From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 2/5] api/api-types: sync: add sync encrypted/verified snapshots only flags
Date: Wed, 15 Jan 2025 15:15:44 +0100 [thread overview]
Message-ID: <20250115141547.376149-3-c.ebner@proxmox.com> (raw)
In-Reply-To: <20250115141547.376149-1-c.ebner@proxmox.com>
Add optional sync job config options to allow to include only
encrypted and/or verified backup snapshots, excluding others from the
sync.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
pbs-api-types/src/jobs.rs | 16 ++++++++++++++++
src/api2/config/sync.rs | 18 ++++++++++++++++++
src/api2/pull.rs | 17 ++++++++++++++++-
src/api2/push.rs | 15 ++++++++++++++-
src/server/pull.rs | 10 ++++++++++
src/server/push.rs | 10 ++++++++++
src/server/sync.rs | 2 ++
7 files changed, 86 insertions(+), 2 deletions(-)
diff --git a/pbs-api-types/src/jobs.rs b/pbs-api-types/src/jobs.rs
index 04631d920..a787ad33b 100644
--- a/pbs-api-types/src/jobs.rs
+++ b/pbs-api-types/src/jobs.rs
@@ -522,6 +522,10 @@ impl std::fmt::Display for SyncDirection {
pub const RESYNC_CORRUPT_SCHEMA: Schema =
BooleanSchema::new("If the verification failed for a local snapshot, try to pull it again.")
.schema();
+pub const SYNC_ENCRYPTED_ONLY_SCHEMA: Schema =
+ BooleanSchema::new("Only synchronize encrypted backup snapshots, exclude others.").schema();
+pub const SYNC_VERIFIED_ONLY_SCHEMA: Schema =
+ BooleanSchema::new("Only synchronize verified backup snapshots, exclude others.").schema();
#[api(
properties: {
@@ -581,6 +585,14 @@ pub const RESYNC_CORRUPT_SCHEMA: Schema =
schema: RESYNC_CORRUPT_SCHEMA,
optional: true,
},
+ "encrypted-only": {
+ schema: SYNC_ENCRYPTED_ONLY_SCHEMA,
+ optional: true,
+ },
+ "verified-only": {
+ schema: SYNC_VERIFIED_ONLY_SCHEMA,
+ optional: true,
+ },
"sync-direction": {
type: SyncDirection,
optional: true,
@@ -621,6 +633,10 @@ pub struct SyncJobConfig {
#[serde(skip_serializing_if = "Option::is_none")]
pub resync_corrupt: Option<bool>,
#[serde(skip_serializing_if = "Option::is_none")]
+ pub encrypted_only: Option<bool>,
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub verified_only: Option<bool>,
+ #[serde(skip_serializing_if = "Option::is_none")]
pub sync_direction: Option<SyncDirection>,
}
diff --git a/src/api2/config/sync.rs b/src/api2/config/sync.rs
index a8ea93465..6194d8653 100644
--- a/src/api2/config/sync.rs
+++ b/src/api2/config/sync.rs
@@ -335,6 +335,10 @@ pub enum DeletableProperty {
MaxDepth,
/// Delete the transfer_last property,
TransferLast,
+ /// Delete the encrypted_only property,
+ EncryptedOnly,
+ /// Delete the verified_only property,
+ VerifiedOnly,
/// Delete the sync_direction property,
SyncDirection,
}
@@ -448,6 +452,12 @@ pub fn update_sync_job(
DeletableProperty::TransferLast => {
data.transfer_last = None;
}
+ DeletableProperty::EncryptedOnly => {
+ data.encrypted_only = None;
+ }
+ DeletableProperty::VerifiedOnly => {
+ data.verified_only = None;
+ }
DeletableProperty::SyncDirection => {
data.sync_direction = None;
}
@@ -491,6 +501,12 @@ pub fn update_sync_job(
if let Some(resync_corrupt) = update.resync_corrupt {
data.resync_corrupt = Some(resync_corrupt);
}
+ if let Some(encrypted_only) = update.encrypted_only {
+ data.encrypted_only = Some(encrypted_only);
+ }
+ if let Some(verified_only) = update.verified_only {
+ data.verified_only = Some(verified_only);
+ }
if let Some(sync_direction) = update.sync_direction {
data.sync_direction = Some(sync_direction);
}
@@ -665,6 +681,8 @@ acl:1:/remote/remote1/remotestore1:write@pbs:RemoteSyncOperator
schedule: None,
limit: pbs_api_types::RateLimitConfig::default(), // no limit
transfer_last: None,
+ encrypted_only: None,
+ verified_only: None,
sync_direction: None, // use default
};
diff --git a/src/api2/pull.rs b/src/api2/pull.rs
index d8ed1a734..4b1fd5e60 100644
--- a/src/api2/pull.rs
+++ b/src/api2/pull.rs
@@ -10,7 +10,8 @@ use pbs_api_types::{
Authid, BackupNamespace, GroupFilter, RateLimitConfig, SyncJobConfig, DATASTORE_SCHEMA,
GROUP_FILTER_LIST_SCHEMA, NS_MAX_DEPTH_REDUCED_SCHEMA, PRIV_DATASTORE_BACKUP,
PRIV_DATASTORE_PRUNE, PRIV_REMOTE_READ, REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA,
- RESYNC_CORRUPT_SCHEMA, TRANSFER_LAST_SCHEMA,
+ RESYNC_CORRUPT_SCHEMA, SYNC_ENCRYPTED_ONLY_SCHEMA, SYNC_VERIFIED_ONLY_SCHEMA,
+ TRANSFER_LAST_SCHEMA,
};
use pbs_config::CachedUserInfo;
use proxmox_rest_server::WorkerTask;
@@ -87,6 +88,8 @@ impl TryFrom<&SyncJobConfig> for PullParameters {
sync_job.group_filter.clone(),
sync_job.limit.clone(),
sync_job.transfer_last,
+ sync_job.encrypted_only,
+ sync_job.verified_only,
sync_job.resync_corrupt,
)
}
@@ -133,6 +136,14 @@ impl TryFrom<&SyncJobConfig> for PullParameters {
schema: TRANSFER_LAST_SCHEMA,
optional: true,
},
+ "encrypted-only": {
+ schema: SYNC_ENCRYPTED_ONLY_SCHEMA,
+ optional: true,
+ },
+ "verified-only": {
+ schema: SYNC_VERIFIED_ONLY_SCHEMA,
+ optional: true,
+ },
"resync-corrupt": {
schema: RESYNC_CORRUPT_SCHEMA,
optional: true,
@@ -161,6 +172,8 @@ async fn pull(
group_filter: Option<Vec<GroupFilter>>,
limit: RateLimitConfig,
transfer_last: Option<usize>,
+ encrypted_only: Option<bool>,
+ verified_only: Option<bool>,
resync_corrupt: Option<bool>,
rpcenv: &mut dyn RpcEnvironment,
) -> Result<String, Error> {
@@ -199,6 +212,8 @@ async fn pull(
group_filter,
limit,
transfer_last,
+ encrypted_only,
+ verified_only,
resync_corrupt,
)?;
diff --git a/src/api2/push.rs b/src/api2/push.rs
index bf846bb37..e5edc13e0 100644
--- a/src/api2/push.rs
+++ b/src/api2/push.rs
@@ -5,7 +5,8 @@ use pbs_api_types::{
Authid, BackupNamespace, GroupFilter, RateLimitConfig, DATASTORE_SCHEMA,
GROUP_FILTER_LIST_SCHEMA, NS_MAX_DEPTH_REDUCED_SCHEMA, PRIV_DATASTORE_BACKUP,
PRIV_DATASTORE_READ, PRIV_REMOTE_DATASTORE_BACKUP, PRIV_REMOTE_DATASTORE_PRUNE,
- REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA, TRANSFER_LAST_SCHEMA,
+ REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA, SYNC_ENCRYPTED_ONLY_SCHEMA,
+ SYNC_VERIFIED_ONLY_SCHEMA, TRANSFER_LAST_SCHEMA,
};
use proxmox_rest_server::WorkerTask;
use proxmox_router::{Permission, Router, RpcEnvironment};
@@ -91,6 +92,14 @@ fn check_push_privs(
schema: GROUP_FILTER_LIST_SCHEMA,
optional: true,
},
+ "encrypted-only": {
+ schema: SYNC_ENCRYPTED_ONLY_SCHEMA,
+ optional: true,
+ },
+ "verified-only": {
+ schema: SYNC_VERIFIED_ONLY_SCHEMA,
+ optional: true,
+ },
limit: {
type: RateLimitConfig,
flatten: true,
@@ -120,6 +129,8 @@ async fn push(
remove_vanished: Option<bool>,
max_depth: Option<usize>,
group_filter: Option<Vec<GroupFilter>>,
+ encrypted_only: Option<bool>,
+ verified_only: Option<bool>,
limit: RateLimitConfig,
transfer_last: Option<usize>,
rpcenv: &mut dyn RpcEnvironment,
@@ -149,6 +160,8 @@ async fn push(
remove_vanished,
max_depth,
group_filter,
+ encrypted_only,
+ verified_only,
limit,
transfer_last,
)
diff --git a/src/server/pull.rs b/src/server/pull.rs
index 2c0ad9e1e..616d45eb9 100644
--- a/src/server/pull.rs
+++ b/src/server/pull.rs
@@ -55,6 +55,10 @@ pub(crate) struct PullParameters {
group_filter: Vec<GroupFilter>,
/// How many snapshots should be transferred at most (taking the newest N snapshots)
transfer_last: Option<usize>,
+ /// Only sync encrypted backup snapshots
+ encrypted_only: bool,
+ /// Only sync verified backup snapshots
