From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Stefan Sterz <s.sterz@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH proxmox-backup 1/2] fix #3853: api: add force option to tape key change-passphrase
Date: Wed, 9 Feb 2022 14:52:19 +0100 [thread overview]
Message-ID: <20220209135219.ytbpbw6ag2mqxhnu@wobu-vie.proxmox.com> (raw)
In-Reply-To: <20220207124825.1116194-1-s.sterz@proxmox.com>
On Mon, Feb 07, 2022 at 01:48:24PM +0100, Stefan Sterz wrote:
> When force is used, the current passphrase is not required. Instead
> it will be read from the file pointed to by TAPE_KEYS_FILENAME and
> the old key configuration will be overwritten using the new
> passphrase.
>
> Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
> ---
> src/api2/config/tape_encryption_keys.rs | 36 ++++++++++++++++++++++---
> 1 file changed, 33 insertions(+), 3 deletions(-)
>
> diff --git a/src/api2/config/tape_encryption_keys.rs b/src/api2/config/tape_encryption_keys.rs
> index 1ad99377..b31f741d 100644
> --- a/src/api2/config/tape_encryption_keys.rs
> +++ b/src/api2/config/tape_encryption_keys.rs
> @@ -70,6 +70,7 @@ pub fn list_keys(
> password: {
> description: "The current password.",
> min_length: 5,
> + optional: true,
> },
> "new-password": {
> description: "The new password.",
> @@ -78,6 +79,12 @@ pub fn list_keys(
> hint: {
> schema: PASSWORD_HINT_SCHEMA,
> },
> + force: {
> + optional: true,
> + type: bool,
> + description: "Don't ask for the old passphrase and overwrite it. Root only.",
"Root only.", but this seems to lack the actual permission check.
You seem to be doing this on the CLI side in the other patch, but that's
the wrong place for it, the API is what's reachable from the outside.
Also, as an HTTP API endpoint, "don't ask for the old passphrase" is a
bit of a weird description ;-)
prev parent reply other threads:[~2022-02-09 13:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-07 12:48 Stefan Sterz
2022-02-07 12:48 ` [pbs-devel] [PATCH proxmox-backup 2/2] fix #3853: tape cli: add force flag to " Stefan Sterz
2022-02-09 13:56 ` Wolfgang Bumiller
2022-02-07 14:58 ` [pbs-devel] [PATCH proxmox-backup 1/2] fix #3853: api: add force option to tape " Thomas Lamprecht
2022-02-07 16:14 ` Stefan Sterz
2022-02-08 15:26 ` Dominik Csapak
2022-02-08 15:30 ` Stefan Sterz
2022-02-09 15:54 ` Thomas Lamprecht
2022-02-09 13:52 ` Wolfgang Bumiller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220209135219.ytbpbw6ag2mqxhnu@wobu-vie.proxmox.com \
--to=w.bumiller@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
--cc=s.sterz@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox