From ab5b64fadf04ba1ca1ab8c245ffa0c0037471b0a Mon Sep 17 00:00:00 2001 From: Christian Ebner Date: Fri, 4 Apr 2025 15:21:03 +0200 Subject: [PATCH] api: sync: honor sync jobs encrypted/verified only flags Extend the sync job config api to adapt the 'encrypted-only' and 'verified-only' flags, allowing to include only encrypted and/or verified backup snapshots, excluding others from the sync. Set these flags to the sync jobs push or pull parameters on job invocation. Signed-off-by: Christian Ebner Link: https://lore.proxmox.com/pbs-devel/20250404132106.388829-3-c.ebner@proxmox.com --- src/api2/config/sync.rs | 18 ++++++++++++++++++ src/api2/pull.rs | 17 ++++++++++++++++- src/api2/push.rs | 15 ++++++++++++++- src/server/pull.rs | 10 ++++++++++ src/server/push.rs | 10 ++++++++++ src/server/sync.rs | 2 ++ 6 files changed, 70 insertions(+), 2 deletions(-) diff --git a/src/api2/config/sync.rs b/src/api2/config/sync.rs index a8ea9346..6194d865 100644 --- a/src/api2/config/sync.rs +++ b/src/api2/config/sync.rs @@ -335,6 +335,10 @@ pub enum DeletableProperty { MaxDepth, /// Delete the transfer_last property, TransferLast, + /// Delete the encrypted_only property, + EncryptedOnly, + /// Delete the verified_only property, + VerifiedOnly, /// Delete the sync_direction property, SyncDirection, } @@ -448,6 +452,12 @@ pub fn update_sync_job( DeletableProperty::TransferLast => { data.transfer_last = None; } + DeletableProperty::EncryptedOnly => { + data.encrypted_only = None; + } + DeletableProperty::VerifiedOnly => { + data.verified_only = None; + } DeletableProperty::SyncDirection => { data.sync_direction = None; } @@ -491,6 +501,12 @@ pub fn update_sync_job( if let Some(resync_corrupt) = update.resync_corrupt { data.resync_corrupt = Some(resync_corrupt); } + if let Some(encrypted_only) = update.encrypted_only { + data.encrypted_only = Some(encrypted_only); + } + if let Some(verified_only) = update.verified_only { + data.verified_only = Some(verified_only); + } if let Some(sync_direction) = update.sync_direction { data.sync_direction = Some(sync_direction); } @@ -665,6 +681,8 @@ acl:1:/remote/remote1/remotestore1:write@pbs:RemoteSyncOperator schedule: None, limit: pbs_api_types::RateLimitConfig::default(), // no limit transfer_last: None, + encrypted_only: None, + verified_only: None, sync_direction: None, // use default }; diff --git a/src/api2/pull.rs b/src/api2/pull.rs index d8ed1a73..4b1fd5e6 100644 --- a/src/api2/pull.rs +++ b/src/api2/pull.rs @@ -10,7 +10,8 @@ use pbs_api_types::{ Authid, BackupNamespace, GroupFilter, RateLimitConfig, SyncJobConfig, DATASTORE_SCHEMA, GROUP_FILTER_LIST_SCHEMA, NS_MAX_DEPTH_REDUCED_SCHEMA, PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_PRUNE, PRIV_REMOTE_READ, REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA, - RESYNC_CORRUPT_SCHEMA, TRANSFER_LAST_SCHEMA, + RESYNC_CORRUPT_SCHEMA, SYNC_ENCRYPTED_ONLY_SCHEMA, SYNC_VERIFIED_ONLY_SCHEMA, + TRANSFER_LAST_SCHEMA, }; use pbs_config::CachedUserInfo; use proxmox_rest_server::WorkerTask; @@ -87,6 +88,8 @@ impl TryFrom<&SyncJobConfig> for PullParameters { sync_job.group_filter.clone(), sync_job.limit.clone(), sync_job.transfer_last, + sync_job.encrypted_only, + sync_job.verified_only, sync_job.resync_corrupt, ) } @@ -133,6 +136,14 @@ impl TryFrom<&SyncJobConfig> for PullParameters { schema: TRANSFER_LAST_SCHEMA, optional: true, }, + "encrypted-only": { + schema: SYNC_ENCRYPTED_ONLY_SCHEMA, + optional: true, + }, + "verified-only": { + schema: SYNC_VERIFIED_ONLY_SCHEMA, + optional: true, + }, "resync-corrupt": { schema: RESYNC_CORRUPT_SCHEMA, optional: true, @@ -161,6 +172,8 @@ async fn pull( group_filter: Option>, limit: RateLimitConfig, transfer_last: Option, + encrypted_only: Option, + verified_only: Option, resync_corrupt: Option, rpcenv: &mut dyn RpcEnvironment, ) -> Result { @@ -199,6 +212,8 @@ async fn pull( group_filter, limit, transfer_last, + encrypted_only, + verified_only, resync_corrupt, )?; diff --git a/src/api2/push.rs b/src/api2/push.rs index bf846bb3..e5edc13e 100644 --- a/src/api2/push.rs +++ b/src/api2/push.rs @@ -5,7 +5,8 @@ use