[pbs-devel] [PATCH proxmox-backup] add datastore info api call

Thu Oct 22 12:39:19 CEST 2020

On 22.10.20 11:17, Oguz Bektas wrote:
> hi,
> 
> On Thu, Oct 22, 2020 at 10:02:23AM +0200, Fabian Grünbichler wrote:
>>
>> why READ and not AUDIT | BACKUP ? why partial if you only pass a single 
>> privilege?
> 
> i thought the minimum privilege should be view. one might want to add a
> datastore where only read access is given to them, to be able to restore
> backups from it for example. imposing audit/backup privs would prevent
> this, afaict
> 
>>
>>> +    },
>>> +)]
>>> +/// Get information about the datastore.
>>> +///
>>> +/// Provides PBS node fingerprint, address and datastore name
>>> +pub fn info(
>>> +    store: String,
>>> +    _info: &ApiMethod,
>>> +    _rpcenv: &mut dyn RpcEnvironment,
>>> +) -> Result<DataStoreInfo, Error> {
>>> +    let _datastore = DataStore::lookup_datastore(&store)?;
>>> +    let cert = CertInfo::new()?;
>>> +    let fingerprint = cert.fingerprint()?;
>>> +
>>> +    // get all possible interface IP addresses since there's
>>> +    // no explicit way to tell which is needed
>>> +    let (config, _) = network::config()?;
>>> +    let mut address_list = Vec::new();
>>> +    for (_ , interface) in config.interfaces.iter() {
>>> +        if let Some(cidr) = &interface.cidr {
>>> +            address_list.push(cidr.to_owned());
>>> +        }
>>> +    }
>>
>> doesn't this leak information that the user would/should not have access 
>> to? I mean, if I can do an API call I already have some way to reach the 
>> PBS server and we could just default to that on the client side.. 
>> possibly it would make sense to declare some interface as the 
>> 'external/public' one and return that if configured, but just returning 
>> all addresses of all interfaces seems a bit much..
> 
> yes, i wasn't sure how to handle this since in PVE we just take the
> corosync link but here it can be any interface.
> 
> i do like the suggestion to declare an interface the "public" one.
> but there could be multiple interfaces being utilized as well (like f.e.
> if the server has 2 addresses on two different subnets, with different
> datastores). then it would make things harder.
> 
> i'm open to different suggestions.
> 

The gui, or the CLI client could really just add the host/address used to make
the API call and put it into the presented encoded information.

One would have the client IP through the rpcenv, and could make some decision
based on that, theoretically, but I'd prefer the "client should fill in" 
approach over this.