From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 39A981FF15F for ; Mon, 2 Dec 2024 13:17:58 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C231916833; Mon, 2 Dec 2024 13:18:02 +0100 (CET) From: Filip Schauer To: pbs-devel@lists.proxmox.com Date: Mon, 2 Dec 2024 13:17:26 +0100 Message-Id: <20241202121726.83901-1-f.schauer@proxmox.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.028 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH vma-to-pbs] read args from environment variables as fallback X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Use the same environment variables that are used by proxmox-backup-client: * PBS_REPOSITORY * PBS_PASSWORD(|_FD|_FILE|_CMD) * PBS_ENCRYPTION_PASSWORD(|_FD|_FILE|_CMD) Signed-off-by: Filip Schauer --- src/main.rs | 66 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 25 deletions(-) diff --git a/src/main.rs b/src/main.rs index f942a73..4c5bc1d 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,4 +1,5 @@ use std::collections::HashMap; +use std::env::VarError::{NotPresent, NotUnicode}; use std::ffi::OsString; use std::fs::read_dir; use std::io::{BufRead, BufReader, Write}; @@ -7,6 +8,7 @@ use std::path::PathBuf; use anyhow::{bail, Context, Error}; use chrono::NaiveDateTime; use env_logger::Target; +use pbs_client::tools::get_secret_from_env; use proxmox_sys::linux::tty; use proxmox_time::epoch_i64; use regex::Regex; @@ -27,7 +29,7 @@ Arguments: Options: --repository - Repository URL + Repository URL [env: PBS_REPOSITORY] [--ns ] Namespace [--vmid ] @@ -38,7 +40,7 @@ Options: [--backup-time ] Backup timestamp --fingerprint - Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT=] + Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT] --keyfile Key file --master-keyfile @@ -48,9 +50,10 @@ Options: -e, --encrypt Encrypt the Backup --password-file - Password file + Password file [env: PBS_PASSWORD, PBS_PASSWORD_FD, PBS_PASSWORD_FILE, PBS_PASSWORD_CMD] --key-password-file - Key password file + Key password file [env: PBS_ENCRYPTION_PASSWORD, PBS_ENCRYPTION_PASSWORD_FD, + PBS_ENCRYPTION_PASSWORD_FILE, PBS_ENCRYPTION_PASSWORD_CMD] [--notes-file ] File containing a comment/notes [--log-file ] @@ -114,7 +117,7 @@ fn parse_args() -> Result { std::process::exit(0); } - let pbs_repository = args.value_from_str("--repository")?; + let pbs_repository = args.opt_value_from_str("--repository")?; let namespace = args.opt_value_from_str("--ns")?; let vmid: Option = args.opt_value_from_str("--vmid")?; let backup_time: Option = args.opt_value_from_str("--backup-time")?; @@ -143,10 +146,22 @@ fn parse_args() -> Result { bail!("unexpected extra arguments, use '-h' for usage"); } + let pbs_repository = match pbs_repository { + Some(v) => v, + None => match std::env::var("PBS_REPOSITORY") { + Ok(v) => v, + Err(NotPresent) => bail!("Repository not set. Use $PBS_REPOSITORY or --repository"), + Err(NotUnicode(_)) => bail!("$PBS_REPOSITORY contains invalid unicode"), + }, + }; + let fingerprint = match fingerprint { Some(v) => v, - None => std::env::var("PBS_FINGERPRINT") - .context("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint")?, + None => match std::env::var("PBS_FINGERPRINT") { + Ok(v) => v, + Err(NotPresent) => bail!("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint"), + Err(NotUnicode(_)) => bail!("$PBS_FINGERPRINT contains invalid unicode"), + }, }; if forwarded_args.len() > 1 { @@ -155,30 +170,29 @@ fn parse_args() -> Result { let vma_file_path = forwarded_args.first(); - let pbs_password = match password_file { - Some(password_file) => { - let mut password = - std::fs::read_to_string(password_file).context("Could not read password file")?; + let pbs_password = if let Some(password_file) = password_file { + let mut password = + std::fs::read_to_string(password_file).context("Could not read password file")?; - if password.ends_with('\n') || password.ends_with('\r') { + if password.ends_with('\n') || password.ends_with('\r') { + password.pop(); + if password.ends_with('\r') { password.pop(); - if password.ends_with('\r') { - password.pop(); - } } - - password } - None => { - if vma_file_path.is_none() { - bail!( - "Please use --password-file to provide the password \ - when passing the VMA file to stdin" - ); - } - String::from_utf8(tty::read_password("Password: ")?)? + password + } else if let Some(password) = get_secret_from_env("PBS_PASSWORD")? { + password + } else { + if vma_file_path.is_none() { + bail!( + "Please use --password-file, $PBS_PASSWORD, $PBS_PASSWORD_FD, $PBS_PASSWORD_FILE, \ + or $PBS_PASSWORD_CMD to provide the password when passing the VMA file to stdin" + ); } + + String::from_utf8(tty::read_password("Password: ")?)? }; let key_password = if keyfile.is_some() { @@ -193,6 +207,8 @@ fn parse_args() -> Result { } } + Some(key_password) + } else if let Some(key_password) = get_secret_from_env("PBS_ENCRYPTION_PASSWORD")? { Some(key_password) } else if vma_file_path.is_none() { log::info!( -- 2.39.5 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel