From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox 1/6] pbs-api-types: sync job: add strict-encryption-mode
Date: Wed, 29 Apr 2026 16:09:22 +0200 [thread overview]
Message-ID: <20260429140941.3537494-2-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20260429140941.3537494-1-f.gruenbichler@proxmox.com>
this field restricts sync scope to not allow transferring encrypted snapshots
using non-matching encryption keys. this can be combined with `encrypted-only`
for pulling to ensure only matching encrypted snapshots are transferred,
excluding any non-encrypted or non-matching encrypted snapshots.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
pbs-api-types/src/jobs.rs | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/pbs-api-types/src/jobs.rs b/pbs-api-types/src/jobs.rs
index ac5dfa92..49eb084c 100644
--- a/pbs-api-types/src/jobs.rs
+++ b/pbs-api-types/src/jobs.rs
@@ -12,10 +12,10 @@ use proxmox_schema::*;
use crate::{
Authid, BackupNamespace, BackupType, NotificationMode, RateLimitConfig, Userid,
- BACKUP_GROUP_SCHEMA, BACKUP_NAMESPACE_SCHEMA, BACKUP_NS_RE, DATASTORE_SCHEMA,
- DRIVE_NAME_SCHEMA, CRYPT_KEY_ID_SCHEMA, MEDIA_POOL_NAME_SCHEMA,
- NS_MAX_DEPTH_REDUCED_SCHEMA, PROXMOX_SAFE_ID_FORMAT, PROXMOX_SAFE_ID_REGEX_STR,
- REMOTE_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA,
+ BACKUP_GROUP_SCHEMA, BACKUP_NAMESPACE_SCHEMA, BACKUP_NS_RE, CRYPT_KEY_ID_SCHEMA,
+ DATASTORE_SCHEMA, DRIVE_NAME_SCHEMA, MEDIA_POOL_NAME_SCHEMA, NS_MAX_DEPTH_REDUCED_SCHEMA,
+ PROXMOX_SAFE_ID_FORMAT, PROXMOX_SAFE_ID_REGEX_STR, REMOTE_ID_SCHEMA,
+ SINGLE_LINE_COMMENT_SCHEMA,
};
const_regex! {
@@ -591,6 +591,10 @@ pub const RUN_SYNC_ON_MOUNT_SCHEMA: Schema =
pub const UNMOUNT_ON_SYNC_DONE_SCHEMA: Schema =
BooleanSchema::new("Unmount involved removable datastore after the sync job finishes. Requires 'run-on-mount' to be enabled.")
.schema();
+pub const SYNC_STRICT_ENCRYPTION_MODE_SCHEMA: Schema = BooleanSchema::new(
+ "Do not allow syncing of pre-existing encrypted snapshots with unknown keys",
+)
+.schema();
#[api(
properties: {
@@ -686,6 +690,10 @@ pub const UNMOUNT_ON_SYNC_DONE_SCHEMA: Schema =
},
optional: true,
},
+ "strict-encryption-mode": {
+ schema: SYNC_STRICT_ENCRYPTION_MODE_SCHEMA,
+ optional: true,
+ }
}
)]
#[derive(Serialize, Deserialize, Clone, Updater, PartialEq)]
@@ -737,6 +745,8 @@ pub struct SyncJobConfig {
pub active_encryption_key: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub associated_key: Option<Vec<String>>,
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub strict_encryption_mode: Option<bool>,
}
impl SyncJobConfig {
--
2.47.3
next prev parent reply other threads:[~2026-04-29 14:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 14:09 [PATCH proxmox{,-backup} 0/6] sync: add strict encryption mode Fabian Grünbichler
2026-04-29 14:09 ` Fabian Grünbichler [this message]
2026-04-29 14:09 ` [PATCH proxmox-backup 2/6] pull: add support for strict decryption checking Fabian Grünbichler
2026-04-29 14:09 ` [PATCH proxmox-backup 3/6] push: add support for strict encryption checking Fabian Grünbichler
2026-04-29 14:09 ` [PATCH proxmox-backup 4/6] sync: wire up strict encryption mode Fabian Grünbichler
2026-04-29 14:09 ` [PATCH proxmox-backup 5/6] ui: add strict-encryption-mode to SyncJobEdit window Fabian Grünbichler
2026-04-29 14:09 ` [PATCH proxmox-backup 6/6] docs: sync: add strict encryption mode Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260429140941.3537494-2-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.