prune: fix workerid issues
properly encode the namespace as separate field both for manual prunes and the job. fix the access checks as well now that the job doesn't use the jobid as workerid anymore. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
e13303fca6
commit
3697161800
@ -950,10 +950,9 @@ pub fn prune(
|
||||
ns: ns.clone(),
|
||||
};
|
||||
|
||||
let worker_id = format!("{}:{}:{}", store, ns, group);
|
||||
let group = datastore.backup_group(ns, group);
|
||||
|
||||
let worker_id = format!("{}:{}", store, group);
|
||||
|
||||
let mut prune_result = Vec::new();
|
||||
|
||||
let list = group.list_backups()?;
|
||||
@ -1081,6 +1080,8 @@ pub fn prune_datastore(
|
||||
let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
|
||||
|
||||
let datastore = DataStore::lookup_datastore(&store, Some(Operation::Write))?;
|
||||
let ns = ns.unwrap_or_default();
|
||||
let worker_id = format!("{}:{}", store, ns);
|
||||
|
||||
let to_stdout = rpcenv.env_type() == RpcEnvironmentType::CLI;
|
||||
|
||||
@ -1088,18 +1089,11 @@ pub fn prune_datastore(
|
||||
|
||||
let upid_str = WorkerTask::new_thread(
|
||||
"prune",
|
||||
Some(store.clone()),
|
||||
Some(worker_id),
|
||||
auth_id.to_string(),
|
||||
to_stdout,
|
||||
move |worker| {
|
||||
crate::server::prune_datastore(
|
||||
worker,
|
||||
auth_id,
|
||||
prune_options,
|
||||
datastore,
|
||||
ns.unwrap_or_default(),
|
||||
dry_run,
|
||||
)
|
||||
crate::server::prune_datastore(worker, auth_id, prune_options, datastore, ns, dry_run)
|
||||
},
|
||||
)?;
|
||||
|
||||
|
@ -64,12 +64,17 @@ fn check_job_privs(auth_id: &Authid, user_info: &CachedUserInfo, upid: &UPID) ->
|
||||
)
|
||||
}
|
||||
("prune", Some(workerid)) => {
|
||||
return user_info.check_privs(
|
||||
auth_id,
|
||||
&["datastore", workerid],
|
||||
PRIV_DATASTORE_MODIFY,
|
||||
true,
|
||||
);
|
||||
let mut acl_path = vec!["datastore"];
|
||||
acl_path.extend(workerid.split(':'));
|
||||
let acl_path = match acl_path.len() {
|
||||
4 => &acl_path[..3], // contains group as fourth element
|
||||
2 | 3 => &acl_path[..], // store + optional NS
|
||||
_ => {
|
||||
bail!("invalid worker ID for prune task");
|
||||
}
|
||||
};
|
||||
|
||||
return user_info.check_privs(auth_id, acl_path, PRIV_DATASTORE_MODIFY, true);
|
||||
}
|
||||
_ => bail!("not a scheduled job task"),
|
||||
};
|
||||
|
@ -104,14 +104,17 @@ pub fn do_prune_job(
|
||||
|
||||
let worker_type = job.jobtype().to_string();
|
||||
let auth_id = auth_id.clone();
|
||||
let worker_id = format!("{store}");
|
||||
let upid_str = WorkerTask::new_thread(
|
||||
&worker_type,
|
||||
Some(job.jobname().to_string()),
|
||||
Some(worker_id),
|
||||
auth_id.to_string(),
|
||||
false,
|
||||
move |worker| {
|
||||
job.start(&worker.upid().to_string())?;
|
||||
|
||||
task_log!(worker, "prune job '{}'", job.jobname());
|
||||
|
||||
if let Some(event_str) = schedule {
|
||||
task_log!(worker, "task triggered by schedule '{}'", event_str);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user