From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 23F5D65CE5 for ; Thu, 5 Nov 2020 10:03:41 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 12B0815962 for ; Thu, 5 Nov 2020 10:03:11 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 7746A15957 for ; Thu, 5 Nov 2020 10:03:10 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 38D4645C8D for ; Thu, 5 Nov 2020 10:03:10 +0100 (CET) To: Proxmox Backup Server development discussion , =?UTF-8?Q?Fabian_Gr=c3=bcnbichler?= References: <20201104131026.4017010-1-f.gruenbichler@proxmox.com> <20201104131026.4017010-3-f.gruenbichler@proxmox.com> <81720327-15a1-c04f-cec4-f993cc21a7f5@proxmox.com> <1604561929.s6xxo0fncs.astroid@nora.none> From: Thomas Lamprecht Message-ID: Date: Thu, 5 Nov 2020 10:03:08 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Thunderbird/83.0 MIME-Version: 1.0 In-Reply-To: <1604561929.s6xxo0fncs.astroid@nora.none> Content-Type: text/plain; charset=UTF-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL -0.116 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox-backup-manager.rs, remote.rs, pull.rs] Subject: Re: [pbs-devel] [PATCH proxmox-backup 3/4] api: refactor remote client and add remote scan X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Nov 2020 09:03:41 -0000 On 05.11.20 08:42, Fabian Gr=C3=BCnbichler wrote: > On November 4, 2020 5:57 pm, Thomas Lamprecht wrote: >> On 04.11.20 14:10, Fabian Gr=C3=BCnbichler wrote: >>> to allow on-demand scanning of remote datastores accessible for the >>> configured remote user. >>> >>> Signed-off-by: Fabian Gr=C3=BCnbichler >>> --- >>> >>> Notes: >>> not 100% sure about PRIV_REMOTE_AUDIT vs PRIV_REMOTE_READ.. the l= atter is required to use a datastore for syncing/pull purposes >> >> you are not syncing here, so why should the permissions required for >> that matter, when getting a general list of datastores of a remote? > because the only thing that a remote datastore can currently be used fo= r=20 > is syncing ;) but I am fine with AUDIT as well, I just wanted to mentio= n=20 > it. yes, but just because it will be used for that now, it still has not anyt= hing to do with that directly - so I'd see it just as it's own thing, datastor= e scanner - with no opinion on what the user wants to do with that. >=20 >> If, that would be an extra filter param to set. >> >> I setup a remote with a token, got -> >> GET /api2/json/config/remote/tuxis/scan: 401 Unauthorized: [client [::= ffff:192.168.16.38]:47544] authentication failed - invalid user name in u= ser id > I think (as we discussed directly) this was an artifact of version=20 > mismatch? >=20 >>> src/api2/config/remote.rs | 66 +++++++++++++++++++++++++++++= +- >>> src/api2/pull.rs | 12 +----- >>> src/bin/proxmox-backup-manager.rs | 26 +++--------- >>> 3 files changed, 71 insertions(+), 33 deletions(-) >>> >>> diff --git a/src/api2/config/remote.rs b/src/api2/config/remote.rs >>> index ffbba1d2..b415f63d 100644 >>> --- a/src/api2/config/remote.rs >>> +++ b/src/api2/config/remote.rs >>> @@ -1,4 +1,4 @@ >>> -use anyhow::{bail, Error}; >>> +use anyhow::{bail, format_err, Error}; >>> use serde_json::Value; >>> use ::serde::{Deserialize, Serialize}; >>> =20 >>> @@ -6,6 +6,7 @@ use proxmox::api::{api, ApiMethod, Router, RpcEnviron= ment, Permission}; >>> use proxmox::tools::fs::open_file_locked; >>> =20 >>> use crate::api2::types::*; >>> +use crate::client::{HttpClient, HttpClientOptions}; >>> use crate::config::cached_user_info::CachedUserInfo; >>> use crate::config::remote; >>> use crate::config::acl::{PRIV_REMOTE_AUDIT, PRIV_REMOTE_MODIFY}; >>> @@ -301,10 +302,71 @@ pub fn delete_remote(name: String, digest: Opti= on) -> Result<(), Error> >>> Ok(()) >>> } >>> =20 >>> +/// Helper to get client for remote.cfg entry >>> +pub async fn remote_client(remote: remote::Remote) -> Result { >>> + let options =3D HttpClientOptions::new() >>> + .password(Some(remote.password.clone())) >>> + .fingerprint(remote.fingerprint.clone()); >>> + >>> + let client =3D HttpClient::new( >>> + &remote.host, >>> + remote.port.unwrap_or(8007), >>> + &remote.userid, >> sure about userid, shouldn't this be authid or is that the same here? >> At least would explain the error I get.. > the field in the config is called userid, it contains an Authid=20 > (renaming would require postinst fixup, but if you want I can send a=20 > patch for switching it over). >=20 it's a bit confusing, but that's it, was probably more confused in the li= ght of the outdated server at the other end.. So sorry for the noise :)