup_manager/node.rs |  59 ++++++++++++++
>   5 files changed, 166 insertions(+)
>   create mode 100644 src/api2/config/node.rs
>   create mode 100644 src/bin/proxmox_backup_manager/node.rs
>
> diff --git a/src/api2/config.rs b/src/api2/config.rs
> index 9befa0e5..20ab0f58 100644
> --- a/src/api2/config.rs
> +++ b/src/api2/config.rs
> @@ -14,6 +14,7 @@ pub mod changer;
>   pub mod media_pool;
>   pub mod tape_encryption_keys;
>   pub mod tape_backup_job;
> +pub mod node;
>   
>   const SUBDIRS: SubdirMap = &[
>       ("access", &access::ROUTER),
> @@ -22,6 +23,7 @@ const SUBDIRS: SubdirMap = &[
>       ("datastore", &datastore::ROUTER),
>       ("drive", &drive::ROUTER),
>       ("media-pool", &media_pool::ROUTER),
> +    ("node", &node::ROUTER),
>       ("remote", &remote::ROUTER),
>       ("sync", &sync::ROUTER),
>       ("tape-backup-job", &tape_backup_job::ROUTER),
> diff --git a/src/api2/config/node.rs b/src/api2/config/node.rs
> new file mode 100644
> index 00000000..ee1f6fcc
> --- /dev/null
> +++ b/src/api2/config/node.rs
> @@ -0,0 +1,102 @@
> +use anyhow::Error;
> +use openssl::sha;
> +use serde_json::{json, Value};
> +
> +
> +use proxmox::tools::fs::file_get_contents;
> +use proxmox::api::{
> +    api,
> +    Router,
> +    Permission
> +};
> +
> +use crate::api2::types::HTTP_PROXY_SCHEMA;
> +use crate::config::node;
> +use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
> +
> +static NODE_CONF_FN: &str = "/etc/proxmox-backup/node.cfg";
> +
> +#[api(
> +    returns: {
> +        description: "Returns the proxy address in use by the server",
> +        type: Object,
> +        properties: {
> +            http_proxy: {
> +                schema: HTTP_PROXY_SCHEMA,
> +            },

Why do we return an Object here. And why is the property not optional?

> +        },
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["system"], PRIV_SYS_AUDIT, false),
> +    }
> +
> +)]
> +/// Get the proxy address in use, if it exists
> +pub fn get_proxy() -> Result<Value, Error> {
> +    let mut result = json!({});
> +
> +    let raw = file_get_contents(NODE_CONF_FN)?;
> +
> +    result["digest"] = Value::from(proxmox::tools::digest_to_hex(&sha::sha256(&raw)));
> +

We already have code to read that file. Please node::config()

> +    let data = String::from_utf8(raw)?;
> +
> +    let prefix = "http_proxy:";
> +    for line in data.lines() {
> +        if line.starts_with(prefix) {
> +            let line = line.strip_prefix(prefix).unwrap_or("");
> +            result["http_proxy"] = Value::from(line);
> +            break;
> +        }
> +    }
> +
> +    Ok(result)
> +}
> +
> +#[api(
> +    input: {
> +        properties: {
> +            address: {
> +                schema: HTTP_PROXY_SCHEMA,
> +            },
> +        },
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["system"], PRIV_SYS_MODIFY, false),
> +    }
> +)]
> +/// Set a proxy for the backup server
> +pub fn set_proxy(address: String) -> Result<(), Error> {
> +	let _lock = node::lock();
> +
> +	let (mut config, _digest) = node::config()?;
> +
> +    config.set_proxy(Some(address));
> +
> +	node::save_config(&config)?;
> +
> +    Ok(())
> +}
> +
> +#[api(
> +    access: {
> +        permission: &Permission::Privilege(&["system"], PRIV_SYS_MODIFY, false),
> +    }
> +)]
> +/// Unset proxy configuration
> +pub fn delete_proxy() -> Result<(), Error> {
> +    let _lock = node::lock();
> +
> +	let (mut config, _digest) = node::config()?;
> +
> +    config.set_proxy(None);
> +
> +    node::save_config(&config)?;
> +
> +    Ok(())
> +}
> +
> +pub const ROUTER: Router = Router::new()
> +    .get(&API_METHOD_GET_PROXY)
> +    .post(&API_METHOD_SET_PROXY)
> +    .delete(&API_METHOD_DELETE_PROXY);
> diff --git a/src/bin/proxmox-backup-manager.rs b/src/bin/proxmox-backup-manager.rs
> index 522c800e..c3806a31 100644
> --- a/src/bin/proxmox-backup-manager.rs
> +++ b/src/bin/proxmox-backup-manager.rs
> @@ -352,6 +352,7 @@ fn main() {
>           .insert("disk", disk_commands())
>           .insert("dns", dns_commands())
>           .insert("network", network_commands())
> +        .insert("node", node_commands())
>           .insert("user", user_commands())
>           .insert("remote", remote_commands())
>           .insert("garbage-collection", garbage_collection_commands())
> diff --git a/src/bin/proxmox_backup_manager/mod.rs b/src/bin/proxmox_backup_manager/mod.rs
> index e574e4d4..21004bbe 100644
> --- a/src/bin/proxmox_backup_manager/mod.rs
> +++ b/src/bin/proxmox_backup_manager/mod.rs
> @@ -22,3 +22,5 @@ mod subscription;
>   pub use subscription::*;
>   mod disk;
>   pub use disk::*;
> +mod node;
> +pub use node::*;
> diff --git a/src/bin/proxmox_backup_manager/node.rs b/src/bin/proxmox_backup_manager/node.rs
> new file mode 100644
> index 00000000..57cf3222
> --- /dev/null
> +++ b/src/bin/proxmox_backup_manager/node.rs
> @@ -0,0 +1,59 @@
> +use proxmox::api::{api, cli::*, ApiHandler, RpcEnvironment};
> +use anyhow::Error;
> +use serde_json::Value;
> +
> +use proxmox_backup::api2;
> +
> +pub fn node_commands() -> CommandLineInterface {
> +    let cmd_def = CliCommandMap::new()
> +        .insert("proxy", proxy_cli()
> +    );
> +
> +    cmd_def.into()
> +}
> +
> +#[api(
> +    input: {
> +        properties: {
> +            "output-format": {
> +                schema: OUTPUT_FORMAT,
> +                optional: true,
> +            },
> +        }
> +    }
> +)]
> +/// Read proxy address
> +fn get_proxy(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, Error> {
> +
> +    let output_format = get_output_format(&param);
> +
> +    let info = &api2::config::node::API_METHOD_GET_PROXY;
> +    let mut data = match info.handler {
> +        ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?,
> +        _ => unreachable!(),
> +    };
> +
> +    let options = default_table_format_options()
> +        .column(ColumnConfig::new("http_proxy"));
> +
> +    format_and_print_result_full(&mut data, &info.returns, &output_format, &options);
> +
> +    Ok(Value::Null)
> +}
> +
> +pub fn proxy_cli() -> CommandLineInterface {
> +    let cmd_def = CliCommandMap::new()
> +        .insert("get",
> +            CliCommand::new(&API_METHOD_GET_PROXY)
> +        )
> +        .insert("set",
> +            CliCommand::new(&api2::config::node::API_METHOD_SET_PROXY)
> +            .arg_param(&["address"])
> +        )
> +        .insert("delete",
> +            CliCommand::new(&api2::config::node::API_METHOD_DELETE_PROXY)
> +        );
> +
> +    cmd_def.into()
> +}
> +