pbs_api_types::{ Authid, BackupNamespace, GroupFilter, RateLimitConfig, DATASTORE_SCHEMA, GROUP_FILTER_LIST_SCHEMA, NS_MAX_DEPTH_REDUCED_SCHEMA, PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_READ, PRIV_REMOTE_DATASTORE_BACKUP, PRIV_REMOTE_DATASTORE_PRUNE, - REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA, TRANSFER_LAST_SCHEMA, + REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA, SYNC_ENCRYPTED_ONLY_SCHEMA, + SYNC_VERIFIED_ONLY_SCHEMA, TRANSFER_LAST_SCHEMA, }; use proxmox_rest_server::WorkerTask; use proxmox_router::{Permission, Router, RpcEnvironment}; @@ -91,6 +92,14 @@ fn check_push_privs( schema: GROUP_FILTER_LIST_SCHEMA, optional: true, }, + "encrypted-only": { + schema: SYNC_ENCRYPTED_ONLY_SCHEMA, + optional: true, + }, + "verified-only": { + schema: SYNC_VERIFIED_ONLY_SCHEMA, + optional: true, + }, limit: { type: RateLimitConfig, flatten: true, @@ -120,6 +129,8 @@ async fn push( remove_vanished: Option, max_depth: Option, group_filter: Option>, + encrypted_only: Option, + verified_only: Option, limit: RateLimitConfig, transfer_last: Option, rpcenv: &mut dyn RpcEnvironment, @@ -149,6 +160,8 @@ async fn push( remove_vanished, max_depth, group_filter, + encrypted_only, + verified_only, limit, transfer_last, ) diff --git a/src/server/pull.rs b/src/server/pull.rs index 2c0ad9e1..616d45eb 100644 --- a/src/server/pull.rs +++ b/src/server/pull.rs @@ -55,6 +55,10 @@ pub(crate) struct PullParameters { group_filter: Vec, /// How many snapshots should be transferred at most (taking the newest N snapshots) transfer_last: Option, + /// Only sync encrypted backup snapshots + encrypted_only: bool, + /// Only sync verified backup snapshots + verified_only: bool, /// Whether to re-sync corrupted snapshots resync_corrupt: bool, } @@ -74,6 +78,8 @@ impl PullParameters { group_filter: Option>, limit: RateLimitConfig, transfer_last: Option, + encrypted_only: Option, + verified_only: Option, resync_corrupt: Option, ) -> Result { if let Some(max_depth) = max_depth { @@ -82,6 +88,8 @@ impl PullParameters { }; let remove_vanished = remove_vanished.unwrap_or(false); let resync_corrupt = resync_corrupt.unwrap_or(false); + let encrypted_only = encrypted_only.unwrap_or(false); + let verified_only = verified_only.unwrap_or(false); let source: Arc = if let Some(remote) = remote { let (remote_config, _digest) = pbs_config::remote::config()?; @@ -120,6 +128,8 @@ impl PullParameters { max_depth, group_filter, transfer_last, + encrypted_only, + verified_only, resync_corrupt, }) } diff --git a/src/server/push.rs b/src/server/push.rs index 0db3dff3..1fb447b5 100644 --- a/src/server/push.rs +++ b/src/server/push.rs @@ -73,6 +73,10 @@ pub(crate) struct PushParameters { max_depth: Option, /// Filters for reducing the push scope group_filter: Vec, + /// Synchronize only encrypted backup snapshots + encrypted_only: bool, + /// Synchronize only verified backup snapshots + verified_only: bool, /// How many snapshots should be transferred at most (taking the newest N snapshots) transfer_last: Option, } @@ -90,6 +94,8 @@ impl PushParameters { remove_vanished: Option, max_depth: Option, group_filter: Option>, + encrypted_only: Option, + verified_only: Option, limit: RateLimitConfig, transfer_last: Option, ) -> Result { @@ -98,6 +104,8 @@ impl PushParameters { remote_ns.check_max_depth(max_depth)?; }; let remove_vanished = remove_vanished.unwrap_or(false); + let encrypted_only = encrypted_only.unwrap_or(false); + let verified_only = verified_only.unwrap_or(false); let store = DataStore::lookup_datastore(store, Some(Operation::Read))?; if !store.namespace_exists(&ns) { @@ -149,6 +157,8 @@ impl PushParameters { remove_vanished, max_depth, group_filter, + encrypted_only, + verified_only, transfer_last, }) } diff --git a/src/server/sync.rs b/src/server/sync.rs index 10804b14..d424a6b4 100644 --- a/src/server/sync.rs +++ b/src/server/sync.rs @@ -671,6 +671,8 @@ pub fn do_sync_job( sync_job.remove_vanished, sync_job.max_depth, sync_job.group_filter.clone(), + sync_job.encrypted_only, + sync_job.verified_only, sync_job.limit.clone(), sync_job.transfer_last, )