steve
a781e95c94
Three small follow-ups from review:
1. Restore target is now operator-editable. Default value is the
literal '\$HOME/rm-restore/<job-id>/' (agent expands \$HOME at
run time using os.UserHomeDir(); also handles \${HOME} and ~/
prefixes). Operator can replace with any absolute path.
- ui_restore.go validates the input is either absolute or starts
with one of the recognised prefixes; other env-var refs (\$PATH
etc.) are deliberately rejected so operator paths can't pick up
arbitrary agent env values.
- host_restore.html replaces the read-only mono-text display with
a real <input>; help text spells out that \$HOME resolves
agent-side and <job-id> is substituted on dispatch.
- install.sh + the systemd unit prep /root/rm-restore so the
default works under the sandbox: ReadWritePaths gains a soft
'-/root/rm-restore' entry (the '-' makes the bind-mount soft-fail
if missing, but install.sh pre-creates it root-owned 0700).
2. --no-ownership flag now gated on restic version. The flag was
added in restic 0.17 and 0.16 rejects it. Previously dropped it
wholesale — that meant new-dir restores silently preserved
ownership against design intent on 0.17+. Now the agent threads
its detected restic version (sysinfo already collects it) through
runner.Config -> restic.Env, and RunRestore appends --no-ownership
only when AtLeastVersion(0, 17) returns true. 0.16 hosts still
restore with original uid/gid; help text in the wizard explicitly
notes this. The previous 'Original ownership is preserved' copy
was wrong for new-dir mode and is corrected.
3. golangci-lint misspell locale switched US -> UK and the codebase
swept (73 corrections, mostly behaviour/serialise/recognise/honour).
Wire-format ErrorCode 'unauthorized' -> 'unauthorised' is a tiny
contract change but the agent doesn't parse those codes today and
no external API consumers exist yet. Tests passed before + after.
Tests:
- internal/restic/version_test.go covers Env.AtLeastVersion across
edge cases (empty, exact match, patch above, minor below, non-
numeric) and expandHome on \$HOME / \${HOME} / ~/, plus
pass-through for absolute paths and refusal of other env vars.
- ui_restore_test updated: TargetDir now starts '\$HOME/rm-restore/'
with the job_id substituted into the placeholder.
Live verified on the smoke env: default target restored to
/root/rm-restore/<job-id>/ as the agent's expanded \$HOME (2 files,
14 bytes); custom override '/tmp/custom-restore/<job-id>/' restored
into the agent's PrivateTmp namespace (1 file, 6 bytes); both jobs
'succeeded', exit 0.
243 lines
8.4 KiB
Go
243 lines
8.4 KiB
Go
// source_groups.go — REST API for /api/hosts/{id}/source-groups.
|
|
//
|
|
// A source group is "what gets backed up": a named bundle of include
|
|
// + exclude paths, a retention policy, and retry knobs. Group name
|
|
// doubles as the snapshot tag (restic --tag <name>).
|
|
package http
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
stdhttp "net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/oklog/ulid/v2"
|
|
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
|
|
)
|
|
|
|
// sourceGroupView is the JSON shape returned by GET endpoints.
|
|
type sourceGroupView struct {
|
|
ID string `json:"id"`
|
|
HostID string `json:"host_id"`
|
|
Name string `json:"name"`
|
|
Includes []string `json:"includes"`
|
|
Excludes []string `json:"excludes"`
|
|
RetentionPolicy store.RetentionPolicy `json:"retention_policy"`
|
|
RetryMax int `json:"retry_max"`
|
|
RetryBackoffSeconds int `json:"retry_backoff_seconds"`
|
|
ConflictDimension string `json:"conflict_dimension,omitempty"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
}
|
|
|
|
func toSourceGroupView(g store.SourceGroup) sourceGroupView {
|
|
includes := g.Includes
|
|
if includes == nil {
|
|
includes = []string{}
|
|
}
|
|
excludes := g.Excludes
|
|
if excludes == nil {
|
|
excludes = []string{}
|
|
}
|
|
return sourceGroupView{
|
|
ID: g.ID, HostID: g.HostID, Name: g.Name,
|
|
Includes: includes, Excludes: excludes,
|
|
RetentionPolicy: g.RetentionPolicy,
|
|
RetryMax: g.RetryMax,
|
|
RetryBackoffSeconds: g.RetryBackoffSeconds,
|
|
ConflictDimension: g.ConflictDimension,
|
|
CreatedAt: g.CreatedAt,
|
|
UpdatedAt: g.UpdatedAt,
|
|
}
|
|
}
|
|
|
|
// sourceGroupWriteRequest is the body of POST and PUT.
|
|
type sourceGroupWriteRequest struct {
|
|
Name string `json:"name"`
|
|
Includes []string `json:"includes"`
|
|
Excludes []string `json:"excludes"`
|
|
RetentionPolicy store.RetentionPolicy `json:"retention_policy"`
|
|
RetryMax int `json:"retry_max"`
|
|
RetryBackoffSeconds int `json:"retry_backoff_seconds"`
|
|
}
|
|
|
|
func (s *Server) handleListSourceGroups(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
if !s.authedUser(r) {
|
|
writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "")
|
|
return
|
|
}
|
|
hostID := chi.URLParam(r, "id")
|
|
if _, err := s.deps.Store.GetHost(r.Context(), hostID); err != nil {
|
|
writeJSONError(w, stdhttp.StatusNotFound, "host_not_found", "")
|
|
return
|
|
}
|
|
rows, err := s.deps.Store.ListSourceGroupsByHost(r.Context(), hostID)
|
|
if err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "")
|
|
return
|
|
}
|
|
out := make([]sourceGroupView, 0, len(rows))
|
|
for _, g := range rows {
|
|
out = append(out, toSourceGroupView(g))
|
|
}
|
|
writeJSON(w, stdhttp.StatusOK, struct {
|
|
SourceGroups []sourceGroupView `json:"source_groups"`
|
|
}{SourceGroups: out})
|
|
}
|
|
|
|
func (s *Server) handleGetSourceGroup(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
if !s.authedUser(r) {
|
|
writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "")
|
|
return
|
|
}
|
|
hostID := chi.URLParam(r, "id")
|
|
groupID := chi.URLParam(r, "gid")
|
|
g, err := s.deps.Store.GetSourceGroup(r.Context(), hostID, groupID)
|
|
if err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
writeJSONError(w, stdhttp.StatusNotFound, "group_not_found", "")
|
|
return
|
|
}
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "")
|
|
return
|
|
}
|
|
writeJSON(w, stdhttp.StatusOK, toSourceGroupView(*g))
|
|
}
|
|
|
|
func (s *Server) handleCreateSourceGroup(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
if !s.authedUser(r) {
|
|
writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "")
|
|
return
|
|
}
|
|
hostID := chi.URLParam(r, "id")
|
|
if _, err := s.deps.Store.GetHost(r.Context(), hostID); err != nil {
|
|
writeJSONError(w, stdhttp.StatusNotFound, "host_not_found", "")
|
|
return
|
|
}
|
|
var req sourceGroupWriteRequest
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_json", err.Error())
|
|
return
|
|
}
|
|
req.Name = strings.TrimSpace(req.Name)
|
|
if req.Name == "" {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "missing_field", "name required")
|
|
return
|
|
}
|
|
// Name must be unique per host (the store has a UNIQUE constraint
|
|
// but pre-check gives a friendlier error than a 500).
|
|
if existing, err := s.deps.Store.GetSourceGroupByName(r.Context(), hostID, req.Name); err == nil && existing != nil {
|
|
writeJSONError(w, stdhttp.StatusConflict, "name_taken",
|
|
"a source group named "+req.Name+" already exists on this host")
|
|
return
|
|
}
|
|
|
|
g := store.SourceGroup{
|
|
ID: ulid.Make().String(), HostID: hostID, Name: req.Name,
|
|
Includes: req.Includes, Excludes: req.Excludes,
|
|
RetentionPolicy: req.RetentionPolicy,
|
|
RetryMax: req.RetryMax,
|
|
RetryBackoffSeconds: req.RetryBackoffSeconds,
|
|
}
|
|
if err := s.deps.Store.CreateSourceGroup(r.Context(), &g); err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
s.pushScheduleSetAsync(hostID)
|
|
writeJSON(w, stdhttp.StatusCreated, toSourceGroupView(g))
|
|
}
|
|
|
|
func (s *Server) handleUpdateSourceGroup(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
if !s.authedUser(r) {
|
|
writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "")
|
|
return
|
|
}
|
|
hostID := chi.URLParam(r, "id")
|
|
groupID := chi.URLParam(r, "gid")
|
|
if _, err := s.deps.Store.GetSourceGroup(r.Context(), hostID, groupID); err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
writeJSONError(w, stdhttp.StatusNotFound, "group_not_found", "")
|
|
return
|
|
}
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "")
|
|
return
|
|
}
|
|
var req sourceGroupWriteRequest
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_json", err.Error())
|
|
return
|
|
}
|
|
req.Name = strings.TrimSpace(req.Name)
|
|
if req.Name == "" {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "missing_field", "name required")
|
|
return
|
|
}
|
|
// If renaming, ensure the new name doesn't collide with another group.
|
|
if existing, err := s.deps.Store.GetSourceGroupByName(r.Context(), hostID, req.Name); err == nil && existing != nil && existing.ID != groupID {
|
|
writeJSONError(w, stdhttp.StatusConflict, "name_taken",
|
|
"a source group named "+req.Name+" already exists on this host")
|
|
return
|
|
}
|
|
|
|
g := store.SourceGroup{
|
|
ID: groupID, HostID: hostID, Name: req.Name,
|
|
Includes: req.Includes, Excludes: req.Excludes,
|
|
RetentionPolicy: req.RetentionPolicy,
|
|
RetryMax: req.RetryMax,
|
|
RetryBackoffSeconds: req.RetryBackoffSeconds,
|
|
}
|
|
if err := s.deps.Store.UpdateSourceGroup(r.Context(), &g); err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
s.pushScheduleSetAsync(hostID)
|
|
out, _ := s.deps.Store.GetSourceGroup(r.Context(), hostID, groupID)
|
|
if out != nil {
|
|
writeJSON(w, stdhttp.StatusOK, toSourceGroupView(*out))
|
|
return
|
|
}
|
|
writeJSON(w, stdhttp.StatusOK, toSourceGroupView(g))
|
|
}
|
|
|
|
// handleDeleteSourceGroup refuses to delete a group that is still
|
|
// referenced by any schedule. Returns 409 with the schedule list so
|
|
// the UI can offer "remove from these schedules first."
|
|
func (s *Server) handleDeleteSourceGroup(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
if !s.authedUser(r) {
|
|
writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "")
|
|
return
|
|
}
|
|
hostID := chi.URLParam(r, "id")
|
|
groupID := chi.URLParam(r, "gid")
|
|
using, err := s.deps.Store.SchedulesUsingGroup(r.Context(), groupID)
|
|
if err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "")
|
|
return
|
|
}
|
|
if len(using) > 0 {
|
|
writeJSON(w, stdhttp.StatusConflict, struct {
|
|
Code string `json:"code"`
|
|
Message string `json:"message"`
|
|
Schedules []string `json:"schedules"`
|
|
}{
|
|
Code: "group_in_use",
|
|
Message: "remove this group from the listed schedules before deleting",
|
|
Schedules: using,
|
|
})
|
|
return
|
|
}
|
|
if err := s.deps.Store.DeleteSourceGroup(r.Context(), hostID, groupID); err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
writeJSONError(w, stdhttp.StatusNotFound, "group_not_found", "")
|
|
return
|
|
}
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
s.pushScheduleSetAsync(hostID)
|
|
w.WriteHeader(stdhttp.StatusNoContent)
|
|
}
|