From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 179F41FF141 for ; Tue, 05 May 2026 10:34:37 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6A85D1B9BF; Tue, 5 May 2026 10:33:42 +0200 (CEST) From: Arthur Bied-Charreton To: pve-devel@lists.proxmox.com, pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup v5 25/27] daily-update: refresh OAuth2 state for SMTP notification endpoints Date: Tue, 5 May 2026 10:32:46 +0200 Message-ID: <20260505083248.36450-26-a.bied-charreton@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260505083248.36450-1-a.bied-charreton@proxmox.com> References: <20260505083248.36450-1-a.bied-charreton@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.110 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Message-ID-Hash: EIGYJAYVGDM4X3MBHAU3CYRJGQUUZDKS X-Message-ID-Hash: EIGYJAYVGDM4X3MBHAU3CYRJGQUUZDKS X-MailFrom: abied-charreton@jett.proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Run trigger_state_refresh from the daily update job so OAuth2 tokens are exchanged at least once per day, preventing Google refresh tokens from expiring and persisting newly returned Microsoft ones. This is done under a notifications config lock. Failure to do so may lead to state file updates happening concurrently with other config updates. Signed-off-by: Arthur Bied-Charreton --- src/bin/proxmox-daily-update.rs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/bin/proxmox-daily-update.rs b/src/bin/proxmox-daily-update.rs index fc6e4f46..0e8282c0 100644 --- a/src/bin/proxmox-daily-update.rs +++ b/src/bin/proxmox-daily-update.rs @@ -22,6 +22,13 @@ async fn wait_for_local_worker(upid_str: &str) -> Result<(), Error> { Ok(()) } +fn refresh_notification_state() -> Result<(), anyhow::Error> { + let _lock = pbs_config::notifications::lock_config()?; + let conf = pbs_config::notifications::config()?; + proxmox_notify::api::common::trigger_state_refresh(&conf)?; + Ok(()) +} + /// Daily update async fn do_update(rpcenv: &mut dyn RpcEnvironment) -> Result<(), Error> { let param = json!({}); @@ -61,6 +68,10 @@ async fn do_update(rpcenv: &mut dyn RpcEnvironment) -> Result<(), Error> { log::error!("error checking certificates: {err}"); } + if let Err(err) = tokio::task::spawn_blocking(refresh_notification_state).await? { + log::error!("Error refreshing notification endpoints' internal state: {err}"); + } + // TODO: cleanup tasks like in PVE? Ok(()) -- 2.47.3