sync job: fix worker ID parsing
the namespace is optional, but should be captured to allow ACL checks for unprivileged non-job-owners. also add FIXME for other job types and workers that (might) need updating. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
9f8aa8c5e2
commit
b9b2d635fe
@ -18,7 +18,7 @@ const_regex! {
|
||||
/// Regex for verification jobs 'DATASTORE:ACTUAL_JOB_ID'
|
||||
pub VERIFICATION_JOB_WORKER_ID_REGEX = concat!(r"^(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):");
|
||||
/// Regex for sync jobs 'REMOTE:REMOTE_DATASTORE:LOCAL_DATASTORE:(?:LOCAL_NS_ANCHOR:)ACTUAL_JOB_ID'
|
||||
pub SYNC_JOB_WORKER_ID_REGEX = concat!(r"^(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(?:", BACKUP_NS_RE!(), r"):");
|
||||
pub SYNC_JOB_WORKER_ID_REGEX = concat!(r"^(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r")(?::(", BACKUP_NS_RE!(), r"))?:");
|
||||
}
|
||||
|
||||
pub const JOB_ID_SCHEMA: Schema = StringSchema::new("Job ID.")
|
||||
|
@ -117,6 +117,7 @@ fn upgrade_to_backup_protocol(
|
||||
proxmox_router::http_bail!(NOT_FOUND, "namespace not found");
|
||||
}
|
||||
|
||||
// FIXME: include namespace here?
|
||||
let worker_id = format!("{}:{}/{}", store, backup_dir_arg.ty(), backup_dir_arg.id());
|
||||
|
||||
let env_type = rpcenv.env_type();
|
||||
|
@ -22,6 +22,7 @@ use proxmox_rest_server::{upid_log_path, upid_read_status, TaskListInfoIterator,
|
||||
// matches respective job execution privileges
|
||||
fn check_job_privs(auth_id: &Authid, user_info: &CachedUserInfo, upid: &UPID) -> Result<(), Error> {
|
||||
match (upid.worker_type.as_str(), &upid.worker_id) {
|
||||
// FIXME: parse namespace here?
|
||||
("verificationjob", Some(workerid)) => {
|
||||
if let Some(captures) = VERIFICATION_JOB_WORKER_ID_REGEX.captures(workerid) {
|
||||
if let Some(store) = captures.get(1) {
|
||||
|
@ -263,6 +263,7 @@ async fn pull(
|
||||
let client = pull_params.client().await?;
|
||||
|
||||
// fixme: set to_stdout to false?
|
||||
// FIXME: add namespace to worker id?
|
||||
let upid_str = WorkerTask::spawn(
|
||||
"sync",
|
||||
Some(store.clone()),
|
||||
|
@ -134,6 +134,7 @@ fn upgrade_to_backup_reader_protocol(
|
||||
|
||||
//let files = BackupInfo::list_files(&path, &backup_dir)?;
|
||||
|
||||
// FIXME: include namespace here?
|
||||
let worker_id = format!(
|
||||
"{}:{}/{}/{:08X}",
|
||||
store,
|
||||
|
@ -115,6 +115,7 @@ pub fn do_prune_job(
|
||||
|
||||
let worker_type = job.jobtype().to_string();
|
||||
let auth_id = auth_id.clone();
|
||||
// TODO include namespace info here once this becomes namespace-aware/configurable
|
||||
let worker_id = format!("{store}");
|
||||
let upid_str = WorkerTask::new_thread(
|
||||
&worker_type,
|
||||
|
@ -25,6 +25,7 @@ pub fn do_verification_job(
|
||||
|
||||
let (email, notify) = crate::server::lookup_datastore_notify_settings(&verification_job.store);
|
||||
|
||||
// FIXME encode namespace here for filter/ACL check?
|
||||
let job_id = format!("{}:{}", &verification_job.store, job.jobname());
|
||||
let worker_type = job.jobtype().to_string();
|
||||
let upid_str = WorkerTask::new_thread(
|
||||
|
Loading…
Reference in New Issue
Block a user