src/server/worker_task.rs: Avoid using pbs-api-type::Authid

Because we want to move worker_task.rs into proxmox-rest-server crate.
2021-09-21 12:14:19 +02:00
parent 4d4f94dedf
commit 049a22a3a3
25 changed files with 55 additions and 51 deletions
--- a/src/api2/node/apt.rs
+++ b/src/api2/node/apt.rs
@ -14,7 +14,7 @@ use proxmox_apt::repositories::{
 use proxmox_http::ProxyConfig;

 use pbs_api_types::{
-    Authid, APTUpdateInfo, NODE_SCHEMA, PROXMOX_CONFIG_DIGEST_SCHEMA, UPID_SCHEMA,
+    APTUpdateInfo, NODE_SCHEMA, PROXMOX_CONFIG_DIGEST_SCHEMA, UPID_SCHEMA,
    PRIV_SYS_AUDIT, PRIV_SYS_MODIFY,
 };

@ -154,7 +154,7 @@ pub fn apt_update_database(
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<String, Error> {

-    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
+    let auth_id = rpcenv.get_auth_id().unwrap();
    let to_stdout = rpcenv.env_type() == RpcEnvironmentType::CLI;

    let upid_str = WorkerTask::new_thread("aptupdate", None, auth_id, to_stdout, move |worker| {
--- a/src/api2/node/certificates.rs
+++ b/src/api2/node/certificates.rs
@ -11,7 +11,7 @@ use proxmox::api::router::SubdirMap;
 use proxmox::api::{api, Permission, Router, RpcEnvironment};
 use proxmox::list_subdirs_api_method;

-use pbs_api_types::{Authid, NODE_SCHEMA, PRIV_SYS_MODIFY};
+use pbs_api_types::{NODE_SCHEMA, PRIV_SYS_MODIFY};
 use pbs_buildcfg::configdir;
 use pbs_tools::cert;

@ -530,7 +530,7 @@ fn spawn_certificate_worker(

    let (node_config, _digest) = crate::config::node::config()?;

-    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
+    let auth_id = rpcenv.get_auth_id().unwrap();

    WorkerTask::spawn(name, None, auth_id, true, move |worker| async move {
        if let Some(cert) = order_certificate(worker, &node_config).await? {
@ -559,7 +559,7 @@ pub fn revoke_acme_cert(rpcenv: &mut dyn RpcEnvironment) -> Result<String, Error

    let cert_pem = get_certificate_pem()?;

-    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
+    let auth_id = rpcenv.get_auth_id().unwrap();

    WorkerTask::spawn(
        "acme-revoke-cert",
--- a/src/api2/node/disks/directory.rs
+++ b/src/api2/node/disks/directory.rs
@ -7,7 +7,7 @@ use proxmox::api::section_config::SectionConfigData;
 use proxmox::api::router::Router;

 use pbs_api_types::{
-    Authid, DataStoreConfig, NODE_SCHEMA, BLOCKDEVICE_NAME_SCHEMA,
+    DataStoreConfig, NODE_SCHEMA, BLOCKDEVICE_NAME_SCHEMA,
    DATASTORE_SCHEMA, UPID_SCHEMA, PRIV_SYS_AUDIT, PRIV_SYS_MODIFY,
 };

@ -146,7 +146,7 @@ pub fn create_datastore_disk(

    let to_stdout = rpcenv.env_type() == RpcEnvironmentType::CLI;

-    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
+    let auth_id = rpcenv.get_auth_id().unwrap();

    let info = get_disk_usage_info(&disk, true)?;

--- a/src/api2/node/disks/mod.rs
+++ b/src/api2/node/disks/mod.rs
@ -7,7 +7,7 @@ use proxmox::{sortable, identity};
 use proxmox::{list_subdirs_api_method};

 use pbs_api_types::{
-    Authid, UPID_SCHEMA, NODE_SCHEMA, BLOCKDEVICE_NAME_SCHEMA,
+    UPID_SCHEMA, NODE_SCHEMA, BLOCKDEVICE_NAME_SCHEMA,
    PRIV_SYS_AUDIT, PRIV_SYS_MODIFY,
 };

@ -144,7 +144,7 @@ pub fn initialize_disk(

    let to_stdout = rpcenv.env_type() == RpcEnvironmentType::CLI;

-    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
+    let auth_id = rpcenv.get_auth_id().unwrap();

    let info = get_disk_usage_info(&disk, true)?;

--- a/src/api2/node/disks/zfs.rs
+++ b/src/api2/node/disks/zfs.rs
@ -8,7 +8,7 @@ use proxmox::api::{
 use proxmox::api::router::Router;

 use pbs_api_types::{
-    Authid, ZpoolListItem, ZfsRaidLevel, ZfsCompressionType, DataStoreConfig,
+    ZpoolListItem, ZfsRaidLevel, ZfsCompressionType, DataStoreConfig,
    NODE_SCHEMA, ZPOOL_NAME_SCHEMA, DATASTORE_SCHEMA, DISK_ARRAY_SCHEMA,
    DISK_LIST_SCHEMA, ZFS_ASHIFT_SCHEMA, UPID_SCHEMA,
    PRIV_SYS_AUDIT, PRIV_SYS_MODIFY,
@ -168,7 +168,7 @@ pub fn create_zpool(

    let to_stdout = rpcenv.env_type() == RpcEnvironmentType::CLI;

-    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
+    let auth_id = rpcenv.get_auth_id().unwrap();

    let add_datastore = add_datastore.unwrap_or(false);

--- a/src/api2/node/mod.rs
+++ b/src/api2/node/mod.rs
@ -146,7 +146,7 @@ async fn termproxy(cmd: Option<String>, rpcenv: &mut dyn RpcEnvironment) -> Resu
    let upid = WorkerTask::spawn(
        "termproxy",
        None,
-        auth_id,
+        auth_id.to_string(),
        false,
        move |worker| async move {
            // move inside the worker so that it survives and does not close the port
--- a/src/api2/node/network.rs
+++ b/src/api2/node/network.rs
@ -703,7 +703,7 @@ pub async fn reload_network_config(

    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;

-    let upid_str = WorkerTask::spawn("srvreload", Some(String::from("networking")), auth_id, true, |_worker| async {
+    let upid_str = WorkerTask::spawn("srvreload", Some(String::from("networking")), auth_id.to_string(), true, |_worker| async {

        let _ = std::fs::rename(network::NETWORK_INTERFACES_NEW_FILENAME, network::NETWORK_INTERFACES_FILENAME);

--- a/src/api2/node/services.rs
+++ b/src/api2/node/services.rs
@ -195,7 +195,7 @@ fn run_service_command(service: &str, cmd: &str, auth_id: Authid) -> Result<Valu
    let upid = WorkerTask::new_thread(
        &workerid,
        Some(service.clone()),
-        auth_id,
+        auth_id.to_string(),
        false,
        move |_worker| {

--- a/src/api2/node/tasks.rs
+++ b/src/api2/node/tasks.rs
@ -99,8 +99,8 @@ fn check_job_store(upid: &UPID, store: &str) -> bool {
 }

 fn check_task_access(auth_id: &Authid, upid: &UPID) -> Result<(), Error> {
-    let task_auth_id = &upid.auth_id;
-    if auth_id == task_auth_id
+    let task_auth_id: Authid = upid.auth_id.parse()?;
+    if auth_id == &task_auth_id
        || (task_auth_id.is_token() && &Authid::from(task_auth_id.user().clone()) == auth_id) {
        // task owner can always read
        Ok(())
@ -200,6 +200,8 @@ async fn get_task_status(
    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
    check_task_access(&auth_id, &upid)?;

+    let task_auth_id: Authid = upid.auth_id.parse()?;
+
    let mut result = json!({
        "upid": param["upid"],
        "node": upid.node,
@ -208,11 +210,11 @@ async fn get_task_status(
        "starttime": upid.starttime,
        "type": upid.worker_type,
        "id": upid.worker_id,
-        "user": upid.auth_id.user(),
+        "user": task_auth_id.user(),
    });

-    if upid.auth_id.is_token() {
-        result["tokenid"] = Value::from(upid.auth_id.tokenname().unwrap().as_str());
+    if task_auth_id.is_token() {
+        result["tokenid"] = Value::from(task_auth_id.tokenname().unwrap().as_str());
    }

    if crate::server::worker_is_active(&upid).await? {
@ -344,10 +346,11 @@ fn stop_task(

    let upid = extract_upid(&param)?;

-    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
+    let auth_id = rpcenv.get_auth_id().unwrap();

    if auth_id != upid.auth_id {
        let user_info = CachedUserInfo::new()?;
+        let auth_id: Authid = auth_id.parse()?;
        user_info.check_privs(&auth_id, &["system", "tasks"], PRIV_SYS_MODIFY, false)?;
    }