sync job: fix worker ID parsing

the namespace is optional, but should be captured to allow ACL checks
for unprivileged non-job-owners.

also add FIXME for other job types and workers that (might) need
updating.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

pbs-api-types/src/jobs.rs

@@ -18,7 +18,7 @@ const_regex! {
     /// Regex for verification jobs 'DATASTORE:ACTUAL_JOB_ID'
     pub VERIFICATION_JOB_WORKER_ID_REGEX = concat!(r"^(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):");
     /// Regex for sync jobs 'REMOTE:REMOTE_DATASTORE:LOCAL_DATASTORE:(?:LOCAL_NS_ANCHOR:)ACTUAL_JOB_ID'
-    pub SYNC_JOB_WORKER_ID_REGEX = concat!(r"^(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(?:", BACKUP_NS_RE!(), r"):");
+    pub SYNC_JOB_WORKER_ID_REGEX = concat!(r"^(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r"):(", PROXMOX_SAFE_ID_REGEX_STR!(), r")(?::(", BACKUP_NS_RE!(), r"))?:");
 }
 
 pub const JOB_ID_SCHEMA: Schema = StringSchema::new("Job ID.")

src/api2/backup/mod.rs

@@ -117,6 +117,7 @@ fn upgrade_to_backup_protocol(
             proxmox_router::http_bail!(NOT_FOUND, "namespace not found");
         }
 
+        // FIXME: include namespace here?
         let worker_id = format!("{}:{}/{}", store, backup_dir_arg.ty(), backup_dir_arg.id());
 
         let env_type = rpcenv.env_type();

src/api2/node/tasks.rs

@@ -22,6 +22,7 @@ use proxmox_rest_server::{upid_log_path, upid_read_status, TaskListInfoIterator,
 // matches respective job execution privileges
 fn check_job_privs(auth_id: &Authid, user_info: &CachedUserInfo, upid: &UPID) -> Result<(), Error> {
     match (upid.worker_type.as_str(), &upid.worker_id) {
+        // FIXME: parse namespace here?
         ("verificationjob", Some(workerid)) => {
             if let Some(captures) = VERIFICATION_JOB_WORKER_ID_REGEX.captures(workerid) {
                 if let Some(store) = captures.get(1) {

src/api2/pull.rs

@@ -263,6 +263,7 @@ async fn pull(
     let client = pull_params.client().await?;
 
     // fixme: set to_stdout to false?
+    // FIXME: add namespace to worker id?
     let upid_str = WorkerTask::spawn(
         "sync",
         Some(store.clone()),

src/api2/reader/mod.rs

@@ -134,6 +134,7 @@ fn upgrade_to_backup_reader_protocol(
 
         //let files = BackupInfo::list_files(&path, &backup_dir)?;
 
+        // FIXME: include namespace here?
         let worker_id = format!(
             "{}:{}/{}/{:08X}",
             store,

src/server/prune_job.rs

@@ -115,6 +115,7 @@ pub fn do_prune_job(
 
     let worker_type = job.jobtype().to_string();
     let auth_id = auth_id.clone();
+    // TODO include namespace info here once this becomes namespace-aware/configurable
     let worker_id = format!("{store}");
     let upid_str = WorkerTask::new_thread(
         &worker_type,

src/server/verify_job.rs

@@ -25,6 +25,7 @@ pub fn do_verification_job(
 
     let (email, notify) = crate::server::lookup_datastore_notify_settings(&verification_job.store);
 
+    // FIXME encode namespace here for filter/ACL check?
     let job_id = format!("{}:{}", &verification_job.store, job.jobname());
     let worker_type = job.jobtype().to_string();
     let upid_str = WorkerTask::new_thread(