move tape_encryption_keys.rs to pbs_config workspace
This commit is contained in:
parent
bbdda58b35
commit
5839c469c1
@ -3,6 +3,7 @@ pub mod drive;
|
||||
pub mod key_config;
|
||||
pub mod media_pool;
|
||||
pub mod remote;
|
||||
pub mod tape_encryption_keys;
|
||||
|
||||
use anyhow::{format_err, Error};
|
||||
|
||||
|
@ -17,8 +17,9 @@ use serde::{Deserialize, Serialize};
|
||||
|
||||
use proxmox::tools::fs::file_read_optional_string;
|
||||
use pbs_api_types::Fingerprint;
|
||||
use pbs_config::key_config::KeyConfig;
|
||||
use pbs_config::{open_backup_lockfile, replace_secret_config};
|
||||
|
||||
use crate::key_config::KeyConfig;
|
||||
use crate::{open_backup_lockfile, replace_secret_config, replace_backup_config};
|
||||
|
||||
mod hex_key {
|
||||
use serde::{self, Deserialize, Serializer, Deserializer};
|
||||
@ -147,7 +148,7 @@ pub fn save_key_configs(map: HashMap<Fingerprint, KeyConfig>) -> Result<(), Erro
|
||||
}
|
||||
|
||||
let raw = serde_json::to_string_pretty(&list)?;
|
||||
pbs_config::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
|
||||
replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
/// Insert a new key
|
@ -11,9 +11,22 @@ use proxmox::{
|
||||
},
|
||||
};
|
||||
|
||||
use pbs_api_types::{Fingerprint, KeyInfo, Kdf};
|
||||
use pbs_api_types::{
|
||||
Fingerprint, KeyInfo, Kdf,
|
||||
TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
|
||||
PROXMOX_CONFIG_DIGEST_SCHEMA, PASSWORD_HINT_SCHEMA,
|
||||
};
|
||||
|
||||
use pbs_config::key_config::KeyConfig;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
use pbs_config::tape_encryption_keys::{
|
||||
TAPE_KEYS_LOCKFILE,
|
||||
load_keys,
|
||||
load_key_configs,
|
||||
save_keys,
|
||||
save_key_configs,
|
||||
insert_key,
|
||||
};
|
||||
|
||||
use crate::{
|
||||
config::{
|
||||
@ -21,19 +34,6 @@ use crate::{
|
||||
PRIV_TAPE_AUDIT,
|
||||
PRIV_TAPE_MODIFY,
|
||||
},
|
||||
tape_encryption_keys::{
|
||||
TAPE_KEYS_LOCKFILE,
|
||||
load_keys,
|
||||
load_key_configs,
|
||||
save_keys,
|
||||
save_key_configs,
|
||||
insert_key,
|
||||
},
|
||||
},
|
||||
api2::types::{
|
||||
TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
|
||||
PROXMOX_CONFIG_DIGEST_SCHEMA,
|
||||
PASSWORD_HINT_SCHEMA,
|
||||
},
|
||||
};
|
||||
|
||||
|
@ -26,7 +26,6 @@ use pbs_datastore::task_log;
|
||||
|
||||
use crate::{
|
||||
config::{
|
||||
self,
|
||||
cached_user_info::CachedUserInfo,
|
||||
acl::{
|
||||
PRIV_TAPE_AUDIT,
|
||||
@ -658,7 +657,7 @@ pub async fn restore_key(
|
||||
if let Some(key_config) = key_config {
|
||||
let password_fn = || { Ok(password.as_bytes().to_vec()) };
|
||||
let (key, ..) = key_config.decrypt(&password_fn)?;
|
||||
config::tape_encryption_keys::insert_key(key, key_config, true)?;
|
||||
pbs_config::tape_encryption_keys::insert_key(key, key_config, true)?;
|
||||
} else {
|
||||
bail!("media does not contain any encryption key configuration");
|
||||
}
|
||||
|
@ -11,24 +11,16 @@ use proxmox::{
|
||||
sys::linux::tty,
|
||||
};
|
||||
|
||||
use pbs_api_types::{Fingerprint, Kdf};
|
||||
