move acl to pbs_config workspaces, pbs_api_types cleanups

src/api2/access/acl.rs

@@ -4,14 +4,18 @@ use anyhow::{bail, Error};
 
 use proxmox::api::{api, Router, RpcEnvironment, Permission};
 
-use crate::api2::types::*;
-use crate::config::acl;
-use crate::config::acl::{Role, PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
+use pbs_api_types::{
+    Authid, AclListItem, Role, 
+    ACL_PATH_SCHEMA, PROXMOX_CONFIG_DIGEST_SCHEMA, PROXMOX_GROUP_ID_SCHEMA,
+    ACL_PROPAGATE_SCHEMA, PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY,
+};
+
+use pbs_config::acl::AclTreeNode;
+
 use crate::config::cached_user_info::CachedUserInfo;
-use pbs_config::open_backup_lockfile;
 
 fn extract_acl_node_data(
-    node: &acl::AclTreeNode,
+    node: &AclTreeNode,
     path: &str,
     list: &mut Vec<AclListItem>,
     exact: bool,
@@ -110,7 +114,7 @@ pub fn read_acl(
         None
     };
 
-    let (mut tree, digest) = acl::config()?;
+    let (mut tree, digest) = pbs_config::acl::config()?;
 
     let mut list: Vec<AclListItem> = Vec::new();
     if let Some(path) = &path {
@@ -200,9 +204,9 @@ pub fn update_acl(
         };
     }
 
-    let _lock = open_backup_lockfile(acl::ACL_CFG_LOCKFILE, None, true)?;
+    let _lock = pbs_config::acl::lock_config()?;
 
-    let (mut tree, expected_digest) = acl::config()?;
+    let (mut tree, expected_digest) = pbs_config::acl::config()?;
 
     if let Some(ref digest) = digest {
         let digest = proxmox::tools::hex_to_digest(digest)?;
@@ -228,7 +232,7 @@ pub fn update_acl(
     }
 
     if !delete { // Note: we allow to delete entries with invalid path
-        acl::check_acl_path(&path)?;
+        pbs_config::acl::check_acl_path(&path)?;
     }
 
     if let Some(auth_id) = auth_id {
@@ -245,7 +249,7 @@ pub fn update_acl(
         }
     }
 
-    acl::save_config(&tree)?;
+    pbs_config::acl::save_config(&tree)?;
 
     Ok(())
 }

src/api2/access/mod.rs

@@ -11,15 +11,17 @@ use proxmox::api::{api, Permission, RpcEnvironment};
 use proxmox::{http_err, list_subdirs_api_method};
 use proxmox::{identity, sortable};
 
+use pbs_api_types::{
+    Userid, Authid, PASSWORD_SCHEMA, ACL_PATH_SCHEMA, 
+    PRIVILEGES, PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT,
+};
 use pbs_tools::auth::private_auth_key;
 use pbs_tools::ticket::{self, Empty, Ticket};
+use pbs_config::acl::AclTreeNode;
 
-use crate::api2::types::*;
 use crate::auth_helpers::*;
 use crate::server::ticket::ApiTicket;
 
-use crate::config::acl as acl_config;
-use crate::config::acl::{PRIVILEGES, PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT};
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::tfa::TfaChallenge;
 
@@ -355,7 +357,7 @@ pub fn list_permissions(
 
     fn populate_acl_paths(
         mut paths: HashSet<String>,
-        node: acl_config::AclTreeNode,
+        node: AclTreeNode,
         path: &str,
     ) -> HashSet<String> {
         for (sub_path, child_node) in node.children {
@@ -375,7 +377,7 @@ pub fn list_permissions(
         None => {
             let mut paths = HashSet::new();
 
-            let (acl_tree, _) = acl_config::config()?;
+            let (acl_tree, _) = pbs_config::acl::config()?;
             paths = populate_acl_paths(paths, acl_tree.root, "");
 
             // default paths, returned even if no ACL exists
@@ -392,7 +394,7 @@ pub fn list_permissions(
     let map = paths.into_iter().fold(
         HashMap::new(),
         |mut map: HashMap<String, HashMap<String, bool>>, path: String| {
-            let split_path = acl_config::split_acl_path(path.as_str());
+            let split_path = pbs_config::acl::split_acl_path(path.as_str());
             let (privs, propagated_privs) = user_info.lookup_privs_details(&auth_id, &split_path);
 
             match privs {

src/api2/access/role.rs

@@ -7,8 +7,8 @@ use serde_json::{json, Value};
 use proxmox::api::{api, Permission};
 use proxmox::api::router::Router;
 
-use crate::api2::types::*;
-use crate::config::acl::{Role, ROLE_NAMES, PRIVILEGES};
+use pbs_api_types::{Role, SINGLE_LINE_COMMENT_SCHEMA, PRIVILEGES};
+use pbs_config::acl::ROLE_NAMES;
 
 #[api(
     returns: {

src/api2/access/tfa.rs

@@ -7,8 +7,8 @@ use proxmox::api::{api, Permission, Router, RpcEnvironment};
 use proxmox::tools::tfa::totp::Totp;
 use proxmox::{http_bail, http_err};
 
-use crate::api2::types::{Authid, Userid, PASSWORD_SCHEMA};
-use crate::config::acl::{PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT};
+use pbs_api_types::{Authid, Userid, PASSWORD_SCHEMA, PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT};
+
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::tfa::{TfaInfo, TfaUserData};
 

src/api2/access/user.rs

@@ -11,14 +11,13 @@ use proxmox::api::schema::{Schema, StringSchema};
 
 use pbs_api_types::{
     PASSWORD_FORMAT, PROXMOX_CONFIG_DIGEST_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA, Authid,
-    Tokenname, UserWithTokens, Userid,
+    Tokenname, UserWithTokens, Userid, PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY,
 };
 use pbs_config::token_shadow;
+use pbs_config::open_backup_lockfile;
 
 use crate::config::user;
-use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
 use crate::config::cached_user_info::CachedUserInfo;
-use pbs_config::open_backup_lockfile;
 
 pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
     .format(&PASSWORD_FORMAT)