From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 128771FF16F
	for <inbox@lore.proxmox.com>; Tue, 22 Jul 2025 12:10:21 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 0DECF353F4;
	Tue, 22 Jul 2025 12:11:33 +0200 (CEST)
From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Tue, 22 Jul 2025 12:10:20 +0200
Message-ID: <20250722101106.526438-5-c.ebner@proxmox.com>
X-Mailer: git-send-email 2.47.2
In-Reply-To: <20250722101106.526438-1-c.ebner@proxmox.com>
References: <20250722101106.526438-1-c.ebner@proxmox.com>
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1753179078810
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.045 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH proxmox v11 4/4] s3 client: merge secrets config
 with client config
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>

The secrets config was intended to be stored separately with reduced
access permissions, therefore not part of the regular client config.

In Proxmox Backup Server the config needs however to be accessible
also by the less privileged api endpoints, so this requires the same
permissions anyways. Therefore, drop the dedicates secrets config api
type (still not in use by anything else at the moment) and merge the
secret into the regular client config.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
changes since version 10:
 - not present in previous version

 proxmox-s3-client/src/api_types.rs | 26 +++++---------------------
 proxmox-s3-client/src/client.rs    |  5 ++---
 2 files changed, 7 insertions(+), 24 deletions(-)

diff --git a/proxmox-s3-client/src/api_types.rs b/proxmox-s3-client/src/api_types.rs
index ab0c1ec1..51f71d84 100644
--- a/proxmox-s3-client/src/api_types.rs
+++ b/proxmox-s3-client/src/api_types.rs
@@ -103,6 +103,9 @@ pub const S3_BUCKET_NAME_SCHEMA: Schema = StringSchema::new("Bucket name for S3
         "access-key": {
             type: String,
         },
+        "secret-key": {
+            type: String,
+        },
         "path-style": {
             type: bool,
             optional: true,
@@ -134,6 +137,8 @@ pub struct S3ClientConfig {
     pub fingerprint: Option<String>,
     /// Access key for S3 object store.
     pub access_key: String,
+    /// Secret key for S3 object store.
+    pub secret_key: String,
     /// Use path style bucket addressing over vhost style.
     #[serde(skip_serializing_if = "Option::is_none")]
     pub path_style: Option<bool>,
@@ -149,24 +154,3 @@ impl S3ClientConfig {
         Vec::new()
     }
 }
-
-#[api(
-    properties: {
-        "secrets-id": {
-            type: String,
-        },
-        "secret-key": {
-            type: String,
-        },
-    }
-)]
-#[derive(Serialize, Deserialize, Updater, Clone, PartialEq)]
-#[serde(rename_all = "kebab-case")]
-/// S3 client secrets configuration properties.
-pub struct S3ClientSecretsConfig {
-    /// ID to identify s3 client secret config.
-    #[updater(skip)]
-    pub secrets_id: String,
-    /// Secret key for S3 object store.
-    pub secret_key: String,
-}
diff --git a/proxmox-s3-client/src/client.rs b/proxmox-s3-client/src/client.rs
index 5e9d7cb2..f418ee39 100644
--- a/proxmox-s3-client/src/client.rs
+++ b/proxmox-s3-client/src/client.rs
@@ -22,7 +22,7 @@ use proxmox_http::client::HttpsConnector;
 use proxmox_http::{Body, RateLimit, RateLimiter};
 use proxmox_schema::api_types::CERT_FINGERPRINT_SHA256_SCHEMA;
 
-use crate::api_types::{S3ClientConfig, S3ClientSecretsConfig};
+use crate::api_types::S3ClientConfig;
 use crate::aws_sign_v4::AWS_SIGN_V4_DATETIME_FORMAT;
 use crate::aws_sign_v4::{aws_sign_v4_signature, aws_sign_v4_uri_encode};
 use crate::object_key::S3ObjectKey;
@@ -75,7 +75,6 @@ impl S3ClientOptions {
     /// Construct options for the S3 client give the provided configuration parameters.
     pub fn from_config(
         config: S3ClientConfig,
-        secrets: S3ClientSecretsConfig,
         bucket: String,
         common_prefix: String,
     ) -> Self {
@@ -88,7 +87,7 @@ impl S3ClientOptions {
             region: config.region.unwrap_or("us-west-1".to_string()),
             fingerprint: config.fingerprint,
             access_key: config.access_key,
-            secret_key: secrets.secret_key,
+            secret_key: config.secret_key,
             put_rate_limit: config.put_rate_limit,
         }
     }
-- 
2.47.2



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel