From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 851511FF15F for ; Mon, 2 Dec 2024 13:34:49 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0C23616FCF; Mon, 2 Dec 2024 13:34:55 +0100 (CET) Message-ID: <0b76e789-cd70-4047-b40c-4ff56425836a@proxmox.com> Date: Mon, 2 Dec 2024 13:34:21 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: pbs-devel@lists.proxmox.com References: <20241202121726.83901-1-f.schauer@proxmox.com> Content-Language: en-US From: Filip Schauer In-Reply-To: <20241202121726.83901-1-f.schauer@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.026 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH vma-to-pbs] read args from environment variables as fallback X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Superseded by: https://lists.proxmox.com/pipermail/pbs-devel/2024-December/011956.html On 02/12/2024 13:17, Filip Schauer wrote: > Use the same environment variables that are used by > proxmox-backup-client: > * PBS_REPOSITORY > * PBS_PASSWORD(|_FD|_FILE|_CMD) > * PBS_ENCRYPTION_PASSWORD(|_FD|_FILE|_CMD) > > Signed-off-by: Filip Schauer > --- > src/main.rs | 66 +++++++++++++++++++++++++++++++++-------------------- > 1 file changed, 41 insertions(+), 25 deletions(-) > > diff --git a/src/main.rs b/src/main.rs > index f942a73..4c5bc1d 100644 > --- a/src/main.rs > +++ b/src/main.rs > @@ -1,4 +1,5 @@ > use std::collections::HashMap; > +use std::env::VarError::{NotPresent, NotUnicode}; > use std::ffi::OsString; > use std::fs::read_dir; > use std::io::{BufRead, BufReader, Write}; > @@ -7,6 +8,7 @@ use std::path::PathBuf; > use anyhow::{bail, Context, Error}; > use chrono::NaiveDateTime; > use env_logger::Target; > +use pbs_client::tools::get_secret_from_env; > use proxmox_sys::linux::tty; > use proxmox_time::epoch_i64; > use regex::Regex; > @@ -27,7 +29,7 @@ Arguments: > > Options: > --repository > - Repository URL > + Repository URL [env: PBS_REPOSITORY] > [--ns ] > Namespace > [--vmid ] > @@ -38,7 +40,7 @@ Options: > [--backup-time ] > Backup timestamp > --fingerprint > - Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT=] > + Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT] > --keyfile > Key file > --master-keyfile > @@ -48,9 +50,10 @@ Options: > -e, --encrypt > Encrypt the Backup > --password-file > - Password file > + Password file [env: PBS_PASSWORD, PBS_PASSWORD_FD, PBS_PASSWORD_FILE, PBS_PASSWORD_CMD] > --key-password-file > - Key password file > + Key password file [env: PBS_ENCRYPTION_PASSWORD, PBS_ENCRYPTION_PASSWORD_FD, > + PBS_ENCRYPTION_PASSWORD_FILE, PBS_ENCRYPTION_PASSWORD_CMD] > [--notes-file ] > File containing a comment/notes > [--log-file ] > @@ -114,7 +117,7 @@ fn parse_args() -> Result { > std::process::exit(0); > } > > - let pbs_repository = args.value_from_str("--repository")?; > + let pbs_repository = args.opt_value_from_str("--repository")?; > let namespace = args.opt_value_from_str("--ns")?; > let vmid: Option = args.opt_value_from_str("--vmid")?; > let backup_time: Option = args.opt_value_from_str("--backup-time")?; > @@ -143,10 +146,22 @@ fn parse_args() -> Result { > bail!("unexpected extra arguments, use '-h' for usage"); > } > > + let pbs_repository = match pbs_repository { > + Some(v) => v, > + None => match std::env::var("PBS_REPOSITORY") { > + Ok(v) => v, > + Err(NotPresent) => bail!("Repository not set. Use $PBS_REPOSITORY or --repository"), > + Err(NotUnicode(_)) => bail!("$PBS_REPOSITORY contains invalid unicode"), > + }, > + }; > + > let fingerprint = match fingerprint { > Some(v) => v, > - None => std::env::var("PBS_FINGERPRINT") > - .context("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint")?, > + None => match std::env::var("PBS_FINGERPRINT") { > + Ok(v) => v, > + Err(NotPresent) => bail!("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint"), > + Err(NotUnicode(_)) => bail!("$PBS_FINGERPRINT contains invalid unicode"), > + }, > }; > > if forwarded_args.len() > 1 { > @@ -155,30 +170,29 @@ fn parse_args() -> Result { > > let vma_file_path = forwarded_args.first(); > > - let pbs_password = match password_file { > - Some(password_file) => { > - let mut password = > - std::fs::read_to_string(password_file).context("Could not read password file")?; > + let pbs_password = if let Some(password_file) = password_file { > + let mut password = > + std::fs::read_to_string(password_file).context("Could not read password file")?; > > - if password.ends_with('\n') || password.ends_with('\r') { > + if password.ends_with('\n') || password.ends_with('\r') { > + password.pop(); > + if password.ends_with('\r') { > password.pop(); > - if password.ends_with('\r') { > - password.pop(); > - } > } > - > - password > } > - None => { > - if vma_file_path.is_none() { > - bail!( > - "Please use --password-file to provide the password \ > - when passing the VMA file to stdin" > - ); > - } > > - String::from_utf8(tty::read_password("Password: ")?)? > + password > + } else if let Some(password) = get_secret_from_env("PBS_PASSWORD")? { > + password > + } else { > + if vma_file_path.is_none() { > + bail!( > + "Please use --password-file, $PBS_PASSWORD, $PBS_PASSWORD_FD, $PBS_PASSWORD_FILE, \ > + or $PBS_PASSWORD_CMD to provide the password when passing the VMA file to stdin" > + ); > } > + > + String::from_utf8(tty::read_password("Password: ")?)? > }; > > let key_password = if keyfile.is_some() { > @@ -193,6 +207,8 @@ fn parse_args() -> Result { > } > } > > + Some(key_password) > + } else if let Some(key_password) = get_secret_from_env("PBS_ENCRYPTION_PASSWORD")? { > Some(key_password) > } else if vma_file_path.is_none() { > log::info!( _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel