From: Filip Schauer <f.schauer@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH v2 vma-to-pbs] read args from environment variables as fallback
Date: Mon, 2 Dec 2024 13:32:55 +0100 [thread overview]
Message-ID: <20241202123255.89147-1-f.schauer@proxmox.com> (raw)
Use the same environment variables that are used by
proxmox-backup-client:
* PBS_REPOSITORY
* PBS_PASSWORD(|_FD|_FILE|_CMD)
* PBS_ENCRYPTION_PASSWORD(|_FD|_FILE|_CMD)
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
Changed since v1:
* combine nested `if` into `else if` for clarity
src/main.rs | 66 ++++++++++++++++++++++++++++++++---------------------
1 file changed, 40 insertions(+), 26 deletions(-)
diff --git a/src/main.rs b/src/main.rs
index f942a73..c8e922b 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,4 +1,5 @@
use std::collections::HashMap;
+use std::env::VarError::{NotPresent, NotUnicode};
use std::ffi::OsString;
use std::fs::read_dir;
use std::io::{BufRead, BufReader, Write};
@@ -7,6 +8,7 @@ use std::path::PathBuf;
use anyhow::{bail, Context, Error};
use chrono::NaiveDateTime;
use env_logger::Target;
+use pbs_client::tools::get_secret_from_env;
use proxmox_sys::linux::tty;
use proxmox_time::epoch_i64;
use regex::Regex;
@@ -27,7 +29,7 @@ Arguments:
Options:
--repository <auth_id@host:port:datastore>
- Repository URL
+ Repository URL [env: PBS_REPOSITORY]
[--ns <NAMESPACE>]
Namespace
[--vmid <VMID>]
@@ -38,7 +40,7 @@ Options:
[--backup-time <EPOCH>]
Backup timestamp
--fingerprint <FINGERPRINT>
- Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT=]
+ Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT]
--keyfile <KEYFILE>
Key file
--master-keyfile <MASTER_KEYFILE>
@@ -48,9 +50,10 @@ Options:
-e, --encrypt
Encrypt the Backup
--password-file <PASSWORD_FILE>
- Password file
+ Password file [env: PBS_PASSWORD, PBS_PASSWORD_FD, PBS_PASSWORD_FILE, PBS_PASSWORD_CMD]
--key-password-file <KEY_PASSWORD_FILE>
- Key password file
+ Key password file [env: PBS_ENCRYPTION_PASSWORD, PBS_ENCRYPTION_PASSWORD_FD,
+ PBS_ENCRYPTION_PASSWORD_FILE, PBS_ENCRYPTION_PASSWORD_CMD]
[--notes-file <NOTES_FILE>]
File containing a comment/notes
[--log-file <LOG_FILE>]
@@ -114,7 +117,7 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
std::process::exit(0);
}
- let pbs_repository = args.value_from_str("--repository")?;
+ let pbs_repository = args.opt_value_from_str("--repository")?;
let namespace = args.opt_value_from_str("--ns")?;
let vmid: Option<String> = args.opt_value_from_str("--vmid")?;
let backup_time: Option<i64> = args.opt_value_from_str("--backup-time")?;
@@ -143,10 +146,22 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
bail!("unexpected extra arguments, use '-h' for usage");
}
+ let pbs_repository = match pbs_repository {
+ Some(v) => v,
+ None => match std::env::var("PBS_REPOSITORY") {
+ Ok(v) => v,
+ Err(NotPresent) => bail!("Repository not set. Use $PBS_REPOSITORY or --repository"),
+ Err(NotUnicode(_)) => bail!("$PBS_REPOSITORY contains invalid unicode"),
+ },
+ };
+
let fingerprint = match fingerprint {
Some(v) => v,
- None => std::env::var("PBS_FINGERPRINT")
- .context("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint")?,
+ None => match std::env::var("PBS_FINGERPRINT") {
+ Ok(v) => v,
+ Err(NotPresent) => bail!("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint"),
+ Err(NotUnicode(_)) => bail!("$PBS_FINGERPRINT contains invalid unicode"),
+ },
};
if forwarded_args.len() > 1 {
@@ -155,30 +170,27 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
let vma_file_path = forwarded_args.first();
- let pbs_password = match password_file {
- Some(password_file) => {
- let mut password =
- std::fs::read_to_string(password_file).context("Could not read password file")?;
+ let pbs_password = if let Some(password_file) = password_file {
+ let mut password =
+ std::fs::read_to_string(password_file).context("Could not read password file")?;
- if password.ends_with('\n') || password.ends_with('\r') {
+ if password.ends_with('\n') || password.ends_with('\r') {
+ password.pop();
+ if password.ends_with('\r') {
password.pop();
- if password.ends_with('\r') {
- password.pop();
- }
}
-
- password
}
- None => {
- if vma_file_path.is_none() {
- bail!(
- "Please use --password-file to provide the password \
- when passing the VMA file to stdin"
- );
- }
- String::from_utf8(tty::read_password("Password: ")?)?
- }
+ password
+ } else if let Some(password) = get_secret_from_env("PBS_PASSWORD")? {
+ password
+ } else if vma_file_path.is_none() {
+ bail!(
+ "Please use --password-file, $PBS_PASSWORD, $PBS_PASSWORD_FD, $PBS_PASSWORD_FILE, \
+ or $PBS_PASSWORD_CMD to provide the password when passing the VMA file to stdin"
+ );
+ } else {
+ String::from_utf8(tty::read_password("Password: ")?)?
};
let key_password = if keyfile.is_some() {
@@ -193,6 +205,8 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
}
}
+ Some(key_password)
+ } else if let Some(key_password) = get_secret_from_env("PBS_ENCRYPTION_PASSWORD")? {
Some(key_password)
} else if vma_file_path.is_none() {
log::info!(
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
reply other threads:[~2024-12-02 12:33 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241202123255.89147-1-f.schauer@proxmox.com \
--to=f.schauer@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal