[pbs-devel] [PATCH proxmox v11 4/4] s3 client: merge secrets config with client config

[Christian Ebner]

The secrets config was intended to be stored separately with reduced
access permissions, therefore not part of the regular client config.

In Proxmox Backup Server the config needs however to be accessible
also by the less privileged api endpoints, so this requires the same
permissions anyways. Therefore, drop the dedicates secrets config api
type (still not in use by anything else at the moment) and merge the
secret into the regular client config.

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
changes since version 10:
 - not present in previous version

 proxmox-s3-client/src/api_types.rs | 26 +++++---------------------
 proxmox-s3-client/src/client.rs    |  5 ++---
 2 files changed, 7 insertions(+), 24 deletions(-)

diff --git a/proxmox-s3-client/src/api_types.rs b/proxmox-s3-client/src/api_types.rs
index ab0c1ec1..51f71d84 100644
--- a/proxmox-s3-client/src/api_types.rs
+++ b/proxmox-s3-client/src/api_types.rs
@@ -103,6 +103,9 @@ pub const S3_BUCKET_NAME_SCHEMA: Schema = StringSchema::new("Bucket name for S3
         "access-key": {
             type: String,
         },
+        "secret-key": {
+            type: String,
+        },
         "path-style": {
             type: bool,
             optional: true,
@@ -134,6 +137,8 @@ pub struct S3ClientConfig {
     pub fingerprint: Option<String>,
     /// Access key for S3 object store.
     pub access_key: String,
+    /// Secret key for S3 object store.
+    pub secret_key: String,
     /// Use path style bucket addressing over vhost style.
     #[serde(skip_serializing_if = "Option::is_none")]
     pub path_style: Option<bool>,
@@ -149,24 +154,3 @@ impl S3ClientConfig {
         Vec::new()
     }
 }
-
-#[api(
-    properties: {
-        "secrets-id": {
-            type: String,
-        },
-        "secret-key": {
-            type: String,
-        },
-    }
-)]
-#[derive(Serialize, Deserialize, Updater, Clone, PartialEq)]
-#[serde(rename_all = "kebab-case")]
-/// S3 client secrets configuration properties.
-pub struct S3ClientSecretsConfig {
-    /// ID to identify s3 client secret config.
-    #[updater(skip)]
-    pub secrets_id: String,
-    /// Secret key for S3 object store.
-    pub secret_key: String,
-}
diff --git a/proxmox-s3-client/src/client.rs b/proxmox-s3-client/src/client.rs
index 5e9d7cb2..f418ee39 100644
--- a/proxmox-s3-client/src/client.rs
+++ b/proxmox-s3-client/src/client.rs
@@ -22,7 +22,7 @@ use proxmox_http::client::HttpsConnector;
 use proxmox_http::{Body, RateLimit, RateLimiter};
 use proxmox_schema::api_types::CERT_FINGERPRINT_SHA256_SCHEMA;
 
-use crate::api_types::{S3ClientConfig, S3ClientSecretsConfig};
+use crate::api_types::S3ClientConfig;
 use crate::aws_sign_v4::AWS_SIGN_V4_DATETIME_FORMAT;
 use crate::aws_sign_v4::{aws_sign_v4_signature, aws_sign_v4_uri_encode};
 use crate::object_key::S3ObjectKey;
@@ -75,7 +75,6 @@ impl S3ClientOptions {
     /// Construct options for the S3 client give the provided configuration parameters.
     pub fn from_config(
         config: S3ClientConfig,
-        secrets: S3ClientSecretsConfig,
         bucket: String,
         common_prefix: String,
     ) -> Self {
@@ -88,7 +87,7 @@ impl S3ClientOptions {
             region: config.region.unwrap_or("us-west-1".to_string()),
             fingerprint: config.fingerprint,
             access_key: config.access_key,
-            secret_key: secrets.secret_key,
+            secret_key: config.secret_key,
             put_rate_limit: config.put_rate_limit,
         }
     }
-- 
2.47.2