From 456456483e3c50eacb7cc171e203f7d4ce594091 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Mon, 16 May 2022 09:10:01 +0200
Subject: [PATCH] datastore: ns iter: clamp depth to MAX_NAMESPACE_DEPTH from
 datastore root

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 pbs-datastore/src/hierarchy.rs | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/pbs-datastore/src/hierarchy.rs b/pbs-datastore/src/hierarchy.rs
index 688a0dd3..670f0546 100644
--- a/pbs-datastore/src/hierarchy.rs
+++ b/pbs-datastore/src/hierarchy.rs
@@ -231,15 +231,24 @@ impl ListNamespacesRecursive {
         Self::new_max_depth(store, ns, pbs_api_types::MAX_NAMESPACE_DEPTH)
     }
 
-    /// Creates an recursive namespace iterator with max_depth
+    /// Creates an recursive namespace iterator that iterates recursively until depth is reached.
+    ///
+    /// `depth` must be smaller than pbs_api_types::MAX_NAMESPACE_DEPTH.
+    ///
+    /// Depth is counted relatively, that means not from the datastore as anchor, but from `ns`,
+    /// and it will be clamped to `min(depth, MAX_NAMESPACE_DEPTH - ns.depth())` automatically.
     pub fn new_max_depth(
         store: Arc<DataStore>,
         ns: BackupNamespace,
         max_depth: usize,
     ) -> Result<Self, Error> {
         if max_depth > pbs_api_types::MAX_NAMESPACE_DEPTH {
-            bail!("max_depth must be smaller 8");
+            let limit = pbs_api_types::MAX_NAMESPACE_DEPTH + 1;
+            bail!("depth must be smaller than {limit}");
         }
+        // always clamp, but don't error if we violated relative depth, makes it simpler to use.
+        let max_depth = std::cmp::min(max_depth, pbs_api_types::MAX_NAMESPACE_DEPTH - ns.depth());
+
         Ok(ListNamespacesRecursive {
             store,
             ns,