tape: key recovery: refcator and split string/file case for cli params

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

src/api2/tape/drive.rs

@@ -10,7 +10,7 @@ use proxmox_sys::sortable;
 use proxmox_router::{
     list_subdirs_api_method, Permission, Router, RpcEnvironment, RpcEnvironmentType, SubdirMap,
 };
-use proxmox_schema::{api, param_bail};
+use proxmox_schema::api;
 use proxmox_section_config::SectionConfigData;
 use proxmox_uuid::Uuid;
 use proxmox_sys::{task_log, task_warn};
@@ -609,13 +609,14 @@ fn write_media_label(
         properties: {
             drive: {
                 schema: DRIVE_NAME_SCHEMA,
+                //description: "Restore the key from this drive the (encrypted) key was saved on.",
                 optional: true,
             },
             password: {
-                description: "Encryption key password.",
+                description: "The password the key was encrypted with.",
             },
-            backupkey: {
-                description: "A previously exported paperkey in JSON format.",
+            key: {
+                description: "Restore the key from this JSON string. Clashes with drive.",
                 type: String,
                 min_length: 300,
                 max_length: 600,
@@ -631,40 +632,34 @@ fn write_media_label(
 pub async fn restore_key(
     drive: Option<String>,
     password: String,
-    backupkey: Option<String>,
+    key: Option<String>,
 ) -> Result<(), Error> {
-
-    if (drive.is_none() && backupkey.is_none()) || (drive.is_some() && backupkey.is_some()) {
-        param_bail!(
-            "drive",
-            format_err!("Please specify either a valid drive name or a backupkey")
-        );
+    if drive.is_some() && key.is_some() {
+        bail!("cannot have both 'drive' and 'key' parameter set!");
+    } else if !drive.is_some() && !key.is_some() {
+        bail!("one of either 'drive' or 'key' parameter must be set!");
     }
 
     if let Some(drive) = drive {
-        run_drive_blocking_task(
-            drive.clone(),
-            "restore key".to_string(),
-            move |config| {
-                let mut drive = open_drive(&config, &drive)?;
+        run_drive_blocking_task(drive.clone(), "restore key".to_string(), move |config| {
+            let mut drive = open_drive(&config, &drive)?;
 
-                let (_media_id, key_config) = drive.read_label()?;
+            let (_media_id, key_config) = drive.read_label()?;
 
-                if let Some(key_config) = key_config {
-                    let password_fn = || { Ok(password.as_bytes().to_vec()) };
-                    let (key, ..) = key_config.decrypt(&password_fn)?;
-                    insert_key(key, key_config, true)?;
-                } else {
-                    bail!("media does not contain any encryption key configuration");
-                }
-
-                Ok(())
+            if let Some(key_config) = key_config {
+                let password_fn = || Ok(password.as_bytes().to_vec());
+                let (key, ..) = key_config.decrypt(&password_fn)?;
+                insert_key(key, key_config, true)?;
+            } else {
+                bail!("media does not contain any encryption key configuration");
             }
-        )
+
+            Ok(())
+        })
         .await?;
-    }else if let Some(backupkey) = backupkey {
+    } else if let Some(key) = key {
         let key_config: KeyConfig =
-                serde_json::from_str(&backupkey).map_err(|err| format_err!("<errmsg>: {}", err))?;
+            serde_json::from_str(&key).map_err(|err| format_err!("<errmsg>: {}", err))?;
         let password_fn = || Ok(password.as_bytes().to_vec());
         let (key, ..) = key_config.decrypt(&password_fn)?;
         insert_key(key, key_config, false)?;