public inbox for pbs-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Filip Schauer <f.schauer@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH vma-to-pbs] read args from environment variables as fallback
Date: Mon, 2 Dec 2024 13:34:21 +0100	[thread overview]
Message-ID: <0b76e789-cd70-4047-b40c-4ff56425836a@proxmox.com> (raw)
In-Reply-To: <20241202121726.83901-1-f.schauer@proxmox.com>

Superseded by:
https://lists.proxmox.com/pipermail/pbs-devel/2024-December/011956.html

On 02/12/2024 13:17, Filip Schauer wrote:
> Use the same environment variables that are used by
> proxmox-backup-client:
> * PBS_REPOSITORY
> * PBS_PASSWORD(|_FD|_FILE|_CMD)
> * PBS_ENCRYPTION_PASSWORD(|_FD|_FILE|_CMD)
>
> Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
> ---
>   src/main.rs | 66 +++++++++++++++++++++++++++++++++--------------------
>   1 file changed, 41 insertions(+), 25 deletions(-)
>
> diff --git a/src/main.rs b/src/main.rs
> index f942a73..4c5bc1d 100644
> --- a/src/main.rs
> +++ b/src/main.rs
> @@ -1,4 +1,5 @@
>   use std::collections::HashMap;
> +use std::env::VarError::{NotPresent, NotUnicode};
>   use std::ffi::OsString;
>   use std::fs::read_dir;
>   use std::io::{BufRead, BufReader, Write};
> @@ -7,6 +8,7 @@ use std::path::PathBuf;
>   use anyhow::{bail, Context, Error};
>   use chrono::NaiveDateTime;
>   use env_logger::Target;
> +use pbs_client::tools::get_secret_from_env;
>   use proxmox_sys::linux::tty;
>   use proxmox_time::epoch_i64;
>   use regex::Regex;
> @@ -27,7 +29,7 @@ Arguments:
>   
>   Options:
>         --repository <auth_id@host:port:datastore>
> -          Repository URL
> +          Repository URL [env: PBS_REPOSITORY]
>         [--ns <NAMESPACE>]
>             Namespace
>         [--vmid <VMID>]
> @@ -38,7 +40,7 @@ Options:
>         [--backup-time <EPOCH>]
>             Backup timestamp
>         --fingerprint <FINGERPRINT>
> -          Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT=]
> +          Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT]
>         --keyfile <KEYFILE>
>             Key file
>         --master-keyfile <MASTER_KEYFILE>
> @@ -48,9 +50,10 @@ Options:
>     -e, --encrypt
>             Encrypt the Backup
>         --password-file <PASSWORD_FILE>
> -          Password file
> +          Password file [env: PBS_PASSWORD, PBS_PASSWORD_FD, PBS_PASSWORD_FILE, PBS_PASSWORD_CMD]
>         --key-password-file <KEY_PASSWORD_FILE>
> -          Key password file
> +          Key password file [env: PBS_ENCRYPTION_PASSWORD, PBS_ENCRYPTION_PASSWORD_FD,
> +                             PBS_ENCRYPTION_PASSWORD_FILE, PBS_ENCRYPTION_PASSWORD_CMD]
>         [--notes-file <NOTES_FILE>]
>             File containing a comment/notes
>         [--log-file <LOG_FILE>]
> @@ -114,7 +117,7 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
>           std::process::exit(0);
>       }
>   
> -    let pbs_repository = args.value_from_str("--repository")?;
> +    let pbs_repository = args.opt_value_from_str("--repository")?;
>       let namespace = args.opt_value_from_str("--ns")?;
>       let vmid: Option<String> = args.opt_value_from_str("--vmid")?;
>       let backup_time: Option<i64> = args.opt_value_from_str("--backup-time")?;
> @@ -143,10 +146,22 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
>           bail!("unexpected extra arguments, use '-h' for usage");
>       }
>   
> +    let pbs_repository = match pbs_repository {
> +        Some(v) => v,
> +        None => match std::env::var("PBS_REPOSITORY") {
> +            Ok(v) => v,
> +            Err(NotPresent) => bail!("Repository not set. Use $PBS_REPOSITORY or --repository"),
> +            Err(NotUnicode(_)) => bail!("$PBS_REPOSITORY contains invalid unicode"),
> +        },
> +    };
> +
>       let fingerprint = match fingerprint {
>           Some(v) => v,
> -        None => std::env::var("PBS_FINGERPRINT")
> -            .context("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint")?,
> +        None => match std::env::var("PBS_FINGERPRINT") {
> +            Ok(v) => v,
> +            Err(NotPresent) => bail!("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint"),
> +            Err(NotUnicode(_)) => bail!("$PBS_FINGERPRINT contains invalid unicode"),
> +        },
>       };
>   
>       if forwarded_args.len() > 1 {
> @@ -155,30 +170,29 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
>   
>       let vma_file_path = forwarded_args.first();
>   
> -    let pbs_password = match password_file {
> -        Some(password_file) => {
> -            let mut password =
> -                std::fs::read_to_string(password_file).context("Could not read password file")?;
> +    let pbs_password = if let Some(password_file) = password_file {
> +        let mut password =
> +            std::fs::read_to_string(password_file).context("Could not read password file")?;
>   
> -            if password.ends_with('\n') || password.ends_with('\r') {
> +        if password.ends_with('\n') || password.ends_with('\r') {
> +            password.pop();
> +            if password.ends_with('\r') {
>                   password.pop();
> -                if password.ends_with('\r') {
> -                    password.pop();
> -                }
>               }
> -
> -            password
>           }
> -        None => {
> -            if vma_file_path.is_none() {
> -                bail!(
> -                    "Please use --password-file to provide the password \
> -                    when passing the VMA file to stdin"
> -                );
> -            }
>   
> -            String::from_utf8(tty::read_password("Password: ")?)?
> +        password
> +    } else if let Some(password) = get_secret_from_env("PBS_PASSWORD")? {
> +        password
> +    } else {
> +        if vma_file_path.is_none() {
> +            bail!(
> +                "Please use --password-file, $PBS_PASSWORD, $PBS_PASSWORD_FD, $PBS_PASSWORD_FILE, \
> +                or $PBS_PASSWORD_CMD to provide the password when passing the VMA file to stdin"
> +            );
>           }
> +
> +        String::from_utf8(tty::read_password("Password: ")?)?
>       };
>   
>       let key_password = if keyfile.is_some() {
> @@ -193,6 +207,8 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
>                   }
>               }
>   
> +            Some(key_password)
> +        } else if let Some(key_password) = get_secret_from_env("PBS_ENCRYPTION_PASSWORD")? {
>               Some(key_password)
>           } else if vma_file_path.is_none() {
>               log::info!(


_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel


      reply	other threads:[~2024-12-02 12:34 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-02 12:17 Filip Schauer
2024-12-02 12:34 ` Filip Schauer [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0b76e789-cd70-4047-b40c-4ff56425836a@proxmox.com \
    --to=f.schauer@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal