[pbs-devel] [PATCH proxmox-backup 1/2] verify: log/warn on invalid owner

Fabian Grünbichler f.gruenbichler at proxmox.com
Tue Nov 10 13:52:49 CET 2020


in order to trigger a notification/make the problem more visible than
just in syslog.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    not filtering in case we don't have an explicit owner passed in to keep
    backwards compat - we could also skip verification for them even in the
    privileged case.. ?

    -w --patience makes this easier to read

 src/api2/admin/datastore.rs |  2 +-
 src/backup/verify.rs        | 42 ++++++++++++++++++++++---------------
 2 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
index 8256f02f..e76867c7 100644
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@@ -648,7 +648,7 @@ pub fn verify(
                 verify_all_backups(datastore, worker.clone(), worker.upid(), owner, None)?
             };
             if failed_dirs.len() > 0 {
-                worker.log("Failed to verify following snapshots:");
+                worker.log("Failed to verify following snapshots/groups:");
                 for dir in failed_dirs {
                     worker.log(format!("\t{}", dir));
                 }
diff --git a/src/backup/verify.rs b/src/backup/verify.rs
index b5bb85fc..512a3805 100644
--- a/src/backup/verify.rs
+++ b/src/backup/verify.rs
@@ -508,23 +508,31 @@ pub fn verify_all_backups(
     }
 
     let filter_by_owner = |group: &BackupGroup| {
-        if let Some(owner) = &owner {
-            match datastore.get_owner(group) {
-                Ok(ref group_owner) => {
-                    group_owner == owner
-                        || (group_owner.is_token()
-                            && !owner.is_token()
-                            && group_owner.user() == owner.user())
-                },
-                Err(err) => {
-                    // intentionally not in task log
-                    // the task user might not be allowed to see this group!
-                    println!("Failed to get owner of group '{}' - {}", group, err);
-                    false
-                },
-            }
-        } else {
-            true
+        match (datastore.get_owner(group), &owner) {
+            (Ok(ref group_owner), Some(owner)) => {
+                group_owner == owner
+                    || (group_owner.is_token()
+                        && !owner.is_token()
+                        && group_owner.user() == owner.user())
+            },
+            (Ok(_), None) => true,
+            (Err(err), Some(_)) => {
+                // intentionally not in task log
+                // the task user might not be allowed to see this group!
+                println!("Failed to get owner of group '{}' - {}", group, err);
+                false
+            },
+            (Err(err), None) => {
+                // we don't filter by owner, but we want to log the error
+                task_log!(
+                    worker,
+                    "Failed to get owner of group '{} - {}",
+                    group,
+                    err,
+                );
+                errors.push(group.to_string());
+                true
+            },
         }
     };
 
-- 
2.20.1






More information about the pbs-devel mailing list