From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 74EEE1FF17A
	for <inbox@lore.proxmox.com>; Fri, 18 Jul 2025 09:41:58 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id C7DDE1483E;
	Fri, 18 Jul 2025 09:43:05 +0200 (CEST)
Message-ID: <fabcc632-cb5c-4491-9974-441d9917c57a@proxmox.com>
Date: Fri, 18 Jul 2025 09:43:01 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>, Christian Ebner <c.ebner@proxmox.com>
References: <20250715125332.954494-1-c.ebner@proxmox.com>
 <20250715125332.954494-15-c.ebner@proxmox.com>
Content-Language: de-AT, en-US
From: Lukas Wagner <l.wagner@proxmox.com>
In-Reply-To: <20250715125332.954494-15-c.ebner@proxmox.com>
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1752824579487
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.020 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pbs-devel] [PATCH proxmox-backup v8 05/45] api/cli: add
 endpoint and command to check s3 client connection
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>

With the magic string replaced by constants:

Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>


On  2025-07-15 14:52, Christian Ebner wrote:
> Adds a dedicated api endpoint and a proxmox-backup-manager command to
> check if the configured S3 client can reach the bucket.
> 
> Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
> ---
> changes since version 7:
> - no changes
> 
>  src/api2/admin/mod.rs                 |  2 +
>  src/api2/admin/s3.rs                  | 80 +++++++++++++++++++++++++++
>  src/bin/proxmox-backup-manager.rs     |  1 +
>  src/bin/proxmox_backup_manager/mod.rs |  2 +
>  src/bin/proxmox_backup_manager/s3.rs  | 46 +++++++++++++++
>  5 files changed, 131 insertions(+)
>  create mode 100644 src/api2/admin/s3.rs
>  create mode 100644 src/bin/proxmox_backup_manager/s3.rs
> 
> diff --git a/src/api2/admin/mod.rs b/src/api2/admin/mod.rs
> index a1c49f8e2..7694de4b9 100644
> --- a/src/api2/admin/mod.rs
> +++ b/src/api2/admin/mod.rs
> @@ -9,6 +9,7 @@ pub mod gc;
>  pub mod metrics;
>  pub mod namespace;
>  pub mod prune;
> +pub mod s3;
>  pub mod sync;
>  pub mod traffic_control;
>  pub mod verify;
> @@ -19,6 +20,7 @@ const SUBDIRS: SubdirMap = &sorted!([
>      ("metrics", &metrics::ROUTER),
>      ("prune", &prune::ROUTER),
>      ("gc", &gc::ROUTER),
> +    ("s3", &s3::ROUTER),
>      ("sync", &sync::ROUTER),
>      ("traffic-control", &traffic_control::ROUTER),
>      ("verify", &verify::ROUTER),
> diff --git a/src/api2/admin/s3.rs b/src/api2/admin/s3.rs
> new file mode 100644
> index 000000000..d20031707
> --- /dev/null
> +++ b/src/api2/admin/s3.rs
> @@ -0,0 +1,80 @@
> +//! S3 bucket operations
> +
> +use anyhow::{Context, Error};
> +use serde_json::Value;
> +
> +use proxmox_http::Body;
> +use proxmox_router::{list_subdirs_api_method, Permission, Router, RpcEnvironment, SubdirMap};
> +use proxmox_s3_client::{
> +    S3Client, S3ClientConfig, S3ClientOptions, S3ClientSecretsConfig, S3_BUCKET_NAME_SCHEMA,
> +    S3_CLIENT_ID_SCHEMA,
> +};
> +use proxmox_schema::*;
> +use proxmox_sortable_macro::sortable;
> +
> +use pbs_api_types::PRIV_SYS_MODIFY;
> +
> +#[api(
> +    input: {
> +        properties: {
> +            "s3-client-id": {
> +                schema: S3_CLIENT_ID_SCHEMA,
> +            },
> +            bucket: {
> +                schema: S3_BUCKET_NAME_SCHEMA,
> +            },
> +            "store-prefix": {
> +                type: String,
> +                description: "Store prefix within bucket for S3 object keys (commonly datastore name)",
> +            },
> +        },
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false),
> +    },
> +)]
> +/// Perform basic sanity check for given s3 client configuration
> +pub async fn check(
> +    s3_client_id: String,
> +    bucket: String,
> +    store_prefix: String,
> +    _rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<Value, Error> {
> +    let (config, _digest) = pbs_config::s3::config()?;
> +    let config: S3ClientConfig = config
> +        .lookup("s3client", &s3_client_id)
> +        .context("config lookup failed")?;
> +    let (secrets, _secrets_digest) = pbs_config::s3::secrets_config()?;
> +    let secrets: S3ClientSecretsConfig = secrets
> +        .lookup("s3secrets", &s3_client_id)
> +        .context("secrets lookup failed")?;

Same thing here with regards to the section config type strings.

