[pbs-devel] [PATCH v2 proxmox-backup 13/31] api types: define remote permissions and roles for push sync

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Aug 7 12:45:35 CEST 2024 

Quoting Christian Ebner (2024-08-01 09:43:45)
> Adding the privileges to allow backup and prune on remote targets, to
> be used for sync jobs in push direction.
> 
> Also adds a dedicated role collecting the required privileges.
> 
> Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
> ---
> changes since version 1:
> - no changes
> 
>  pbs-api-types/src/acl.rs | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
> 
> diff --git a/pbs-api-types/src/acl.rs b/pbs-api-types/src/acl.rs
> index ef6398629..f644029fa 100644
> --- a/pbs-api-types/src/acl.rs
> +++ b/pbs-api-types/src/acl.rs
> @@ -58,6 +58,12 @@ constnamedbitmap! {
>          PRIV_REMOTE_MODIFY("Remote.Modify");
>          /// Remote.Read allows reading data from a configured `Remote`
>          PRIV_REMOTE_READ("Remote.Read");
> +        /// Remote.Backup allows Remote.Read and creating new snapshots on a configured `Remote`,
> +        /// but also requires backup ownership
> +        PRIV_REMOTE_BACKUP("Remote.Backup");
> +        /// Remote.Prune allows deleting snapshots on a configured `Remote`,
> +        /// but also requires backup ownership
> +        PRIV_REMOTE_PRUNE("Remote.Prune");
>  
>          /// Sys.Console allows access to the system's console
>          PRIV_SYS_CONSOLE("Sys.Console");
> @@ -151,6 +157,7 @@ pub const ROLE_REMOTE_AUDIT: u64 = 0
>  pub const ROLE_REMOTE_ADMIN: u64 = 0
>      | PRIV_REMOTE_AUDIT
>      | PRIV_REMOTE_MODIFY
> +    | PRIV_REMOTE_BACKUP
>      | PRIV_REMOTE_READ;

according to the description of the role, this should also get PRIV_REMOTE_PRUNE?

>  
>  #[rustfmt::skip]
> @@ -160,6 +167,14 @@ pub const ROLE_REMOTE_SYNC_OPERATOR: u64 = 0
>      | PRIV_REMOTE_AUDIT
>      | PRIV_REMOTE_READ;

do we want to copy+rename this to make the "PULL" explicit, and deprecate the old name?

>  
> +#[rustfmt::skip]
> +#[allow(clippy::identity_op)]
> +/// Remote.SyncPushOperator can do read, backup and prune on the remote.
> +pub const ROLE_REMOTE_SYNC_PUSH_OPERATOR: u64 = 0
> +    | PRIV_REMOTE_AUDIT
> +    | PRIV_REMOTE_BACKUP
> +    | PRIV_REMOTE_READ;

shouldn't just BACKUP be enough here? that implies having access to owned backups..

> +
>  #[rustfmt::skip]
>  #[allow(clippy::identity_op)]
>  /// Tape.Audit can audit the tape backup configuration and media content
> @@ -225,6 +240,8 @@ pub enum Role {
>      RemoteAdmin = ROLE_REMOTE_ADMIN,
>      /// Syncronisation Opertator
>      RemoteSyncOperator = ROLE_REMOTE_SYNC_OPERATOR,
> +    /// Syncronisation Opertator (push direction)

typo: Opertator

pre-existing typo: Synchronisation

> +    RemoteSyncPushOperator = ROLE_REMOTE_SYNC_PUSH_OPERATOR,
>      /// Tape Auditor
>      TapeAudit = ROLE_TAPE_AUDIT,
>      /// Tape Administrator
> -- 
> 2.39.2
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
> 
>

More information about the pbs-devel mailing list