move tape_encryption_keys.rs to pbs_config workspace

pbs-config/src/lib.rs

@@ -3,6 +3,7 @@ pub mod drive;
 pub mod key_config;
 pub mod media_pool;
 pub mod remote;
+pub mod tape_encryption_keys;
 
 use anyhow::{format_err, Error};
 

pbs-config/src/tape_encryption_keys.rs

@@ -17,8 +17,9 @@ use serde::{Deserialize, Serialize};
 
 use proxmox::tools::fs::file_read_optional_string;
 use pbs_api_types::Fingerprint;
-use pbs_config::key_config::KeyConfig;
+
-use pbs_config::{open_backup_lockfile, replace_secret_config};
+use crate::key_config::KeyConfig;
+use crate::{open_backup_lockfile, replace_secret_config, replace_backup_config};
 
 mod hex_key {
     use serde::{self, Deserialize, Serializer, Deserializer};
@@ -147,7 +148,7 @@ pub fn save_key_configs(map: HashMap<Fingerprint, KeyConfig>) -> Result<(), Erro
     }
 
     let raw = serde_json::to_string_pretty(&list)?;
-    pbs_config::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
+    replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
 }
 
 /// Insert a new key

src/api2/config/tape_encryption_keys.rs

@@ -11,9 +11,22 @@ use proxmox::{
     },
 };
 
-use pbs_api_types::{Fingerprint, KeyInfo, Kdf};
+use pbs_api_types::{
+    Fingerprint, KeyInfo, Kdf,
+    TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
+    PROXMOX_CONFIG_DIGEST_SCHEMA, PASSWORD_HINT_SCHEMA,
+};
+
 use pbs_config::key_config::KeyConfig;
 use pbs_config::open_backup_lockfile;
+use pbs_config::tape_encryption_keys::{
+    TAPE_KEYS_LOCKFILE,
+    load_keys,
+    load_key_configs,
+    save_keys,
+    save_key_configs,
+    insert_key,
+};
 
 use crate::{
     config::{
@@ -21,19 +34,6 @@ use crate::{
             PRIV_TAPE_AUDIT,
             PRIV_TAPE_MODIFY,
         },
-        tape_encryption_keys::{
-            TAPE_KEYS_LOCKFILE,
-            load_keys,
-            load_key_configs,
-            save_keys,
-            save_key_configs,
-            insert_key,
-        },
-    },
-    api2::types::{
-        TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
-        PROXMOX_CONFIG_DIGEST_SCHEMA,
-        PASSWORD_HINT_SCHEMA,
     },
 };
 

src/api2/tape/drive.rs

@@ -26,7 +26,6 @@ use pbs_datastore::task_log;
 
 use crate::{
     config::{
-        self,
         cached_user_info::CachedUserInfo,
         acl::{
             PRIV_TAPE_AUDIT,
@@ -658,7 +657,7 @@ pub async fn restore_key(
             if let Some(key_config) = key_config {
                 let password_fn = || { Ok(password.as_bytes().to_vec()) };
                 let (key, ..) = key_config.decrypt(&password_fn)?;
-                config::tape_encryption_keys::insert_key(key, key_config, true)?;
+                pbs_config::tape_encryption_keys::insert_key(key, key_config, true)?;
             } else {
                 bail!("media does not contain any encryption key configuration");
             }

src/bin/proxmox_tape/encryption_key.rs

@@ -11,24 +11,16 @@ use proxmox::{
     sys::linux::tty,
 };
 
-use pbs_api_types::{Fingerprint, Kdf};
+use pbs_api_types::{
-use pbs_datastore::paperkey::{PaperkeyFormat, generate_paper_key};
+    Fingerprint, Kdf, DRIVE_NAME_SCHEMA, TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
-
+    PASSWORD_HINT_SCHEMA,
-use proxmox_backup::{
-    api2::{
-        self,
-        types::{
-            DRIVE_NAME_SCHEMA,
-            TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
-            PASSWORD_HINT_SCHEMA,
-        },
-    },
-    config::tape_encryption_keys::{
-        load_key_configs,
-        complete_key_fingerprint,
-    },
 };
 
+use pbs_datastore::paperkey::{PaperkeyFormat, generate_paper_key};
+use pbs_config::tape_encryption_keys::{load_key_configs,complete_key_fingerprint};
+
+use proxmox_backup::api2;
+
 pub fn encryption_key_commands() -> CommandLineInterface {
 
     let cmd_def = CliCommandMap::new()

src/bin/proxmox_tape/pool.rs

@@ -10,21 +10,11 @@ use proxmox::{
     },
 };
 
+use pbs_api_types::MEDIA_POOL_NAME_SCHEMA;
 use pbs_config::media_pool::complete_pool_name;
+use pbs_config::tape_encryption_keys::complete_key_fingerprint;
 
-use proxmox_backup::{
+use proxmox_backup::api2;
-    api2::{
-        self,
-        types::{
-            MEDIA_POOL_NAME_SCHEMA,
-        },
-    },
-    config::{
-        tape_encryption_keys:: {
-            complete_key_fingerprint,
-        },
-    },
-};
 
 pub fn pool_commands() -> CommandLineInterface {
 

src/config/mod.rs

@@ -25,7 +25,6 @@ pub mod tfa;
 pub mod token_shadow;
 pub mod user;
 pub mod verify;
-pub mod tape_encryption_keys;
 pub mod tape_job;
 
 /// Check configuration directory permissions

src/tape/drive/lto/mod.rs

@@ -27,18 +27,13 @@ use proxmox::{
     sys::error::SysResult,
 };
 
-use pbs_api_types::Fingerprint;
+use pbs_api_types::{
+    Fingerprint, MamAttribute, LtoDriveAndMediaStatus, LtoTapeDrive, Lp17VolumeStatistics,
+};
 use pbs_config::key_config::KeyConfig;
 use pbs_tools::run_command;
 
 use crate::{
-    config,
-    api2::types::{
-        MamAttribute,
-        LtoDriveAndMediaStatus,
-        LtoTapeDrive,
-        Lp17VolumeStatistics,
-    },
     tape::{
         TapeRead,
         TapeWrite,
@@ -378,7 +373,7 @@ impl TapeDriver for LtoTapeHandle {
 
             if let Some((ref key_fingerprint, ref uuid)) = key_fingerprint {
 
-                let (key_map, _digest) = config::tape_encryption_keys::load_keys()?;
+                let (key_map, _digest) = pbs_config::tape_encryption_keys::load_keys()?;
                 match key_map.get(key_fingerprint) {
                     Some(item) => {
 

src/tape/pool_writer/mod.rs

@@ -14,6 +14,7 @@ use anyhow::{bail, Error};
 use proxmox::tools::Uuid;
 
 use pbs_datastore::task_log;
+use pbs_config::tape_encryption_keys::load_key_configs;
 
 use crate::{
     backup::{
@@ -42,7 +43,6 @@ use crate::{
             media_changer,
         },
     },
-    config::tape_encryption_keys::load_key_configs,
 };