From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Hannes Laimer <h.laimer@proxmox.com>, pbs-devel@lists.proxmox.com
Subject: Re: [PATCH proxmox-backup v7 5/9] api: add POST endpoint for move-group
Date: Mon, 20 Apr 2026 16:49:53 +0200 [thread overview]
Message-ID: <1776689393.b4yb3h91kk.astroid@yuna.none> (raw)
In-Reply-To: <20260416171830.266553-6-h.laimer@proxmox.com>
On April 16, 2026 7:18 pm, Hannes Laimer wrote:
> Add a dedicated /move-group endpoint for moving backup groups between
> namespaces within the same datastore.
>
> The permission model allows users with DATASTORE_PRUNE on the source
> and DATASTORE_BACKUP on the target namespace to move groups they own,
> without requiring full DATASTORE_MODIFY on both sides.
>
> Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
> ---
> src/api2/admin/datastore.rs | 105 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 105 insertions(+)
>
> diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
> index fcb81ec5..54895f2b 100644
> --- a/src/api2/admin/datastore.rs
> +++ b/src/api2/admin/datastore.rs
> @@ -280,6 +280,110 @@ pub async fn delete_group(
> .await?
> }
>
> +#[api(
> + input: {
> + properties: {
> + store: { schema: DATASTORE_SCHEMA },
> + ns: {
> + type: BackupNamespace,
> + optional: true,
> + },
> + group: {
> + type: pbs_api_types::BackupGroup,
> + flatten: true,
> + },
> + "target-ns": {
> + type: BackupNamespace,
> + optional: true,
> + },
> + "merge-group": {
> + type: bool,
> + optional: true,
> + default: true,
> + description: "If the group already exists in the target namespace, merge \
> + snapshots into it. Requires matching ownership and non-overlapping \
> + snapshot times.",
> + },
> + },
> + },
> + returns: {
> + schema: UPID_SCHEMA,
> + },
> + access: {
> + permission: &Permission::Anybody,
> + description: "Requires DATASTORE_MODIFY or DATASTORE_PRUNE (+ group ownership) on the \
> + source namespace and DATASTORE_MODIFY or DATASTORE_BACKUP (+ group ownership) on \
> + the target namespace.",
> + },
> +)]
> +/// Move a backup group to a different namespace within the same datastore.
> +pub fn move_group(
> + store: String,
> + ns: Option<BackupNamespace>,
> + group: pbs_api_types::BackupGroup,
> + target_ns: Option<BackupNamespace>,
> + merge_group: bool,
> + rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<Value, Error> {
> + let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> + let ns = ns.unwrap_or_default();
> + let target_ns = target_ns.unwrap_or_default();
> +
> + let source_limited = check_ns_privs_full(
> + &store,
> + &ns,
> + &auth_id,
> + PRIV_DATASTORE_MODIFY,
> + PRIV_DATASTORE_PRUNE,
> + )?;
> + let target_limited = check_ns_privs_full(
> + &store,
> + &target_ns,
> + &auth_id,
> + PRIV_DATASTORE_MODIFY,
> + PRIV_DATASTORE_BACKUP,
> + )?;
> +
> + let datastore = DataStore::lookup_datastore(lookup_with(&store, Operation::Write))?;
> +
> + if source_limited || target_limited {
> + let owner = datastore.get_owner(&ns, &group)?;
> + check_backup_owner(&owner, &auth_id)?;
> + }
> +
> + // Best-effort pre-checks for a fast synchronous error before spawning a worker.
> + if ns == target_ns {
> + bail!("source and target namespace must be different");
> + }
this check
> + if !datastore.namespace_exists(&target_ns) {
> + bail!("target namespace '{target_ns}' does not exist");
> + }
this check
> + let source_group = datastore.backup_group(ns.clone(), group.clone());
> + if !source_group.exists() {
> + bail!("group '{group}' does not exist in namespace '{ns}'");
> + }
and this check are all done right away again after forking the worker
(before locking), but not again after locking.. should we maybe have a
helper fn?
> + let target_group = datastore.backup_group(target_ns.clone(), group.clone());
> + if target_group.exists() && !merge_group {
> + bail!(
> + "group '{group}' already exists in target namespace '{target_ns}' \
> + and merge-group is disabled"
> + );
> + }
this one is checked again after locking only..
> +
> + let worker_id = format!("{store}:{ns}/{group}:{target_ns}");
> + let to_stdout = rpcenv.env_type() == RpcEnvironmentType::CLI;
> +
> + let upid_str = WorkerTask::new_thread(
> + "move-group",
> + Some(worker_id),
> + auth_id.to_string(),
> + to_stdout,
> + move |_worker| datastore.move_group(&ns, &group, &target_ns, merge_group),
> + )?;
> +
> + Ok(json!(upid_str))
> +}
> +
> #[api(
> input: {
> properties: {
> @@ -2852,6 +2956,7 @@ const DATASTORE_INFO_SUBDIRS: SubdirMap = &[
> .delete(&API_METHOD_DELETE_GROUP),
> ),
> ("mount", &Router::new().post(&API_METHOD_MOUNT)),
> + ("move-group", &Router::new().post(&API_METHOD_MOVE_GROUP)),
> (
> "namespace",
> // FIXME: move into datastore:: sub-module?!
> --
> 2.47.3
>
>
>
>
>
>
next prev parent reply other threads:[~2026-04-20 14:50 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-16 17:18 [PATCH proxmox-backup v7 0/9] fixes #6195: add support for moving groups and namespaces Hannes Laimer
2026-04-16 17:18 ` [PATCH proxmox-backup v7 1/9] ui: show empty groups Hannes Laimer
2026-04-16 17:18 ` [PATCH proxmox-backup v7 2/9] datastore: add move-group Hannes Laimer
2026-04-20 14:49 ` Fabian Grünbichler
2026-04-21 10:43 ` Hannes Laimer
2026-04-16 17:18 ` [PATCH proxmox-backup v7 3/9] datastore: add move-namespace Hannes Laimer
2026-04-20 14:49 ` Fabian Grünbichler
2026-04-16 17:18 ` [PATCH proxmox-backup v7 4/9] docs: add section on moving namespaces and groups Hannes Laimer
2026-04-16 17:18 ` [PATCH proxmox-backup v7 5/9] api: add POST endpoint for move-group Hannes Laimer
2026-04-20 14:49 ` Fabian Grünbichler [this message]
2026-04-16 17:18 ` [PATCH proxmox-backup v7 6/9] api: add POST endpoint for move-namespace Hannes Laimer
2026-04-16 17:18 ` [PATCH proxmox-backup v7 7/9] ui: add move group action Hannes Laimer
2026-04-16 17:18 ` [PATCH proxmox-backup v7 8/9] ui: add move namespace action Hannes Laimer
2026-04-16 17:18 ` [PATCH proxmox-backup v7 9/9] cli: add move-namespace and move-group commands Hannes Laimer
2026-04-20 15:02 ` [PATCH proxmox-backup v7 0/9] fixes #6195: add support for moving groups and namespaces Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1776689393.b4yb3h91kk.astroid@yuna.none \
--to=f.gruenbichler@proxmox.com \
--cc=h.laimer@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox