product-config: code cleanup
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
This commit is contained in:
parent
8219565d6a
commit
6c30be2280
@ -1,4 +1,7 @@
|
||||
use std::path::Path;
|
||||
|
||||
use anyhow::Error;
|
||||
use nix::sys::stat::Mode;
|
||||
|
||||
use proxmox_sys::fs::CreateOptions;
|
||||
|
||||
@ -7,7 +10,7 @@ use super::{get_api_user, get_priv_user};
|
||||
/// Return [CreateOptions] for files owned by `api_user.uid/api_user.gid` with mode `0640`.
|
||||
pub fn default_create_options() -> CreateOptions {
|
||||
let api_user = get_api_user();
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
|
||||
let mode = Mode::from_bits_truncate(0o0640);
|
||||
proxmox_sys::fs::CreateOptions::new()
|
||||
.perm(mode)
|
||||
.owner(api_user.uid)
|
||||
@ -20,7 +23,7 @@ pub fn default_create_options() -> CreateOptions {
|
||||
pub fn privileged_create_options() -> CreateOptions {
|
||||
let api_user = get_api_user();
|
||||
let priv_user = get_priv_user();
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
|
||||
let mode = Mode::from_bits_truncate(0o0640);
|
||||
proxmox_sys::fs::CreateOptions::new()
|
||||
.perm(mode)
|
||||
.owner(priv_user.uid)
|
||||
@ -32,7 +35,7 @@ pub fn privileged_create_options() -> CreateOptions {
|
||||
/// Only the superuser can read and write those files.
|
||||
pub fn secret_create_options() -> CreateOptions {
|
||||
let priv_user = get_priv_user();
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
|
||||
let mode = Mode::from_bits_truncate(0o0600);
|
||||
proxmox_sys::fs::CreateOptions::new()
|
||||
.perm(mode)
|
||||
.owner(priv_user.uid)
|
||||
@ -44,7 +47,7 @@ pub fn secret_create_options() -> CreateOptions {
|
||||
/// Everyone can read, but only the superuser can write those files. This is usually used
|
||||
/// for system configuration files inside "/etc/" (i.e. "/etc/resolv.conf").
|
||||
pub fn system_config_create_options() -> CreateOptions {
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
|
||||
let mode = Mode::from_bits_truncate(0o0644);
|
||||
proxmox_sys::fs::CreateOptions::new()
|
||||
.perm(mode)
|
||||
.owner(nix::unistd::ROOT)
|
||||
@ -55,7 +58,7 @@ pub fn system_config_create_options() -> CreateOptions {
|
||||
pub fn lockfile_create_options() -> CreateOptions {
|
||||
let api_user = get_api_user();
|
||||
proxmox_sys::fs::CreateOptions::new()
|
||||
.perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
|
||||
.perm(Mode::from_bits_truncate(0o660))
|
||||
.owner(api_user.uid)
|
||||
.group(api_user.gid)
|
||||
}
|
||||
@ -63,17 +66,14 @@ pub fn lockfile_create_options() -> CreateOptions {
|
||||
/// Atomically write data to file owned by `priv_user.uid:api-user.gid` with permission `0640`
|
||||
///
|
||||
/// Only the superuser can write those files, but group 'api-user' can read them.
|
||||
pub fn replace_privileged_config<P: AsRef<std::path::Path>>(
|
||||
path: P,
|
||||
data: &[u8],
|
||||
) -> Result<(), Error> {
|
||||
pub fn replace_privileged_config<P: AsRef<Path>>(path: P, data: &[u8]) -> Result<(), Error> {
|
||||
let options = privileged_create_options();
|
||||
proxmox_sys::fs::replace_file(path, data, options, true)?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Atomically write data to file owned by `api-user.uid:api-user.gid` with permission `0660`.
|
||||
pub fn replace_config<P: AsRef<std::path::Path>>(path: P, data: &[u8]) -> Result<(), Error> {
|
||||
pub fn replace_config<P: AsRef<Path>>(path: P, data: &[u8]) -> Result<(), Error> {
|
||||
let options = default_create_options();
|
||||
proxmox_sys::fs::replace_file(path, data, options, true)?;
|
||||
Ok(())
|
||||
@ -82,7 +82,7 @@ pub fn replace_config<P: AsRef<std::path::Path>>(path: P, data: &[u8]) -> Result
|
||||
/// Atomically write data to file owned by `priv_user.uid:priv_user.gid` with permission `0600`.
|
||||
///
|
||||
/// Only the superuser can read and write those files.
|
||||
pub fn replace_secret_config<P: AsRef<std::path::Path>>(path: P, data: &[u8]) -> Result<(), Error> {
|
||||
pub fn replace_secret_config<P: AsRef<Path>>(path: P, data: &[u8]) -> Result<(), Error> {
|
||||
let options = secret_create_options();
|
||||
proxmox_sys::fs::replace_file(path, data, options, true)?;
|
||||
Ok(())
|
||||
@ -92,7 +92,7 @@ pub fn replace_secret_config<P: AsRef<std::path::Path>>(path: P, data: &[u8]) ->
|
||||
///
|
||||
/// Everyone can read, but only the superuser can write those files. This is usually used
|
||||
/// for system configuration files inside "/etc/" (i.e. "/etc/resolv.conf").
|
||||
pub fn replace_system_config<P: AsRef<std::path::Path>>(path: P, data: &[u8]) -> Result<(), Error> {
|
||||
pub fn replace_system_config<P: AsRef<Path>>(path: P, data: &[u8]) -> Result<(), Error> {
|
||||
let options = system_config_create_options();
|
||||
proxmox_sys::fs::replace_file(path, data, options, true)?;
|
||||
Ok(())
|
||||
@ -119,7 +119,7 @@ pub unsafe fn create_mocked_lock() -> ApiLockGuard {
|
||||
/// The lock is released as soon as you drop the returned lock guard.
|
||||
///
|
||||
/// Note: This method needs to be called by user `root` or `api-user`.
|
||||
pub fn open_api_lockfile<P: AsRef<std::path::Path>>(
|
||||
pub fn open_api_lockfile<P: AsRef<Path>>(
|
||||
path: P,
|
||||
timeout: Option<std::time::Duration>,
|
||||
exclusive: bool,
|
||||
|
Loading…
x
Reference in New Issue
Block a user