From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.gruenbichler@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id A592E61AE0
 for <pbs-devel@lists.proxmox.com>; Thu, 22 Oct 2020 10:02:31 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 97FC41E1A1
 for <pbs-devel@lists.proxmox.com>; Thu, 22 Oct 2020 10:02:31 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id A3FCB1E196
 for <pbs-devel@lists.proxmox.com>; Thu, 22 Oct 2020 10:02:30 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 6751445ED4
 for <pbs-devel@lists.proxmox.com>; Thu, 22 Oct 2020 10:02:30 +0200 (CEST)
Date: Thu, 22 Oct 2020 10:02:23 +0200
From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= <f.gruenbichler@proxmox.com>
To: Proxmox Backup Server development discussion <pbs-devel@lists.proxmox.com>
References: <20201021140159.2250193-1-o.bektas@proxmox.com>
In-Reply-To: <20201021140159.2250193-1-o.bektas@proxmox.com>
MIME-Version: 1.0
User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid)
Message-Id: <1603353403.2oxwp8ptb8.astroid@nora.none>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.031 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [proxmox.com, datastore.rs, mod.rs]
Subject: Re: [pbs-devel] [PATCH proxmox-backup] add datastore info api call
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2020 08:02:31 -0000

On October 21, 2020 4:01 pm, Oguz Bektas wrote:
> to be able to copy/paste easily when adding a new PBS datastore remote
> in PVE
>=20
> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> ---
>  src/api2/admin/datastore.rs | 55 +++++++++++++++++++++++++++++++++++++
>  src/api2/types/mod.rs       | 23 ++++++++++++++++
>  2 files changed, 78 insertions(+)
>=20
> diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
> index 91ca3570..41059f98 100644
> --- a/src/api2/admin/datastore.rs
> +++ b/src/api2/admin/datastore.rs
> @@ -25,6 +25,7 @@ use pxar::EntryKind;
> =20
>  use crate::api2::types::*;
>  use crate::api2::node::rrd::create_value_from_rrd;
> +use crate::config::network::{self};
>  use crate::backup::*;
>  use crate::config::datastore;
>  use crate::config::cached_user_info::CachedUserInfo;
> @@ -36,6 +37,7 @@ use crate::tools::{
>      AsyncChannelWriter, AsyncReaderStream, WrappedReaderStream,
>  };
> =20
> +use crate::tools::cert::CertInfo;
>  use crate::config::acl::{
>      PRIV_DATASTORE_AUDIT,
>      PRIV_DATASTORE_MODIFY,
> @@ -448,6 +450,54 @@ pub fn status(
>      crate::tools::disks::disk_usage(&datastore.base_path())
>  }
> =20
> +#[api(
> +    input: {
> +        properties: {
> +            store: {
> +                schema: DATASTORE_SCHEMA,
> +            },
> +        },
> +    },
> +    returns: {
> +        type: DataStoreInfo,
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["datastore", "{store}"], PR=
IV_DATASTORE_READ, true),

why READ and not AUDIT | BACKUP ? why partial if you only pass a single=20
privilege?

> +    },
> +)]
> +/// Get information about the datastore.
> +///
> +/// Provides PBS node fingerprint, address and datastore name
> +pub fn info(
> +    store: String,
> +    _info: &ApiMethod,
> +    _rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<DataStoreInfo, Error> {
> +    let _datastore =3D DataStore::lookup_datastore(&store)?;
> +    let cert =3D CertInfo::new()?;
> +    let fingerprint =3D cert.fingerprint()?;
> +
> +    // get all possible interface IP addresses since there's
> +    // no explicit way to tell which is needed
> +    let (config, _) =3D network::config()?;
> +    let mut address_list =3D Vec::new();
> +    for (_ , interface) in config.interfaces.iter() {
> +        if let Some(cidr) =3D &interface.cidr {
> +            address_list.push(cidr.to_owned());
> +        }
> +    }

doesn't this leak information that the user would/should not have access=20
to? I mean, if I can do an API call I already have some way to reach the=20
PBS server and we could just default to that on the client side..=20
possibly it would make sense to declare some interface as the=20
'external/public' one and return that if configured, but just returning=20
all addresses of all interfaces seems a bit much..

> +
> +    let result_item =3D DataStoreInfo {
> +        name: store,
> +        address_list,
> +        fingerprint,
> +    };
> +
> +    Ok(result_item)
> +}
> +
> +
> +
>  #[api(
>      input: {
>          properties: {
> @@ -1673,6 +1723,11 @@ const DATASTORE_INFO_SUBDIRS: SubdirMap =3D &[
>          &Router::new()
>              .get(&API_METHOD_LIST_GROUPS)
>      ),
> +    (
> +        "info",
> +        &Router::new()
> +            .get(&API_METHOD_INFO)
> +    ),
>      (
>          "notes",
>          &Router::new()
> diff --git a/src/api2/types/mod.rs b/src/api2/types/mod.rs
> index f97db557..9e61f15c 100644
> --- a/src/api2/types/mod.rs
> +++ b/src/api2/types/mod.rs
> @@ -1070,3 +1070,26 @@ pub struct APTUpdateInfo {
>      /// URL under which the package's changelog can be retrieved
>      pub change_log_url: String,
>  }
> +
> +#[api(
> +    properties: {
> +        "address-list": {
> +            description: "List of IPs from node",
> +            type: Array,
> +            items: {
> +                description: "CIDR",
> +                type: String,
> +            },
> +        },
> +})]
> +#[derive(Serialize, Deserialize)]
> +#[serde(rename_all =3D "kebab-case")]
> +/// Necessary information for adding a remote
> +pub struct DataStoreInfo {
> +    /// Name of the datastore
> +    pub name: String,
> +    /// Available IP addresses from the node
> +    pub address_list: Vec<String>,
> +    /// x509 fingerprint of the node
> +    pub fingerprint: String,
> +}
> --=20
> 2.20.1
>=20
>=20
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>=20
>=20
>=20
=