From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox-backup 08/12] api2/admin/datastore: add get/set_protection
Date: Thu, 16 Sep 2021 12:04:45 +0200 [thread overview]
Message-ID: <1631785922.5n9qsuqvpr.astroid@nora.none> (raw)
In-Reply-To: <<<20210906105755.2651203-9-d.csapak@proxmox.com>
On September 6, 2021 12:57 pm, Dominik Csapak wrote:
> for gettin/setting the protected flag for snapshots (akin to notes)
>
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
> src/api2/admin/datastore.rs | 101 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 101 insertions(+)
>
> diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
> index f88fd105..572c65a9 100644
> --- a/src/api2/admin/datastore.rs
> +++ b/src/api2/admin/datastore.rs
> @@ -1751,6 +1751,101 @@ pub fn set_notes(
> Ok(())
> }
>
> +#[api(
> + input: {
> + properties: {
> + store: {
> + schema: DATASTORE_SCHEMA,
> + },
> + "backup-type": {
> + schema: BACKUP_TYPE_SCHEMA,
> + },
> + "backup-id": {
> + schema: BACKUP_ID_SCHEMA,
> + },
> + "backup-time": {
> + schema: BACKUP_TIME_SCHEMA,
> + },
> + },
> + },
> + access: {
> + permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP, true),
> + },
> +)]
> +/// Query protection for a specific backup
> +pub fn get_protection(
> + store: String,
> + backup_type: String,
> + backup_id: String,
> + backup_time: i64,
> + rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<bool, Error> {
> + let datastore = DataStore::lookup_datastore(&store)?;
> +
> + let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> + let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
> +
> + check_priv_or_backup_owner(&datastore, backup_dir.group(), &auth_id, PRIV_DATASTORE_AUDIT)?;
> +
> + let protected_path = backup_dir.protected_file(datastore.base_path());
> +
> + Ok(protected_path.exists())
> +}
> +
> +#[api(
> + input: {
> + properties: {
> + store: {
> + schema: DATASTORE_SCHEMA,
> + },
> + "backup-type": {
> + schema: BACKUP_TYPE_SCHEMA,
> + },
> + "backup-id": {
> + schema: BACKUP_ID_SCHEMA,
> + },
> + "backup-time": {
> + schema: BACKUP_TIME_SCHEMA,
> + },
> + protected: {
> + description: "Enable/disable protection.",
protected is already part of the CLI schema and API path, maybe simply
'value' or 'enabled'?
> + },
> + },
> + },
> + access: {
> + permission: &Permission::Privilege(&["datastore", "{store}"],
> + PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_BACKUP,
> + true),
> + },
> +)]
> +/// En- or disable protection for a specific backup
> +pub fn set_protection(
> + store: String,
> + backup_type: String,
> + backup_id: String,
> + backup_time: i64,
> + protected: bool,
> + rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<(), Error> {
> + let datastore = DataStore::lookup_datastore(&store)?;
> +
> + let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> + let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
> +
> + check_priv_or_backup_owner(&datastore, backup_dir.group(), &auth_id, PRIV_DATASTORE_MODIFY)?;
> +
> + let protected_path = backup_dir.protected_file(datastore.base_path());
> + if protected {
> + std::fs::File::create(protected_path)
> + .map_err(|err| format_err!("could not create protection file: {}", err))?;
> + } else {
> + std::fs::remove_file(protected_path)
> + .map_err(|err| format_err!("could not remove protection file: {}", err))?;
> + }
this is modifying a file related to the snapdir, shouldn't this have
some sort of locking? to protect against other modifications of the
protection flag, but also other operations that might make decisions
based on the flag? haven't fully thought it through, but it seems to be
there might be something missing here..
e.g., setting/removing notes is guarded by the manifest update
mechanism, which does the locking.
> +
> + Ok(())
> +}
> +
> #[api(
> input: {
> properties: {
> @@ -1899,6 +1994,12 @@ const DATASTORE_INFO_SUBDIRS: SubdirMap = &[
> .get(&API_METHOD_GET_NOTES)
> .put(&API_METHOD_SET_NOTES)
> ),
> + (
> + "protected",
> + &Router::new()
> + .get(&API_METHOD_GET_PROTECTION)
> + .put(&API_METHOD_SET_PROTECTION)
> + ),
> (
> "prune",
> &Router::new()
> --
> 2.30.2
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>
>
>
next prev parent reply other threads:[~2021-09-16 10:05 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-06 10:57 [pbs-devel] [PATCH proxmox-backup 00/12] add 'protected' setting for snapshots Dominik Csapak
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 01/12] pbs-datastore: add protection info to BackupInfo Dominik Csapak
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 02/12] pbs-datastore: skip protected backups in pruning Dominik Csapak
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 03/12] add protected info of snapshots to api and task logs Dominik Csapak
[not found] ` <<20210906105755.2651203-4-d.csapak@proxmox.com>
2021-09-16 10:04 ` Fabian Grünbichler
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 04/12] tests/prune: add tests for protecteded backups Dominik Csapak
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 05/12] backup/datastore: prevent protected snapshots to be removed Dominik Csapak
[not found] ` <<20210906105755.2651203-6-d.csapak@proxmox.com>
2021-09-16 10:04 ` Fabian Grünbichler
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 06/12] pull_store/group: dont try remove locally protected snapshots Dominik Csapak
2021-09-16 10:08 ` Fabian Grünbichler
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 07/12] api2: datastore/delete_group: throw error for partially removed group Dominik Csapak
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 08/12] api2/admin/datastore: add get/set_protection Dominik Csapak
2021-09-10 12:43 ` Fabian Ebner
2021-09-13 8:34 ` Dominik Csapak
2021-09-16 10:16 ` Fabian Ebner
2021-09-17 12:02 ` Fabian Ebner
[not found] ` <<<20210906105755.2651203-9-d.csapak@proxmox.com>
2021-09-16 10:04 ` Fabian Grünbichler [this message]
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 09/12] proxmox-backup-client: add 'protected update command' Dominik Csapak
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 10/12] ui: PruneInputPanel: add keepReason 'protected' for protected backups Dominik Csapak
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 11/12] ui: add protected icon to snapshots Dominik Csapak
2021-09-06 10:57 ` [pbs-devel] [PATCH proxmox-backup 12/12] fix #3602: ui: datastore/Content: add action to set protection status Dominik Csapak
[not found] ` <<20210906105755.2651203-1-d.csapak@proxmox.com>
2021-09-16 10:08 ` [pbs-devel] [PATCH proxmox-backup 00/12] add 'protected' setting for snapshots Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1631785922.5n9qsuqvpr.astroid@nora.none \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox