[PATCH proxmox-backup v2 09/10] api: config: unlocked s3 bucket access check for datastore creation

[Christian Ebner <c.ebner@proxmox.com>]

The bucket access check performed when creating a new datastore with
s3 backend can theoretically block up to the set s3 client request
timeout of 30 min. It is not acceptable to hold the config lock for
this long, effectively blocking configuration access for unrelated
datastores.

Move the check to the start so it is performed before even locking
the config.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
 src/api2/config/datastore.rs | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/api2/config/datastore.rs b/src/api2/config/datastore.rs
index fe8e641a3..3061219ae 100644
--- a/src/api2/config/datastore.rs
+++ b/src/api2/config/datastore.rs
@@ -169,6 +169,13 @@ pub fn create_datastore(
     overwrite_in_use: bool,
     rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<String, Error> {
+    let (backend, s3_client) = DataStore::s3_client_and_backend_from_datastore_config(&config)?;
+    if let Some(s3_client) = s3_client {
+        proxmox_async::runtime::block_on(s3_client.head_bucket())
+            .context("failed to access bucket")
+            .map_err(|err| format_err!("{err:#}"))?;
+    }
+
     let lock = pbs_config::datastore::lock_config()?;
 
     let (section_config, _digest) = pbs_config::datastore::config()?;
@@ -233,13 +240,6 @@ pub fn create_datastore(
 
     let store_name = config.name.to_string();
 
-    let (backend, s3_client) = DataStore::s3_client_and_backend_from_datastore_config(&config)?;
-    if let Some(s3_client) = s3_client {
-        proxmox_async::runtime::block_on(s3_client.head_bucket())
-            .context("failed to access bucket")
-            .map_err(|err| format_err!("{err:#}"))?;
-    }
-
     WorkerTask::new_thread(
         "create-datastore",
         Some(store_name.clone()),
-- 
2.47.3