tape: add hardware encryption key managenent api

2021-01-18 07:16:06 +01:00
parent 4e9cc3e97c
commit d5a48b5ce4
15 changed files with 518 additions and 37 deletions
--- a/src/api2/types/mod.rs
+++ b/src/api2/types/mod.rs
@ -77,7 +77,7 @@ const_regex!{

    pub BACKUP_REPO_URL_REGEX = concat!(r"^^(?:(?:(", USER_ID_REGEX_STR!(), "|", APITOKEN_ID_REGEX_STR!(), ")@)?(", DNS_NAME!(), "|",  IPRE_BRACKET!() ,"):)?(?:([0-9]{1,5}):)?(", PROXMOX_SAFE_ID_REGEX_STR!(), r")$");

-    pub CERT_FINGERPRINT_SHA256_REGEX = r"^(?:[0-9a-fA-F][0-9a-fA-F])(?::[0-9a-fA-F][0-9a-fA-F]){31}$";
+    pub FINGERPRINT_SHA256_REGEX = r"^(?:[0-9a-fA-F][0-9a-fA-F])(?::[0-9a-fA-F][0-9a-fA-F]){31}$";

    pub ACL_PATH_REGEX = concat!(r"^(?:/|", r"(?:/", PROXMOX_SAFE_ID_REGEX_STR!(), ")+", r")$");

@ -103,8 +103,8 @@ pub const IP_FORMAT: ApiStringFormat =
 pub const PVE_CONFIG_DIGEST_FORMAT: ApiStringFormat =
    ApiStringFormat::Pattern(&SHA256_HEX_REGEX);

-pub const CERT_FINGERPRINT_SHA256_FORMAT: ApiStringFormat =
-    ApiStringFormat::Pattern(&CERT_FINGERPRINT_SHA256_REGEX);
+pub const FINGERPRINT_SHA256_FORMAT: ApiStringFormat =
+    ApiStringFormat::Pattern(&FINGERPRINT_SHA256_REGEX);

 pub const PROXMOX_SAFE_ID_FORMAT: ApiStringFormat =
    ApiStringFormat::Pattern(&PROXMOX_SAFE_ID_REGEX);
@ -163,17 +163,22 @@ pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
 pub const CERT_FINGERPRINT_SHA256_SCHEMA: Schema = StringSchema::new(
    "X509 certificate fingerprint (sha256)."
 )
-    .format(&CERT_FINGERPRINT_SHA256_FORMAT)
+    .format(&FINGERPRINT_SHA256_FORMAT)
    .schema();

-pub const PROXMOX_CONFIG_DIGEST_SCHEMA: Schema = StringSchema::new(r#"\
-Prevent changes if current configuration file has different SHA256 digest.
-This can be used to prevent concurrent modifications.
-"#
+pub const TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA: Schema = StringSchema::new(
+    "Tape encryption key fingerprint (sha256)."
 )
-    .format(&PVE_CONFIG_DIGEST_FORMAT)
+    .format(&FINGERPRINT_SHA256_FORMAT)
    .schema();

+pub const PROXMOX_CONFIG_DIGEST_SCHEMA: Schema = StringSchema::new(
+    "Prevent changes if current configuration file has different \
+    SHA256 digest. This can be used to prevent concurrent \
+    modifications."
+)
+    .format(&PVE_CONFIG_DIGEST_FORMAT) .schema();
+

 pub const CHUNK_DIGEST_FORMAT: ApiStringFormat =
    ApiStringFormat::Pattern(&SHA256_HEX_REGEX);
--- a/src/api2/types/tape/drive.rs
+++ b/src/api2/types/tape/drive.rs
@ -12,7 +12,8 @@ use proxmox::api::{
 use crate::api2::types::{
    PROXMOX_SAFE_ID_FORMAT,
    CHANGER_NAME_SCHEMA,
-};
+    CERT_FINGERPRINT_SHA256_SCHEMA,
+ };

 pub const DRIVE_NAME_SCHEMA: Schema = StringSchema::new("Drive Identifier.")
    .format(&PROXMOX_SAFE_ID_FORMAT)
@ -205,3 +206,18 @@ pub struct LinuxDriveAndMediaStatus {
    #[serde(skip_serializing_if="Option::is_none")]
    pub medium_passes: Option<u64>,
 }
+
+#[api(
+    properties: {
+        fingerprint: {
+            schema: CERT_FINGERPRINT_SHA256_SCHEMA,
+        },
+    },
+)]
+#[derive(Deserialize, Serialize)]
+/// Hardware Encryption key Metadata
+pub struct TapeKeyMetadata {
+    /// Password hint
+    pub hint: String,
+    pub fingerprint: String,
+}