> +
> +    let options = S3ClientOptions::from_config(config, secrets, bucket, store_prefix);
> +
> +    let test_object_key = ".s3-client-test";
> +    let client = S3Client::new(options).context("client creation failed")?;
> +    client.head_bucket().await.context("head object failed")?;
> +    client
> +        .put_object(test_object_key.into(), Body::empty(), true)
> +        .await
> +        .context("put object failed")?;
> +    client
> +        .get_object(test_object_key.into())
> +        .await
> +        .context("get object failed")?;
> +    client
> +        .delete_object(test_object_key.into())
> +        .await
> +        .context("delete object failed")?;
> +
> +    Ok(Value::Null)
> +}
> +
> +#[sortable]
> +const S3_OPERATION_SUBDIRS: SubdirMap = &[("check", &Router::new().get(&API_METHOD_CHECK))];
> +
> +const S3_OPERATION_ROUTER: Router = Router::new()
> +    .get(&list_subdirs_api_method!(S3_OPERATION_SUBDIRS))
> +    .subdirs(S3_OPERATION_SUBDIRS);
> +
> +pub const ROUTER: Router = Router::new().match_all("s3-client-id", &S3_OPERATION_ROUTER);
> diff --git a/src/bin/proxmox-backup-manager.rs b/src/bin/proxmox-backup-manager.rs
> index d4363e717..68d87c676 100644
> --- a/src/bin/proxmox-backup-manager.rs
> +++ b/src/bin/proxmox-backup-manager.rs
> @@ -677,6 +677,7 @@ async fn run() -> Result<(), Error> {
>          .insert("garbage-collection", garbage_collection_commands())
>          .insert("acme", acme_mgmt_cli())
>          .insert("cert", cert_mgmt_cli())
> +        .insert("s3", s3_commands())
>          .insert("subscription", subscription_commands())
>          .insert("sync-job", sync_job_commands())
>          .insert("verify-job", verify_job_commands())
> diff --git a/src/bin/proxmox_backup_manager/mod.rs b/src/bin/proxmox_backup_manager/mod.rs
> index 9b5c73e9a..312a6db6b 100644
> --- a/src/bin/proxmox_backup_manager/mod.rs
> +++ b/src/bin/proxmox_backup_manager/mod.rs
> @@ -26,6 +26,8 @@ mod prune;
>  pub use prune::*;
>  mod remote;
>  pub use remote::*;
> +mod s3;
> +pub use s3::*;
>  mod subscription;
>  pub use subscription::*;
>  mod sync;
> diff --git a/src/bin/proxmox_backup_manager/s3.rs b/src/bin/proxmox_backup_manager/s3.rs
> new file mode 100644
> index 000000000..9bb89ff55
> --- /dev/null
> +++ b/src/bin/proxmox_backup_manager/s3.rs
> @@ -0,0 +1,46 @@
> +use proxmox_router::{cli::*, RpcEnvironment};
> +use proxmox_s3_client::{S3_BUCKET_NAME_SCHEMA, S3_CLIENT_ID_SCHEMA};
> +use proxmox_schema::api;
> +
> +use proxmox_backup::api2;
> +
> +use anyhow::Error;
> +use serde_json::Value;
> +
> +#[api(
> +    input: {
> +        properties: {
> +            "s3-client-id": {
> +                schema: S3_CLIENT_ID_SCHEMA,
> +            },
> +            bucket: {
> +                schema: S3_BUCKET_NAME_SCHEMA,
> +            },
> +            "store-prefix": {
> +                type: String,
> +                description: "Store prefix within bucket for S3 object keys (commonly datastore name)",
> +            },
> +        },
> +    },
> +)]
> +/// Perform basic sanity checks for given S3 client configuration
> +async fn check(
> +    s3_client_id: String,
> +    bucket: String,
> +    store_prefix: String,
> +    rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<Value, Error> {
> +    api2::admin::s3::check(s3_client_id, bucket, store_prefix, rpcenv).await?;
> +    Ok(Value::Null)
> +}
> +
> +pub fn s3_commands() -> CommandLineInterface {
> +    let cmd_def = CliCommandMap::new().insert(
> +        "check",
> +        CliCommand::new(&API_METHOD_CHECK)
> +            .arg_param(&["s3-client-id", "bucket"])
> +            .completion_cb("s3-client-id", pbs_config::s3::complete_s3_client_id),
> +    );
> +
> +    cmd_def.into()
> +}

-- 
- Lukas



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel