steve
f0dfa689fe
Three small follow-ups from review:
1. Restore target is now operator-editable. Default value is the
literal '\$HOME/rm-restore/<job-id>/' (agent expands \$HOME at
run time using os.UserHomeDir(); also handles \${HOME} and ~/
prefixes). Operator can replace with any absolute path.
- ui_restore.go validates the input is either absolute or starts
with one of the recognised prefixes; other env-var refs (\$PATH
etc.) are deliberately rejected so operator paths can't pick up
arbitrary agent env values.
- host_restore.html replaces the read-only mono-text display with
a real <input>; help text spells out that \$HOME resolves
agent-side and <job-id> is substituted on dispatch.
- install.sh + the systemd unit prep /root/rm-restore so the
default works under the sandbox: ReadWritePaths gains a soft
'-/root/rm-restore' entry (the '-' makes the bind-mount soft-fail
if missing, but install.sh pre-creates it root-owned 0700).
2. --no-ownership flag now gated on restic version. The flag was
added in restic 0.17 and 0.16 rejects it. Previously dropped it
wholesale — that meant new-dir restores silently preserved
ownership against design intent on 0.17+. Now the agent threads
its detected restic version (sysinfo already collects it) through
runner.Config -> restic.Env, and RunRestore appends --no-ownership
only when AtLeastVersion(0, 17) returns true. 0.16 hosts still
restore with original uid/gid; help text in the wizard explicitly
notes this. The previous 'Original ownership is preserved' copy
was wrong for new-dir mode and is corrected.
3. golangci-lint misspell locale switched US -> UK and the codebase
swept (73 corrections, mostly behaviour/serialise/recognise/honour).
Wire-format ErrorCode 'unauthorized' -> 'unauthorised' is a tiny
contract change but the agent doesn't parse those codes today and
no external API consumers exist yet. Tests passed before + after.
Tests:
- internal/restic/version_test.go covers Env.AtLeastVersion across
edge cases (empty, exact match, patch above, minor below, non-
numeric) and expandHome on \$HOME / \${HOME} / ~/, plus
pass-through for absolute paths and refusal of other env vars.
- ui_restore_test updated: TargetDir now starts '\$HOME/rm-restore/'
with the job_id substituted into the placeholder.
Live verified on the smoke env: default target restored to
/root/rm-restore/<job-id>/ as the agent's expanded \$HOME (2 files,
14 bytes); custom override '/tmp/custom-restore/<job-id>/' restored
into the agent's PrivateTmp namespace (1 file, 6 bytes); both jobs
'succeeded', exit 0.
145 lines
4.7 KiB
Go
145 lines
4.7 KiB
Go
// repo_maintenance.go — REST API for /api/hosts/{id}/repo-maintenance.
|
|
//
|
|
// Cadence rows for the three repo-wide verbs (forget / prune / check).
|
|
// Edits do NOT bump host_schedule_version: the server-side maintenance
|
|
// ticker drives execution (P2R-06), not the agent's local cron.
|
|
package http
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
stdhttp "net/http"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
|
|
)
|
|
|
|
type repoMaintenanceView struct {
|
|
HostID string `json:"host_id"`
|
|
ForgetCron string `json:"forget_cron"`
|
|
ForgetEnabled bool `json:"forget_enabled"`
|
|
PruneCron string `json:"prune_cron"`
|
|
PruneEnabled bool `json:"prune_enabled"`
|
|
CheckCron string `json:"check_cron"`
|
|
CheckEnabled bool `json:"check_enabled"`
|
|
CheckSubsetPct int `json:"check_subset_pct"`
|
|
}
|
|
|
|
func toRepoMaintenanceView(m store.HostRepoMaintenance) repoMaintenanceView {
|
|
return repoMaintenanceView{
|
|
HostID: m.HostID,
|
|
ForgetCron: m.ForgetCron,
|
|
ForgetEnabled: m.ForgetEnabled,
|
|
PruneCron: m.PruneCron,
|
|
PruneEnabled: m.PruneEnabled,
|
|
CheckCron: m.CheckCron,
|
|
CheckEnabled: m.CheckEnabled,
|
|
CheckSubsetPct: m.CheckSubsetPct,
|
|
}
|
|
}
|
|
|
|
func (s *Server) handleGetRepoMaintenance(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
if !s.authedUser(r) {
|
|
writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "")
|
|
return
|
|
}
|
|
hostID := chi.URLParam(r, "id")
|
|
if _, err := s.deps.Store.GetHost(r.Context(), hostID); err != nil {
|
|
writeJSONError(w, stdhttp.StatusNotFound, "host_not_found", "")
|
|
return
|
|
}
|
|
m, err := s.deps.Store.GetRepoMaintenance(r.Context(), hostID)
|
|
if err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
// Self-heal: seed and return the defaults so the UI never
|
|
// has to handle a 404 here. Hosts enrolled before the
|
|
// migration may legitimately be missing the row.
|
|
if seedErr := s.deps.Store.CreateDefaultRepoMaintenance(r.Context(), hostID); seedErr != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "")
|
|
return
|
|
}
|
|
m, err = s.deps.Store.GetRepoMaintenance(r.Context(), hostID)
|
|
if err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "")
|
|
return
|
|
}
|
|
} else {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "")
|
|
return
|
|
}
|
|
}
|
|
writeJSON(w, stdhttp.StatusOK, toRepoMaintenanceView(*m))
|
|
}
|
|
|
|
type repoMaintenanceWriteRequest struct {
|
|
ForgetCron string `json:"forget_cron"`
|
|
ForgetEnabled bool `json:"forget_enabled"`
|
|
PruneCron string `json:"prune_cron"`
|
|
PruneEnabled bool `json:"prune_enabled"`
|
|
CheckCron string `json:"check_cron"`
|
|
CheckEnabled bool `json:"check_enabled"`
|
|
CheckSubsetPct int `json:"check_subset_pct"`
|
|
}
|
|
|
|
func (s *Server) handleUpdateRepoMaintenance(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
if !s.authedUser(r) {
|
|
writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "")
|
|
return
|
|
}
|
|
hostID := chi.URLParam(r, "id")
|
|
if _, err := s.deps.Store.GetHost(r.Context(), hostID); err != nil {
|
|
writeJSONError(w, stdhttp.StatusNotFound, "host_not_found", "")
|
|
return
|
|
}
|
|
var req repoMaintenanceWriteRequest
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_json", err.Error())
|
|
return
|
|
}
|
|
for label, expr := range map[string]string{
|
|
"forget_cron": req.ForgetCron,
|
|
"prune_cron": req.PruneCron,
|
|
"check_cron": req.CheckCron,
|
|
} {
|
|
if expr == "" {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "missing_field", label+" required")
|
|
return
|
|
}
|
|
if _, err := cronParser.Parse(expr); err != nil {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_cron", label+": "+err.Error())
|
|
return
|
|
}
|
|
}
|
|
if req.CheckSubsetPct < 0 || req.CheckSubsetPct > 100 {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_value",
|
|
"check_subset_pct must be 0..100")
|
|
return
|
|
}
|
|
// Ensure the row exists (older hosts may pre-date the auto-seed).
|
|
if err := s.deps.Store.CreateDefaultRepoMaintenance(r.Context(), hostID); err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", "")
|
|
return
|
|
}
|
|
m := store.HostRepoMaintenance{
|
|
HostID: hostID,
|
|
ForgetCron: req.ForgetCron,
|
|
ForgetEnabled: req.ForgetEnabled,
|
|
PruneCron: req.PruneCron,
|
|
PruneEnabled: req.PruneEnabled,
|
|
CheckCron: req.CheckCron,
|
|
CheckEnabled: req.CheckEnabled,
|
|
CheckSubsetPct: req.CheckSubsetPct,
|
|
}
|
|
if err := s.deps.Store.UpdateRepoMaintenance(r.Context(), &m); err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
out, _ := s.deps.Store.GetRepoMaintenance(r.Context(), hostID)
|
|
if out != nil {
|
|
writeJSON(w, stdhttp.StatusOK, toRepoMaintenanceView(*out))
|
|
return
|
|
}
|
|
writeJSON(w, stdhttp.StatusOK, toRepoMaintenanceView(m))
|
|
}
|