From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "Proxmox Backup Server development discussion"
<pbs-devel@lists.proxmox.com>,
"Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox-backup 3/4] api: refactor remote client and add remote scan
Date: Thu, 5 Nov 2020 10:03:08 +0100 [thread overview]
Message-ID: <aa0fb139-633c-5430-08bc-38b9d01d131c@proxmox.com> (raw)
In-Reply-To: <1604561929.s6xxo0fncs.astroid@nora.none>
On 05.11.20 08:42, Fabian Grünbichler wrote:
> On November 4, 2020 5:57 pm, Thomas Lamprecht wrote:
>> On 04.11.20 14:10, Fabian Grünbichler wrote:
>>> to allow on-demand scanning of remote datastores accessible for the
>>> configured remote user.
>>>
>>> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
>>> ---
>>>
>>> Notes:
>>> not 100% sure about PRIV_REMOTE_AUDIT vs PRIV_REMOTE_READ.. the latter is required to use a datastore for syncing/pull purposes
>>
>> you are not syncing here, so why should the permissions required for
>> that matter, when getting a general list of datastores of a remote?
> because the only thing that a remote datastore can currently be used for
> is syncing ;) but I am fine with AUDIT as well, I just wanted to mention
> it.
yes, but just because it will be used for that now, it still has not anything
to do with that directly - so I'd see it just as it's own thing, datastore
scanner - with no opinion on what the user wants to do with that.
>
>> If, that would be an extra filter param to set.
>>
>> I setup a remote with a token, got ->
>> GET /api2/json/config/remote/tuxis/scan: 401 Unauthorized: [client [::ffff:192.168.16.38]:47544] authentication failed - invalid user name in user id
> I think (as we discussed directly) this was an artifact of version
> mismatch?
>
>>> src/api2/config/remote.rs | 66 ++++++++++++++++++++++++++++++-
>>> src/api2/pull.rs | 12 +-----
>>> src/bin/proxmox-backup-manager.rs | 26 +++---------
>>> 3 files changed, 71 insertions(+), 33 deletions(-)
>>>
>>> diff --git a/src/api2/config/remote.rs b/src/api2/config/remote.rs
>>> index ffbba1d2..b415f63d 100644
>>> --- a/src/api2/config/remote.rs
>>> +++ b/src/api2/config/remote.rs
>>> @@ -1,4 +1,4 @@
>>> -use anyhow::{bail, Error};
>>> +use anyhow::{bail, format_err, Error};
>>> use serde_json::Value;
>>> use ::serde::{Deserialize, Serialize};
>>>
>>> @@ -6,6 +6,7 @@ use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
>>> use proxmox::tools::fs::open_file_locked;
>>>
>>> use crate::api2::types::*;
>>> +use crate::client::{HttpClient, HttpClientOptions};
>>> use crate::config::cached_user_info::CachedUserInfo;
>>> use crate::config::remote;
>>> use crate::config::acl::{PRIV_REMOTE_AUDIT, PRIV_REMOTE_MODIFY};
>>> @@ -301,10 +302,71 @@ pub fn delete_remote(name: String, digest: Option<String>) -> Result<(), Error>
>>> Ok(())
>>> }
>>>
>>> +/// Helper to get client for remote.cfg entry
>>> +pub async fn remote_client(remote: remote::Remote) -> Result<HttpClient, Error> {
>>> + let options = HttpClientOptions::new()
>>> + .password(Some(remote.password.clone()))
>>> + .fingerprint(remote.fingerprint.clone());
>>> +
>>> + let client = HttpClient::new(
>>> + &remote.host,
>>> + remote.port.unwrap_or(8007),
>>> + &remote.userid,
>> sure about userid, shouldn't this be authid or is that the same here?
>> At least would explain the error I get..
> the field in the config is called userid, it contains an Authid
> (renaming would require postinst fixup, but if you want I can send a
> patch for switching it over).
>
it's a bit confusing, but that's it, was probably more confused in the light
of the outdated server at the other end.. So sorry for the noise :)
next prev parent reply other threads:[~2020-11-05 9:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-04 13:10 [pbs-devel] [PATCH proxmox-backup 1/4] www: don't default to hourly sync job schedule Fabian Grünbichler
2020-11-04 13:10 ` [pbs-devel] [PATCH proxmox-backup 2/4] types: extract DataStoreListItem Fabian Grünbichler
2020-11-04 13:10 ` [pbs-devel] [PATCH proxmox-backup 3/4] api: refactor remote client and add remote scan Fabian Grünbichler
2020-11-04 16:57 ` Thomas Lamprecht
2020-11-05 7:42 ` Fabian Grünbichler
2020-11-05 9:03 ` Thomas Lamprecht [this message]
2020-11-04 17:12 ` Thomas Lamprecht
2020-11-05 7:43 ` Fabian Grünbichler
2020-11-05 8:58 ` Thomas Lamprecht
2020-11-04 13:10 ` [pbs-devel] [PATCH proxmox-backup 4/4] www: add remote store selector Fabian Grünbichler
2020-11-04 13:42 ` [pbs-devel] [PATCH proxmox-backup 1/4] www: don't default to hourly sync job schedule Thomas Lamprecht
[not found] ` <dce0d21f-20dc-5443-bbb0-6b6f5be73e43@proxmox.com>
[not found] ` <1604497203.f21gwhaa55.astroid@nora.none>
2020-11-04 17:03 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aa0fb139-633c-5430-08bc-38b9d01d131c@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox