From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
by lore.proxmox.com (Postfix) with ESMTPS id 58EB11FF15C
for <inbox@lore.proxmox.com>; Wed, 26 Mar 2025 15:26:49 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id C768E39716;
Wed, 26 Mar 2025 15:26:44 +0100 (CET)
From: Maximiliano Sandoval <m.sandoval@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Wed, 26 Mar 2025 15:26:08 +0100
Message-Id: <20250326142609.399793-5-m.sandoval@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250326142609.399793-1-m.sandoval@proxmox.com>
References: <20250326142609.399793-1-m.sandoval@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.097 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH backup 4/5] pbs-client: make common helper for
getting UTF-8 secrets
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
<pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>
Now that there are three credentials it makes sense to have a common
helper.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
pbs-client/src/tools/mod.rs | 61 ++++++++++++++++++-------------------
1 file changed, 30 insertions(+), 31 deletions(-)
diff --git a/pbs-client/src/tools/mod.rs b/pbs-client/src/tools/mod.rs
index 5dd3b6b10..bd553d88b 100644
--- a/pbs-client/src/tools/mod.rs
+++ b/pbs-client/src/tools/mod.rs
@@ -157,6 +157,25 @@ fn get_secret_from_env(base_name: &str) -> Result<Option<String>, Error> {
Ok(None)
}
+/// Gets a secret or value from the environment.
+///
+/// Checks for an environment variable named `env_variable`, and if missing, it
+/// checks for a system [credential] named `credential_name`. Assumes the secret
+/// is UTF-8 encoded.
+///
+/// [credential]: https://systemd.io/CREDENTIALS/
+fn get_secret_impl(env_variable: &str, credential_name: &str) -> Result<Option<String>, Error> {
+ if let Some(password) = get_secret_from_env(env_variable)? {
+ Ok(Some(password))
+ } else if let Some(password) = get_credential(credential_name)? {
+ String::from_utf8(password)
+ .map(Option::Some)
+ .map_err(|_err| format_err!("credential {credential_name} is not utf8 encoded"))
+ } else {
+ Ok(None)
+ }
+}
+
/// Gets the backup server's password.
///
/// Looks for a password in the `PBS_PASSWORD` environment variable, if there
@@ -167,15 +186,7 @@ fn get_secret_from_env(base_name: &str) -> Result<Option<String>, Error> {
///
/// [credential]: https://systemd.io/CREDENTIALS/
pub fn get_password() -> Result<Option<String>, Error> {
- if let Some(password) = get_secret_from_env(ENV_VAR_PBS_PASSWORD)? {
- Ok(Some(password))
- } else if let Some(password) = get_credential(CRED_PBS_PASSWORD)? {
- String::from_utf8(password)
- .map(Option::Some)
- .map_err(|_err| format_err!("non-utf8 password credential"))
- } else {
- Ok(None)
- }
+ get_secret_impl(ENV_VAR_PBS_PASSWORD, CRED_PBS_PASSWORD)
}
/// Gets an encryption password.
@@ -200,17 +211,11 @@ pub fn get_encryption_password() -> Result<Option<Vec<u8>>, Error> {
}
pub fn get_default_repository() -> Option<String> {
- if let Ok(repository) = std::env::var(ENV_VAR_PBS_REPOSITORY) {
- Some(repository)
- } else if let Ok(Some(repository)) = get_credential(CRED_PBS_REPOSITORY).inspect_err(|err| {
- proxmox_log::error!("Could not read credential {CRED_PBS_REPOSITORY}: {err}")
- }) {
- String::from_utf8(repository)
- .inspect_err(|_err| proxmox_log::error!("non-utf8 repository credential"))
- .ok()
- } else {
- None
- }
+ get_secret_impl(ENV_VAR_PBS_REPOSITORY, CRED_PBS_REPOSITORY)
+ .inspect_err(|err| {
+ proxmox_log::error!("could not read default repository: {err:#}");
+ })
+ .unwrap_or_default()
}
/// Gets the repository fingerprint.
@@ -224,17 +229,11 @@ pub fn get_default_repository() -> Option<String> {
///
/// [credential]: https://systemd.io/CREDENTIALS/
pub fn get_fingerprint() -> Option<String> {
- if let Ok(fingerprint) = std::env::var(ENV_VAR_PBS_FINGERPRINT) {
- Some(fingerprint)
- } else if let Ok(Some(fingerprint)) = get_credential(CRED_PBS_FINGERPRINT).inspect_err(|err| {
- proxmox_log::error!("Could not read credential {CRED_PBS_FINGERPRINT}: {err}")
- }) {
- String::from_utf8(fingerprint)
- .inspect_err(|_err| proxmox_log::error!("non-utf8 fingerprint credential"))
- .ok()
- } else {
- None
- }
+ get_secret_impl(ENV_VAR_PBS_FINGERPRINT, CRED_PBS_FINGERPRINT)
+ .inspect_err(|err| {
+ proxmox_log::error!("could not read fingerprint: {err:#}");
+ })
+ .unwrap_or_default()
}
pub fn remove_repository_from_value(param: &mut Value) -> Result<BackupRepository, Error> {
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel