[pbs-devel] [PATCH proxmox-backup 3/3] pull: only remove owned groups
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Jan 18 09:35:21 CET 2021
On January 18, 2021 6:57 am, Thomas Lamprecht wrote:
> On 15.01.21 11:48, Fabian Grünbichler wrote:
>> we also only create/add snapshots to owned groups when syncing, so
>> removing groups with different ownership is a rather confusing
>> side-effect..
>>
>> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
>> ---
>>
>> Notes:
>> came up in the forum, the restricted behaviour is better for mixed usage as
>> sync target and regular datastore, or sync target for multiple sources with
>> different owners..
>>
>> datastores just used as sync target for a single job should still behave the
>> same (they have a single owner), datastores used as sync target for multiple
>> jobs with the same owner should still not use remove_vanished.. we'd need to
>> keep track of the sync origin inside the group for that to work..
>>
>> src/client/pull.rs | 23 +++++++++++++++++------
>> 1 file changed, 17 insertions(+), 6 deletions(-)
>>
>> diff --git a/src/client/pull.rs b/src/client/pull.rs
>> index 15514374..33a6c0f1 100644
>> --- a/src/client/pull.rs
>> +++ b/src/client/pull.rs
>> @@ -590,11 +590,15 @@ pub async fn pull_store(
>>
>> let mut errors = false;
>>
>> - let mut new_groups = std::collections::HashSet::new();
>> + let mut remote_groups = std::collections::HashSet::new();
>> for item in list.iter() {
>> - new_groups.insert(BackupGroup::new(&item.backup_type, &item.backup_id));
>> + remote_groups.insert(BackupGroup::new(&item.backup_type, &item.backup_id));
>> }
>>
>> + let correct_owner = |owner: &Authid, auth_id: &Authid| -> bool {
>> + owner == auth_id || (owner.is_token() && &Authid::from(owner.user().clone()) == auth_id)
>> + };
>> +
>> let mut progress = StoreProgress::new(list.len() as u64);
>>
>> for (done, item) in list.into_iter().enumerate() {
>> @@ -617,7 +621,7 @@ pub async fn pull_store(
>> };
>>
>> // permission check
>> - if auth_id != owner {
>> + if !correct_owner(&owner, &auth_id) {
>
> this is now also changed to include token owned groups, or? As the `correct_owner` closure
> checks not only the replaced (negated) auth_id == owner but also an explicit token check?
>
> (did not looked to much at code out of context, just FYI)
yes. in practice it probably won't happen too often (i.e., switching
from token-owned sync job to corresponding-user-owned), but those are
the semantics we have for ownership checks when doing backups, so it
makes sense to also use them here IMHO.
>> // only the owner is allowed to create additional snapshots
>> worker.log(format!(
>> "sync group {}/{} failed - owner check failed ({} != {})",
>> @@ -645,9 +649,16 @@ pub async fn pull_store(
>>
>> if delete {
>> let result: Result<(), Error> = proxmox::try_block!({
>> - let local_groups = BackupInfo::list_backup_groups(&tgt_store.base_path())?;
>> - for local_group in local_groups {
>> - if new_groups.contains(&local_group) {
>> + let local_owned_groups: Vec<BackupGroup> =
>> + BackupInfo::list_backup_groups(&tgt_store.base_path())?
>> + .into_iter()
>> + .filter(|group| match tgt_store.get_owner(&group) {
>> + Ok(owner) => correct_owner(&owner, &auth_id),
>> + Err(_) => false,
>> + })
>> + .collect();
>> + for local_group in local_owned_groups {
>> + if remote_groups.contains(&local_group) {
>> continue;
>> }
>> worker.log(format!(
>>
>
>
>
More information about the pbs-devel
mailing list