tape: implement paperkey command for tape encryption keys

This commit is contained in:
Dietmar Maurer 2021-01-22 09:56:14 +01:00
parent 639a6782bd
commit 64b83c3d70

View File

@ -12,7 +12,13 @@ use proxmox::{
};
use proxmox_backup::{
tools,
tools::{
self,
paperkey::{
PaperkeyFormat,
generate_paper_key,
},
},
config,
api2::{
self,
@ -23,7 +29,11 @@ use proxmox_backup::{
Kdf,
},
},
config::tape_encryption_keys::complete_key_fingerprint,
backup::Fingerprint,
config::tape_encryption_keys::{
load_key_configs,
complete_key_fingerprint,
},
};
pub fn encryption_key_commands() -> CommandLineInterface {
@ -46,6 +56,12 @@ pub fn encryption_key_commands() -> CommandLineInterface {
.arg_param(&["fingerprint"])
.completion_cb("fingerprint", complete_key_fingerprint)
)
.insert(
"paperkey",
CliCommand::new(&API_METHOD_PAPER_KEY)
.arg_param(&["fingerprint"])
.completion_cb("fingerprint", complete_key_fingerprint)
)
.insert(
"restore",
CliCommand::new(&API_METHOD_RESTORE_KEY)
@ -61,6 +77,44 @@ pub fn encryption_key_commands() -> CommandLineInterface {
cmd_def.into()
}
#[api(
input: {
properties: {
fingerprint: {
schema: TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
},
subject: {
description: "Include the specified subject as titel text.",
optional: true,
},
"output-format": {
type: PaperkeyFormat,
optional: true,
},
},
},
)]
/// Generate a printable, human readable text file containing the encryption key.
///
/// This also includes a scanable QR code for fast key restore.
fn paper_key(
fingerprint: Fingerprint,
subject: Option<String>,
output_format: Option<PaperkeyFormat>,
) -> Result<(), Error> {
let (config_map, _digest) = load_key_configs()?;
let key_config = match config_map.get(&fingerprint) {
Some(key_config) => key_config,
None => bail!("tape encryption key '{}' does not exist.", fingerprint),
};
let data: String = serde_json::to_string_pretty(&key_config)?;
generate_paper_key(std::io::stdout(), &data, subject, output_format)
}
#[api(
input: {
properties: {