use pbs_datastore::paperkey::{PaperkeyFormat, generate_paper_key};
|
||||
|
||||
use proxmox_backup::{
|
||||
api2::{
|
||||
self,
|
||||
types::{
|
||||
DRIVE_NAME_SCHEMA,
|
||||
TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
|
||||
PASSWORD_HINT_SCHEMA,
|
||||
},
|
||||
},
|
||||
config::tape_encryption_keys::{
|
||||
load_key_configs,
|
||||
complete_key_fingerprint,
|
||||
},
|
||||
use pbs_api_types::{
|
||||
Fingerprint, Kdf, DRIVE_NAME_SCHEMA, TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
|
||||
PASSWORD_HINT_SCHEMA,
|
||||
};
|
||||
|
||||
use pbs_datastore::paperkey::{PaperkeyFormat, generate_paper_key};
|
||||
use pbs_config::tape_encryption_keys::{load_key_configs,complete_key_fingerprint};
|
||||
|
||||
use proxmox_backup::api2;
|
||||
|
||||
pub fn encryption_key_commands() -> CommandLineInterface {
|
||||
|
||||
let cmd_def = CliCommandMap::new()
|
||||
|
@ -10,21 +10,11 @@ use proxmox::{
|
||||
},
|
||||
};
|
||||
|
||||
use pbs_api_types::MEDIA_POOL_NAME_SCHEMA;
|
||||
use pbs_config::media_pool::complete_pool_name;
|
||||
use pbs_config::tape_encryption_keys::complete_key_fingerprint;
|
||||
|
||||
use proxmox_backup::{
|
||||
api2::{
|
||||
self,
|
||||
types::{
|
||||
MEDIA_POOL_NAME_SCHEMA,
|
||||
},
|
||||
},
|
||||
config::{
|
||||
tape_encryption_keys:: {
|
||||
complete_key_fingerprint,
|
||||
},
|
||||
},
|
||||
};
|
||||
use proxmox_backup::api2;
|
||||
|
||||
pub fn pool_commands() -> CommandLineInterface {
|
||||
|
||||
|
@ -25,7 +25,6 @@ pub mod tfa;
|
||||
pub mod token_shadow;
|
||||
pub mod user;
|
||||
pub mod verify;
|
||||
pub mod tape_encryption_keys;
|
||||
pub mod tape_job;
|
||||
|
||||
/// Check configuration directory permissions
|
||||
|
@ -27,18 +27,13 @@ use proxmox::{
|
||||
sys::error::SysResult,
|
||||
};
|
||||
|
||||
use pbs_api_types::Fingerprint;
|
||||
use pbs_api_types::{
|
||||
Fingerprint, MamAttribute, LtoDriveAndMediaStatus, LtoTapeDrive, Lp17VolumeStatistics,
|
||||
};
|
||||
use pbs_config::key_config::KeyConfig;
|
||||
use pbs_tools::run_command;
|
||||
|
||||
use crate::{
|
||||
config,
|
||||
api2::types::{
|
||||
MamAttribute,
|
||||
LtoDriveAndMediaStatus,
|
||||
LtoTapeDrive,
|
||||
Lp17VolumeStatistics,
|
||||
},
|
||||
tape::{
|
||||
TapeRead,
|
||||
TapeWrite,
|
||||
@ -378,7 +373,7 @@ impl TapeDriver for LtoTapeHandle {
|
||||
|
||||
if let Some((ref key_fingerprint, ref uuid)) = key_fingerprint {
|
||||
|
||||
let (key_map, _digest) = config::tape_encryption_keys::load_keys()?;
|
||||
let (key_map, _digest) = pbs_config::tape_encryption_keys::load_keys()?;
|
||||
match key_map.get(key_fingerprint) {
|
||||
Some(item) => {
|
||||
|
||||
|
@ -14,6 +14,7 @@ use anyhow::{bail, Error};
|
||||
use proxmox::tools::Uuid;
|
||||
|
||||
use pbs_datastore::task_log;
|
||||
use pbs_config::tape_encryption_keys::load_key_configs;
|
||||
|
||||
use crate::{
|
||||
backup::{
|
||||
@ -42,7 +43,6 @@ use crate::{
|
||||
media_changer,
|
||||
},
|
||||
},
|
||||
config::tape_encryption_keys::load_key_configs,
|
||||
};
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user