From 1e93fbb5c18e6bd37efd481f4d622ba6d050656e Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Mon, 18 Jan 2021 08:16:44 +0100 Subject: [PATCH] tape: add encrypt property to media pool configuration --- src/api2/config/media_pool.rs | 16 ++++++++++++++++ src/api2/types/tape/media_pool.rs | 12 +++++++++++- src/bin/proxmox_tape/pool.rs | 19 +++++++++++++++++-- 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/src/api2/config/media_pool.rs b/src/api2/config/media_pool.rs index a80c6df2..d155f268 100644 --- a/src/api2/config/media_pool.rs +++ b/src/api2/config/media_pool.rs @@ -16,6 +16,7 @@ use crate::{ MEDIA_SET_NAMING_TEMPLATE_SCHEMA, MEDIA_SET_ALLOCATION_POLICY_SCHEMA, MEDIA_RETENTION_POLICY_SCHEMA, + TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA, MediaPoolConfig, }, config::{ @@ -47,6 +48,10 @@ use crate::{ schema: MEDIA_SET_NAMING_TEMPLATE_SCHEMA, optional: true, }, + encrypt: { + schema: TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA, + optional: true, + }, }, }, )] @@ -57,6 +62,7 @@ pub fn create_pool( allocation: Option, retention: Option, template: Option, + encrypt: Option, ) -> Result<(), Error> { let _lock = config::media_pool::lock()?; @@ -76,6 +82,7 @@ pub fn create_pool( allocation, retention, template, + encrypt, }; config.set_data(&name, "pool", &item)?; @@ -141,6 +148,8 @@ pub enum DeletableProperty { retention, /// Delete media set naming template template, + /// Delete encryption fingerprint + encrypt, } #[api( @@ -165,6 +174,10 @@ pub enum DeletableProperty { schema: MEDIA_SET_NAMING_TEMPLATE_SCHEMA, optional: true, }, + encrypt: { + schema: TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA, + optional: true, + }, delete: { description: "List of properties to delete.", type: Array, @@ -183,6 +196,7 @@ pub fn update_pool( allocation: Option, retention: Option, template: Option, + encrypt: Option, delete: Option>, ) -> Result<(), Error> { @@ -198,6 +212,7 @@ pub fn update_pool( DeletableProperty::allocation => { data.allocation = None; }, DeletableProperty::retention => { data.retention = None; }, DeletableProperty::template => { data.template = None; }, + DeletableProperty::encrypt => { data.encrypt = None; }, } } } @@ -206,6 +221,7 @@ pub fn update_pool( if allocation.is_some() { data.allocation = allocation; } if retention.is_some() { data.retention = retention; } if template.is_some() { data.template = template; } + if encrypt.is_some() { data.encrypt = encrypt; } config.set_data(&name, "pool", &data)?; diff --git a/src/api2/types/tape/media_pool.rs b/src/api2/types/tape/media_pool.rs index 6f6abb48..fbee8a69 100644 --- a/src/api2/types/tape/media_pool.rs +++ b/src/api2/types/tape/media_pool.rs @@ -24,6 +24,7 @@ use crate::{ DRIVE_NAME_SCHEMA, PROXMOX_SAFE_ID_FORMAT, SINGLE_LINE_COMMENT_FORMAT, + TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA, }, }; @@ -130,7 +131,11 @@ impl std::str::FromStr for RetentionPolicy { schema: MEDIA_SET_NAMING_TEMPLATE_SCHEMA, optional: true, }, - } + encrypt: { + schema: TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA, + optional: true, + }, + }, )] #[derive(Serialize,Deserialize)] /// Media pool configuration @@ -151,4 +156,9 @@ pub struct MediaPoolConfig { /// format specifications. #[serde(skip_serializing_if="Option::is_none")] pub template: Option, + /// Encryption key fingerprint + /// + /// If set, encrypt all data using the specified key. + #[serde(skip_serializing_if="Option::is_none")] + pub encrypt: Option, } diff --git a/src/bin/proxmox_tape/pool.rs b/src/bin/proxmox_tape/pool.rs index 4d477aaf..a1b471eb 100644 --- a/src/bin/proxmox_tape/pool.rs +++ b/src/bin/proxmox_tape/pool.rs @@ -20,10 +20,13 @@ use proxmox_backup::{ config::{ drive::{ complete_drive_name, - }, + }, media_pool::{ complete_pool_name, - }, + }, + tape_encryption_keys:: { + complete_key_fingerprint, + }, }, }; @@ -48,6 +51,7 @@ pub fn pool_commands() -> CommandLineInterface { .arg_param(&["name"]) .completion_cb("name", complete_pool_name) .completion_cb("drive", complete_drive_name) + .completion_cb("encrypt", complete_key_fingerprint) ) .insert( "update", @@ -55,6 +59,7 @@ pub fn pool_commands() -> CommandLineInterface { .arg_param(&["name"]) .completion_cb("name", complete_pool_name) .completion_cb("drive", complete_drive_name) + .completion_cb("encrypt", complete_key_fingerprint) ) ; @@ -84,12 +89,21 @@ fn list_pools( _ => unreachable!(), }; + let render_encryption = |value: &Value, _record: &Value| -> Result { + if value.as_str().is_some() { + Ok(String::from("yes")) + } else { + Ok(String::from("no")) + } + }; + let options = default_table_format_options() .column(ColumnConfig::new("name")) .column(ColumnConfig::new("drive")) .column(ColumnConfig::new("allocation")) .column(ColumnConfig::new("retention")) .column(ColumnConfig::new("template")) + .column(ColumnConfig::new("encrypt").renderer(render_encryption)) ; format_and_print_result_full(&mut data, &info.returns, &output_format, &options); @@ -129,6 +143,7 @@ fn get_config( .column(ColumnConfig::new("allocation")) .column(ColumnConfig::new("retention")) .column(ColumnConfig::new("template")) + .column(ColumnConfig::new("encrypt")) ; format_and_print_result_full(&mut data, &info.returns, &output_format, &options);