From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup v2 6/6] api: admin: datastore: implement streaming content api call
Date: Wed, 8 Oct 2025 15:43:36 +0200 [thread overview]
Message-ID: <20251008134344.3512958-8-d.csapak@proxmox.com> (raw)
In-Reply-To: <20251008134344.3512958-1-d.csapak@proxmox.com>
this is a new api call that utilizes `proxmox_router::Stream` to provide
a streaming interface to querying the datastore content.
This can be done when a client requests this api call with the
`application/json-seq` Accept header.
In contrast to the existing api calls, this one
* returns all types of content items (namespaces, groups, snapshots; can
be filtered with a parameter)
* iterates over them recursively (with the range that is given with the
parameter)
The api call returns the data in the following order:
* first all visible namespaces
* then for each ns in order
* each group
* each snapshot
This is done so that we can have a good way of building a tree view in
the ui.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
changes from v1:
* don't use a tokio::spawn around a 'spawn_blocking'
* don't use async-stream, but proxmox-router::Stream
* add new use statements from pbs_api_types in a new line
(makes the diff more readable..)
* remove content type filter from api call (can be done later still)
* return one level more for namespaces than given, otherwise
we'll list groups + snapshots for the levels, but not the existing
namespaces there
src/api2/admin/datastore.rs | 175 +++++++++++++++++++++++++++++++-----
1 file changed, 155 insertions(+), 20 deletions(-)
diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
index 643d1694b..811ee8713 100644
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@@ -23,7 +23,7 @@ use proxmox_compression::zstd::ZstdEncoder;
use proxmox_log::LogContext;
use proxmox_router::{
http_err, list_subdirs_api_method, ApiHandler, ApiMethod, ApiResponseFuture, Permission,
- Router, RpcEnvironment, RpcEnvironmentType, SubdirMap,
+ Record, Router, RpcEnvironment, RpcEnvironmentType, SubdirMap,
};
use proxmox_rrd_api_types::{RrdMode, RrdTimeframe};
use proxmox_schema::*;
@@ -49,6 +49,7 @@ use pbs_api_types::{
PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_MODIFY, PRIV_DATASTORE_PRUNE, PRIV_DATASTORE_READ,
PRIV_DATASTORE_VERIFY, PRIV_SYS_MODIFY, UPID, UPID_SCHEMA, VERIFICATION_OUTDATED_AFTER_SCHEMA,
};
+use pbs_api_types::{DatastoreContent, NamespaceListItem};
use pbs_client::pxar::{create_tar, create_zip};
use pbs_config::CachedUserInfo;
use pbs_datastore::backup_info::BackupInfo;
@@ -70,7 +71,10 @@ use proxmox_rest_server::{formatter, worker_is_active, WorkerTask};
use crate::api2::backup::optional_ns_param;
use crate::api2::node::rrd::create_value_from_rrd;
-use crate::backup::{check_ns_privs_full, ListAccessibleBackupGroups, VerifyWorker, NS_PRIVS_OK};
+use crate::backup::{
+ can_access_any_namespace_below, check_ns_privs, check_ns_privs_full,
+ ListAccessibleBackupGroups, VerifyWorker, NS_PRIVS_OK,
+};
use crate::server::jobstate::{compute_schedule_status, Job, JobState};
use crate::tools::{backup_info_to_snapshot_list_item, get_all_snapshot_files, read_backup_index};
@@ -387,7 +391,7 @@ pub async fn delete_snapshot(
}
#[api(
- serializing: true,
+ stream: true,
input: {
properties: {
store: { schema: DATASTORE_SCHEMA },
@@ -395,40 +399,125 @@ pub async fn delete_snapshot(
type: BackupNamespace,
optional: true,
},
- "backup-type": {
- optional: true,
- type: BackupType,
- },
- "backup-id": {
+ "max-depth": {
+ schema: NS_MAX_DEPTH_SCHEMA,
optional: true,
- schema: BACKUP_ID_SCHEMA,
},
},
},
- returns: pbs_api_types::ADMIN_DATASTORE_LIST_SNAPSHOTS_RETURN_TYPE,
access: {
permission: &Permission::Anybody,
description: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_AUDIT for any \
or DATASTORE_BACKUP and being the owner of the group",
},
)]
-/// List backup snapshots.
-pub async fn list_snapshots(
+/// List datastore content, recursively through all namespaces.
+pub async fn list_content(
store: String,
ns: Option<BackupNamespace>,
- backup_type: Option<BackupType>,
- backup_id: Option<String>,
+ max_depth: Option<usize>,
_param: Value,
_info: &ApiMethod,
rpcenv: &mut dyn RpcEnvironment,
-) -> Result<Vec<SnapshotListItem>, Error> {
+) -> Result<proxmox_router::Stream, Error> {
+ let (sender, receiver) = tokio::sync::mpsc::channel(128);
+
let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
+ let user_info = CachedUserInfo::new()?;
- tokio::task::spawn_blocking(move || unsafe {
- list_snapshots_blocking(store, ns, backup_type, backup_id, auth_id)
- })
- .await
- .map_err(|err| format_err!("failed to await blocking task: {err}"))?
+ let datastore = DataStore::lookup_datastore(&store, Some(Operation::Read))?;
+
+ // show one level of namespaces more than we use for group/snapshot list
+ let list_max_depth = max_depth.map(|depth| depth + 1);
+ if !can_access_any_namespace_below(
+ datastore.clone(),
+ &auth_id,
+ &user_info,
+ ns.clone(),
+ list_max_depth,
+ ) {
+ proxmox_router::http_bail!(FORBIDDEN, "permission check failed");
+ }
+
+ let ns = ns.unwrap_or_default();
+
+ tokio::task::spawn_blocking(move || {
+ for ns in datastore.recursive_iter_backup_ns_ok(ns.clone(), list_max_depth)? {
+ match check_ns_privs(&store, &ns, &auth_id, NS_PRIVS_OK) {
+ Ok(_) => sender.blocking_send(Record::new(DatastoreContent::from(
+ NamespaceListItem { ns, comment: None },
+ )))?,
+ // don't disclose errors about ns privileges, since that can be an info leak
+ Err(_) => continue,
+ }
+ }
+
+ for ns in datastore.recursive_iter_backup_ns_ok(ns, max_depth)? {
+ let list_all = match check_ns_privs_full(
+ &store,
+ &ns,
+ &auth_id,
+ PRIV_DATASTORE_AUDIT,
+ PRIV_DATASTORE_BACKUP,
+ ) {
+ Ok(requires_owner) => !requires_owner,
+ // don't disclose errors about ns privileges, since that can be an info leak
+ Err(_) => continue,
+ };
+ for group in datastore.iter_backup_groups(ns.clone())? {
+ let group = match group {
+ Ok(group) => group,
+ Err(err) => {
+ sender.blocking_send(Record::error(err))?;
+ continue;
+ }
+ };
+ let group = backup_group_to_group_list_item(
+ datastore.clone(),
+ group,
+ &ns,
+ &auth_id,
+ list_all,
+ );
+
+ if let Some(group) = group {
+ sender
+ .blocking_send(Record::new(DatastoreContent::from((ns.clone(), group))))?;
+ }
+ }
+
+ for group in datastore.iter_backup_groups(ns.clone())? {
+ let group = match group {
+ Ok(group) => group,
+ Err(err) => {
+ sender.blocking_send(Record::error(err))?;
+ continue;
+ }
+ };
+ let owner = match get_group_owner(&store, &ns, &group) {
+ Some(auth_id) => auth_id,
+ None => continue,
+ };
+ for backup_dir in group.iter_snapshots()? {
+ let backup_info = match backup_dir {
+ Ok(snap) => BackupInfo::new(snap)?,
+ Err(err) => {
+ sender.blocking_send(Record::error(err))?;
+ continue;
+ }
+ };
+ let snapshot = backup_info_to_snapshot_list_item(&backup_info, &owner);
+ sender.blocking_send(Record::new(DatastoreContent::from((
+ ns.clone(),
+ snapshot,
+ ))))?;
+ }
+ }
+ }
+ Ok::<_, Error>(())
+ });
+
+ Ok(ReceiverStream::new(receiver).into())
}
fn get_group_owner(
@@ -514,6 +603,51 @@ unsafe fn list_snapshots_blocking(
})
}
+#[api(
+ serializing: true,
+ input: {
+ properties: {
+ store: { schema: DATASTORE_SCHEMA },
+ ns: {
+ type: BackupNamespace,
+ optional: true,
+ },
+ "backup-type": {
+ optional: true,
+ type: BackupType,
+ },
+ "backup-id": {
+ optional: true,
+ schema: BACKUP_ID_SCHEMA,
+ },
+ },
+ },
+ returns: pbs_api_types::ADMIN_DATASTORE_LIST_SNAPSHOTS_RETURN_TYPE,
+ access: {
+ permission: &Permission::Anybody,
+ description: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_AUDIT for any \
+ or DATASTORE_BACKUP and being the owner of the group",
+ },
+)]
+/// List backup snapshots.
