From 36971618007a1abae29ff6ac652eb3afa27eb622 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Mon, 16 May 2022 11:00:56 +0200 Subject: [PATCH] prune: fix workerid issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit properly encode the namespace as separate field both for manual prunes and the job. fix the access checks as well now that the job doesn't use the jobid as workerid anymore. Signed-off-by: Fabian Grünbichler --- src/api2/admin/datastore.rs | 16 +++++----------- src/api2/node/tasks.rs | 17 +++++++++++------ src/server/prune_job.rs | 5 ++++- 3 files changed, 20 insertions(+), 18 deletions(-) diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs index d5532804..b99984e6 100644 --- a/src/api2/admin/datastore.rs +++ b/src/api2/admin/datastore.rs @@ -950,10 +950,9 @@ pub fn prune( ns: ns.clone(), }; + let worker_id = format!("{}:{}:{}", store, ns, group); let group = datastore.backup_group(ns, group); - let worker_id = format!("{}:{}", store, group); - let mut prune_result = Vec::new(); let list = group.list_backups()?; @@ -1081,6 +1080,8 @@ pub fn prune_datastore( let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?; let datastore = DataStore::lookup_datastore(&store, Some(Operation::Write))?; + let ns = ns.unwrap_or_default(); + let worker_id = format!("{}:{}", store, ns); let to_stdout = rpcenv.env_type() == RpcEnvironmentType::CLI; @@ -1088,18 +1089,11 @@ pub fn prune_datastore( let upid_str = WorkerTask::new_thread( "prune", - Some(store.clone()), + Some(worker_id), auth_id.to_string(), to_stdout, move |worker| { - crate::server::prune_datastore( - worker, - auth_id, - prune_options, - datastore, - ns.unwrap_or_default(), - dry_run, - ) + crate::server::prune_datastore(worker, auth_id, prune_options, datastore, ns, dry_run) }, )?; diff --git a/src/api2/node/tasks.rs b/src/api2/node/tasks.rs index f045dcac..9cd50e0e 100644 --- a/src/api2/node/tasks.rs +++ b/src/api2/node/tasks.rs @@ -64,12 +64,17 @@ fn check_job_privs(auth_id: &Authid, user_info: &CachedUserInfo, upid: &UPID) -> ) } ("prune", Some(workerid)) => { - return user_info.check_privs( - auth_id, - &["datastore", workerid], - PRIV_DATASTORE_MODIFY, - true, - ); + let mut acl_path = vec!["datastore"]; + acl_path.extend(workerid.split(':')); + let acl_path = match acl_path.len() { + 4 => &acl_path[..3], // contains group as fourth element + 2 | 3 => &acl_path[..], // store + optional NS + _ => { + bail!("invalid worker ID for prune task"); + } + }; + + return user_info.check_privs(auth_id, acl_path, PRIV_DATASTORE_MODIFY, true); } _ => bail!("not a scheduled job task"), }; diff --git a/src/server/prune_job.rs b/src/server/prune_job.rs index 3f2724dd..ca173091 100644 --- a/src/server/prune_job.rs +++ b/src/server/prune_job.rs @@ -104,14 +104,17 @@ pub fn do_prune_job( let worker_type = job.jobtype().to_string(); let auth_id = auth_id.clone(); + let worker_id = format!("{store}"); let upid_str = WorkerTask::new_thread( &worker_type, - Some(job.jobname().to_string()), + Some(worker_id), auth_id.to_string(), false, move |worker| { job.start(&worker.upid().to_string())?; + task_log!(worker, "prune job '{}'", job.jobname()); + if let Some(event_str) = schedule { task_log!(worker, "task triggered by schedule '{}'", event_str); }