A deserializer which takes an `&mut Value` and an object
schema reference and deserializes by extracting (removing)
the values from the references serde Value.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
They don't appear in the json data structure and therefore
should not be named separately in the schema. Structs with
flattened fields will become an `AllOf` schema instead.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
it seems that sometimes, the child process signal gets handled
before the parent process signal. Systemd then ignores the
childs signal (finished reloading) and only after going into
reloading state because of the parent. this will never finish.
Instead, wait for the state to change to 'reloading' after sending
that signal in the parent, an only fork afterwards. This way
we ensure that systemd knows about the reloading before actually trying
to do it.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-By: Fabian Ebner <f.ebner@proxmox.com>
to be non fatal for better error messages, this way the user
will see the compile error, but we still generate all the
code & schema variables so that one error isn't accompanied
by all the ones resulting from not having the generated code
there at all.
Eg.
error: description not allowed on external type
--> src/api2/access/user.rs:472:22
|
472 | description: "Get API token metadata (with config digest).",
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Was previously also accompanied by
error[E0425]: cannot find value `API_METHOD_READ_TOKEN` in this scope
--> src/api2/access/user.rs:774:11
|
699 | pub fn delete_token(
| ------ similarly named constant `API_METHOD_DELETE_TOKEN` defined here
...
774 | .get(&API_METHOD_READ_TOKEN)
| ^^^^^^^^^^^^^^^^^^^^^ help: a constant with a similar name exists: `API_METHOD_DELETE_TOKEN`
The second error was "wrong" and came much later, needlessly
filling the screen if this happened on multiple functions.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
References to external schemas (or types) already include
the description in the external schema and therefore are
illegal.
The implementation consists of multiple parts:
* Introduce a `Maybe` type which can be `Explicit`,
`Derived` or `None`.
* Forbid `Explicit` descriptions on references.
* Instead of bailing out on such errors which causes all of
the generated code to vanish and create heaps of
additional nonsensical errors, add a way to *add* errors
without bailing out immediately via the `error!()` macro.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
when authenticating a token, and not just when authenticating a
user/ticket.
Reported-By: Dominik Jäger <d.jaeger@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
sd_notify is not synchronous, iow. it only waits until the message
reaches the queue not until it is processed by systemd
when the process that sent such a message exits before systemd could
process it, it cannot be associated to the correct pid
so in case of reloading, we send a message with 'MAINPID=<newpid>'
to signal that it will change. if now the old process exits before
systemd knows this, it will not accept the 'READY=1' message from the
child, since it rejects the MAINPID change
since there is no (AFAICS) library interface to check the unit status,
we use 'systemctl is-active <SERVICE_NAME>' to check the state until
it is not 'reloading' anymore.
on newer systemd versions, there is 'sd_notify_barrier' which would
allow us to wait for systemd to have all messages from the current
pid to be processed before acknowledging to the child, but on buster
the systemd version is to old...
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Support raw parameter name identifiers (eg. `r#type`)
#[api(
input: {
properties: {
type: {
type: String,
description: "Foo",
},
},
},
)]
fn foo(r#type: String) { code... }
The "r#type" parameter in the fn decl will match the "type"
parameter name in the input property list.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
allow updates of minor api-macro releases, breaking ones should get
the first or second version tuple bumped anyway.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fixes a regression from commit f50a627f34
which resulted in re-using the prefix without sub-commands when calling
handle_simple_command(_future)
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
instead of await'ing the result of 'create_service' directly,
poll it together with the shutdown_future
if we reached that, fork_restart the new daemon, and await
the open future from 'create_service'
this way the old process still handles open connections until they finish,
while we already start a new process that handles new incoming connections
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
we have information here not available in the access log, especially
if the /api2/extjs formatter is used, which encapsulates errors in a
200 response.
So keep the auth log for now, but extend it use from create ticket
calls to all authentication failures for API calls, this ensures one
can also fail2ban tokens.
Do that logging in a central place, which makes it simple but means
that we do not have the user ID information available to include in
the log.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
re-use the future we already have for task log rotation to trigger
it.
Move the FileLogger in ApiConfig into an Arc, so that we can actually
update it and REST using the new one.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this is internal for now, use the comanndo socket struct
implementation, and ideally not a new one but the existing ones
created in the proxy and api daemons.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This is a preparatory step to replace the task control socket with it
and provide a "reopen log file" command for the rest server.
Kept it simple by disallowing to register new commands after the
socket gets spawned, this avoids the need for locking.
If we really need that we can always wrap it in a Arc<RWLock<..>> or
something like that, or even nicer, register at compile time.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