+pub async fn list_snapshots(
+ store: String,
+ ns: Option<BackupNamespace>,
+ backup_type: Option<BackupType>,
+ backup_id: Option<String>,
+ _param: Value,
+ _info: &ApiMethod,
+ rpcenv: &mut dyn RpcEnvironment,
+) -> Result<Vec<SnapshotListItem>, Error> {
+ let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
+
+ tokio::task::spawn_blocking(move || unsafe {
+ list_snapshots_blocking(store, ns, backup_type, backup_id, auth_id)
+ })
+ .await
+ .map_err(|err| format_err!("failed to await blocking task: {err}"))?
+}
+
async fn get_snapshots_count(
store: &Arc<DataStore>,
owner: Option<&Authid>,
@@ -2764,6 +2898,7 @@ const DATASTORE_INFO_SUBDIRS: SubdirMap = &[
"change-owner",
&Router::new().post(&API_METHOD_SET_BACKUP_OWNER),
),
+ ("content", &Router::new().get(&API_METHOD_LIST_CONTENT)),
(
"download",
&Router::new().download(&API_METHOD_DOWNLOAD_FILE),
--
2.47.3
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2025-10-08 13:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 13:43 [pbs-devel] [PATCH proxmox{, -backup} v2 0/7] introduce " Dominik Csapak
2025-10-08 13:43 ` [pbs-devel] [PATCH proxmox v2 1/1] pbs-api-types: add api types for " Dominik Csapak
2025-10-08 13:43 ` [pbs-devel] [PATCH proxmox-backup v2 1/6] backup: hierarchy: add new can_access_any_namespace_below helper Dominik Csapak
2025-10-08 20:57 ` [pbs-devel] applied: " Thomas Lamprecht
2025-10-08 13:43 ` [pbs-devel] [PATCH proxmox-backup v2 2/6] backup: hierarchy: reuse 'NS_PRIVS_OK' for namespace helper Dominik Csapak
2025-10-08 20:57 ` [pbs-devel] applied: " Thomas Lamprecht
2025-10-08 13:43 ` [pbs-devel] [PATCH proxmox-backup v2 3/6] api: admin: datastore: refactor BackupGroup to GroupListItem conversion Dominik Csapak
2025-10-08 20:57 ` [pbs-devel] applied: " Thomas Lamprecht
2025-10-08 13:43 ` [pbs-devel] [PATCH proxmox-backup v2 4/6] api: admin: datastore: factor out 'get_group_owner' Dominik Csapak
2025-10-08 20:57 ` [pbs-devel] applied: " Thomas Lamprecht
2025-10-08 13:43 ` [pbs-devel] [PATCH proxmox-backup v2 5/6] api: admin: datastore: optimize `groups` api call Dominik Csapak
2025-10-08 20:57 ` [pbs-devel] applied: " Thomas Lamprecht
2025-10-08 13:43 ` Dominik Csapak [this message]
2025-10-08 19:49 ` [pbs-devel] [PATCH proxmox-backup v2 6/6] api: admin: datastore: implement streaming content " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251008134344.3512958-8-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.