+ verified_only: bool,
/// Whether to re-sync corrupted snapshots
resync_corrupt: bool,
}
@@ -74,6 +78,8 @@ impl PullParameters {
group_filter: Option<Vec<GroupFilter>>,
limit: RateLimitConfig,
transfer_last: Option<usize>,
+ encrypted_only: Option<bool>,
+ verified_only: Option<bool>,
resync_corrupt: Option<bool>,
) -> Result<Self, Error> {
if let Some(max_depth) = max_depth {
@@ -82,6 +88,8 @@ impl PullParameters {
};
let remove_vanished = remove_vanished.unwrap_or(false);
let resync_corrupt = resync_corrupt.unwrap_or(false);
+ let encrypted_only = encrypted_only.unwrap_or(false);
+ let verified_only = verified_only.unwrap_or(false);
let source: Arc<dyn SyncSource> = if let Some(remote) = remote {
let (remote_config, _digest) = pbs_config::remote::config()?;
@@ -120,6 +128,8 @@ impl PullParameters {
max_depth,
group_filter,
transfer_last,
+ encrypted_only,
+ verified_only,
resync_corrupt,
})
}
diff --git a/src/server/push.rs b/src/server/push.rs
index ec5455bd9..8ac6fbf37 100644
--- a/src/server/push.rs
+++ b/src/server/push.rs
@@ -73,6 +73,10 @@ pub(crate) struct PushParameters {
max_depth: Option<usize>,
/// Filters for reducing the push scope
group_filter: Vec<GroupFilter>,
+ /// Synchronize only encrypted backup snapshots
+ encrypted_only: bool,
+ /// Synchronize only verified backup snapshots
+ verified_only: bool,
/// How many snapshots should be transferred at most (taking the newest N snapshots)
transfer_last: Option<usize>,
}
@@ -90,6 +94,8 @@ impl PushParameters {
remove_vanished: Option<bool>,
max_depth: Option<usize>,
group_filter: Option<Vec<GroupFilter>>,
+ encrypted_only: Option<bool>,
+ verified_only: Option<bool>,
limit: RateLimitConfig,
transfer_last: Option<usize>,
) -> Result<Self, Error> {
@@ -98,6 +104,8 @@ impl PushParameters {
remote_ns.check_max_depth(max_depth)?;
};
let remove_vanished = remove_vanished.unwrap_or(false);
+ let encrypted_only = encrypted_only.unwrap_or(false);
+ let verified_only = verified_only.unwrap_or(false);
let store = DataStore::lookup_datastore(store, Some(Operation::Read))?;
if !store.namespace_exists(&ns) {
@@ -149,6 +157,8 @@ impl PushParameters {
remove_vanished,
max_depth,
group_filter,
+ encrypted_only,
+ verified_only,
transfer_last,
})
}
diff --git a/src/server/sync.rs b/src/server/sync.rs
index 0bd7a7a85..c42c0b160 100644
--- a/src/server/sync.rs
+++ b/src/server/sync.rs
@@ -671,6 +671,8 @@ pub fn do_sync_job(
sync_job.remove_vanished,
sync_job.max_depth,
sync_job.group_filter.clone(),
+ sync_job.encrypted_only,
+ sync_job.verified_only,
sync_job.limit.clone(),
sync_job.transfer_last,
)
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2025-01-15 14:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-15 14:15 [pbs-devel] [PATCH proxmox-backup 0/5] fix #6072: sync encrypted/verified snapshots only Christian Ebner
2025-01-15 14:15 ` [pbs-devel] [PATCH proxmox-backup 1/5] server: pull: refactor snapshot pull logic Christian Ebner
2025-01-15 14:15 ` Christian Ebner [this message]
2025-01-15 14:15 ` [pbs-devel] [PATCH proxmox-backup 3/5] fix #6072: server: sync encrypted or verified snapshots only Christian Ebner
2025-01-15 14:15 ` [pbs-devel] [PATCH proxmox-backup 4/5] bin: manager: expose encrypted/verified only flags for cli Christian Ebner
2025-01-15 14:15 ` [pbs-devel] [PATCH proxmox-backup 5/5] www: expose encrypted/verified only flags in the sync job edit Christian Ebner
2025-03-18 11:52 ` [pbs-devel] [PATCH proxmox-backup 0/5] fix #6072: sync encrypted/verified snapshots only Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250115141547.376149-3-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.