[pbs-devel] [PATCH proxmox-backup 1/2] verify: log/warn on invalid owner
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Nov 10 13:52:49 CET 2020
in order to trigger a notification/make the problem more visible than
just in syslog.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
not filtering in case we don't have an explicit owner passed in to keep
backwards compat - we could also skip verification for them even in the
privileged case.. ?
-w --patience makes this easier to read
src/api2/admin/datastore.rs | 2 +-
src/backup/verify.rs | 42 ++++++++++++++++++++++---------------
2 files changed, 26 insertions(+), 18 deletions(-)
diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
index 8256f02f..e76867c7 100644
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@@ -648,7 +648,7 @@ pub fn verify(
verify_all_backups(datastore, worker.clone(), worker.upid(), owner, None)?
};
if failed_dirs.len() > 0 {
- worker.log("Failed to verify following snapshots:");
+ worker.log("Failed to verify following snapshots/groups:");
for dir in failed_dirs {
worker.log(format!("\t{}", dir));
}
diff --git a/src/backup/verify.rs b/src/backup/verify.rs
index b5bb85fc..512a3805 100644
--- a/src/backup/verify.rs
+++ b/src/backup/verify.rs
@@ -508,23 +508,31 @@ pub fn verify_all_backups(
}
let filter_by_owner = |group: &BackupGroup| {
- if let Some(owner) = &owner {
- match datastore.get_owner(group) {
- Ok(ref group_owner) => {
- group_owner == owner
- || (group_owner.is_token()
- && !owner.is_token()
- && group_owner.user() == owner.user())
- },
- Err(err) => {
- // intentionally not in task log
- // the task user might not be allowed to see this group!
- println!("Failed to get owner of group '{}' - {}", group, err);
- false
- },
- }
- } else {
- true
+ match (datastore.get_owner(group), &owner) {
+ (Ok(ref group_owner), Some(owner)) => {
+ group_owner == owner
+ || (group_owner.is_token()
+ && !owner.is_token()
+ && group_owner.user() == owner.user())
+ },
+ (Ok(_), None) => true,
+ (Err(err), Some(_)) => {
+ // intentionally not in task log
+ // the task user might not be allowed to see this group!
+ println!("Failed to get owner of group '{}' - {}", group, err);
+ false
+ },
+ (Err(err), None) => {
+ // we don't filter by owner, but we want to log the error
+ task_log!(
+ worker,
+ "Failed to get owner of group '{} - {}",
+ group,
+ err,
+ );
+ errors.push(group.to_string());
+ true
+ },
}
};
--
2.20.1
More information about the pbs-devel
mailing list