From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "Proxmox Backup Server development discussion"
<pbs-devel@lists.proxmox.com>,
"Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox-backup 3/4] api: refactor remote client and add remote scan
Date: Thu, 5 Nov 2020 10:03:08 +0100 [thread overview]
Message-ID: <aa0fb139-633c-5430-08bc-38b9d01d131c@proxmox.com> (raw)
In-Reply-To: <1604561929.s6xxo0fncs.astroid@nora.none>
On 05.11.20 08:42, Fabian Grünbichler wrote:
> On November 4, 2020 5:57 pm, Thomas Lamprecht wrote:
>> On 04.11.20 14:10, Fabian Grünbichler wrote:
>>> to allow on-demand scanning of remote datastores accessible for the
>>> configured remote user.
>>>
>>> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
>>> ---
>>>
>>> Notes:
>>> not 100% sure about PRIV_REMOTE_AUDIT vs PRIV_REMOTE_READ.. the latter is required to use a datastore for syncing/pull purposes
>>
>> you are not syncing here, so why should the permissions required for
>> that matter, when getting a general list of datastores of a remote?
> because the only thing that a remote datastore can currently be used for
> is syncing ;) but I am fine with AUDIT as well, I just wanted to mention
> it.
yes, but just because it will be used for that now, it still has not anything
to do with that directly - so I'd see it just as it's own thing, datastore
scanner - with no opinion on what the user wants to do with that.
>
>> If, that would be an extra filter param to set.
>>
>> I setup a remote with a token, got ->
>> GET /api2/json/config/remote/tuxis/scan: 401 Unauthorized: [client [::ffff:192.168.16.38]:47544] authentication failed - invalid user name in user id
> I think (as we discussed directly) this was an artifact of version
> mismatch?
>
>>> src/api2/config/remote.rs | 66 ++++++++++++++++++++++++++++++-
>>> src/api2/pull.rs | 12 +-----
>>> src/bin/proxmox-backup-manager.rs | 26 +++---------
>>> 3 files changed, 71 insertions(+), 33 deletions(-)
>>>
>>> diff --git a/src/api2/config/remote.rs b/src/api2/config/remote.rs
>>> index ffbba1d2..b415f63d 100644
>>> --- a/src/api2/config/remote.rs
>>> +++ b/src/api2/config/remote.rs
>>> @@ -1,4 +1,4 @@
>>> -use anyhow::{bail, Error};
>>> +use anyhow::{bail, format_err, Error};
>>> use serde_json::Value;
>>> use ::serde::{Deserialize, Serialize};
>>>
>>> @@ -6,6 +6,7 @@ use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
>>> use proxmox::tools::fs::open_file_locked;
>>>
>>> use crate::api2::types::*;
>>> +use crate::client::{HttpClient, HttpClientOptions};
>>> use crate::config::cached_user_info::CachedUserInfo;
>>> use crate::config::remote;
>>> use crate::config::acl::{PRIV_REMOTE_AUDIT, PRIV_REMOTE_MODIFY};
>>> @@ -301,10 +302,71 @@ pub fn delete_remote(name: String, digest: Option<String>) -> Result<(), Error>
>>> Ok(())
>>> }
>>>
>>> +/// Helper to get client for remote.cfg entry
>>> +pub async fn remote_client(remote: remote::Remote) -> Result<HttpClient, Error> {
>>> + let options = HttpClientOptions::new()
>>> + .password(Some(remote.password.clone()))
>>> + .fingerprint(remote.fingerprint.clone());
>>> +
>>> + let client = HttpClient::new(
>>> + &remote.host,
>>> + remote.port.unwrap_or(8007),
>>> + &remote.userid,
>> sure about userid, shouldn't this be authid or is that the same here?
>> At least would explain the error I get..
> the field in the config is called userid, it contains an Authid
> (renaming would require postinst fixup, but if you want I can send a
> patch for switching it over).
>
it's a bit confusing, but that's it, was probably more confused in the light
of the outdated server at the other end.. So sorry for the noise :)
next prev parent reply other threads:[~2020-11-05 9:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-04 13:10 [pbs-devel] [PATCH proxmox-backup 1/4] www: don't default to hourly sync job schedule Fabian Grünbichler
2020-11-04 13:10 ` [pbs-devel] [PATCH proxmox-backup 2/4] types: extract DataStoreListItem Fabian Grünbichler
2020-11-04 13:10 ` [pbs-devel] [PATCH proxmox-backup 3/4] api: refactor remote client and add remote scan Fabian Grünbichler
2020-11-04 16:57 ` Thomas Lamprecht
2020-11-05 7:42 ` Fabian Grünbichler
2020-11-05 9:03 ` Thomas Lamprecht [this message]
2020-11-04 17:12 ` Thomas Lamprecht
2020-11-05 7:43 ` Fabian Grünbichler
2020-11-05 8:58 ` Thomas Lamprecht
2020-11-04 13:10 ` [pbs-devel] [PATCH proxmox-backup 4/4] www: add remote store selector Fabian Grünbichler
2020-11-04 13:42 ` [pbs-devel] [PATCH proxmox-backup 1/4] www: don't default to hourly sync job schedule Thomas Lamprecht
[not found] ` <dce0d21f-20dc-5443-bbb0-6b6f5be73e43@proxmox.com>
[not found] ` <1604497203.f21gwhaa55.astroid@nora.none>
2020-11-04 17:03 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aa0fb139-633c-5430-08bc-38b9d01d131c@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.