Disallow '

* Add backup location to info/list API calls

* Requested adjustments

requirements_tests.txt

@@ -2,7 +2,7 @@ black==23.3.0
 coverage==7.2.7
 flake8-docstrings==1.7.0
 flake8==6.0.0
-pre-commit==3.3.2
+pre-commit==3.3.3
 pydocstyle==6.3.0
 pylint==2.17.4
 pytest-aiohttp==1.0.4

supervisor/api/backups.py

@@ -100,6 +100,7 @@ class APIBackups(CoreSysAttributes):
                 ATTR_DATE: backup.date,
                 ATTR_TYPE: backup.sys_type,
                 ATTR_SIZE: backup.size,
+                ATTR_LOCATON: backup.location,
                 ATTR_PROTECTED: backup.protected,
                 ATTR_COMPRESSED: backup.compressed,
                 ATTR_CONTENT: {
@@ -172,6 +173,7 @@ class APIBackups(CoreSysAttributes):
             ATTR_PROTECTED: backup.protected,
             ATTR_SUPERVISOR_VERSION: backup.supervisor_version,
             ATTR_HOMEASSISTANT: backup.homeassistant_version,
+            ATTR_LOCATON: backup.location,
             ATTR_ADDONS: data_addons,
             ATTR_REPOSITORIES: backup.repositories,
             ATTR_FOLDERS: backup.folders,

supervisor/backups/backup.py

@@ -2,6 +2,7 @@
 from base64 import b64decode, b64encode
 from collections.abc import Awaitable
 from datetime import timedelta
+from functools import cached_property
 import json
 import logging
 from pathlib import Path
@@ -150,6 +151,14 @@ class Backup(CoreSysAttributes):
         """Set the Docker config data."""
         self._data[ATTR_DOCKER] = value
 
+    @cached_property
+    def location(self) -> str | None:
+        """Return the location of the backup."""
+        for backup_mount in self.sys_mounts.backup_mounts:
+            if self.tarfile.is_relative_to(backup_mount.local_where):
+                return backup_mount.name
+        return None
+
     @property
     def size(self):
         """Return backup size."""

supervisor/docker/addon.py

@@ -387,7 +387,7 @@ class DockerAddon(DockerInterface):
                     source=self.sys_config.path_extern_share.as_posix(),
                     target="/share",
                     read_only=addon_mapping[MAP_SHARE],
-                    propagation=PropagationMode.SLAVE.value,
+                    propagation=PropagationMode.RSLAVE.value,
                 )
             )
 
@@ -398,7 +398,7 @@ class DockerAddon(DockerInterface):
                     source=self.sys_config.path_extern_media.as_posix(),
                     target="/media",
                     read_only=addon_mapping[MAP_MEDIA],
-                    propagation=PropagationMode.SLAVE.value,
+                    propagation=PropagationMode.RSLAVE.value,
                 )
             )
 

supervisor/docker/homeassistant.py

@@ -97,14 +97,14 @@ class DockerHomeAssistant(DockerInterface):
                 source=self.sys_config.path_extern_share.as_posix(),
                 target="/share",
                 read_only=False,
-                propagation=PropagationMode.SLAVE.value,
+                propagation=PropagationMode.RSLAVE.value,
             ),
             Mount(
                 type=MountType.BIND.value,
                 source=self.sys_config.path_extern_media.as_posix(),
                 target="/media",
                 read_only=False,
-                propagation=PropagationMode.SLAVE.value,
+                propagation=PropagationMode.RSLAVE.value,
             ),
             # Configuration audio
             Mount(

supervisor/mounts/mount.py

@@ -358,7 +358,8 @@ class CIFSMount(NetworkMount):
     def options(self) -> list[str]:
         """Options to use to mount."""
         return (
-            super().options + [f"username={self.username}", f"password={self.password}"]
+            super().options
+            + [f"username={self.username}", f"password='{self.password}'"]
             if self.username
             else []
         )

supervisor/mounts/validate.py

@@ -21,13 +21,12 @@ from .const import (
 
 RE_MOUNT_NAME = re.compile(r"^\w+$")
 RE_PATH_PART = re.compile(r"^[^\\\/]+")
-RE_MOUNT_OPTION = re.compile(r"^[^,=]+$")
+RE_MOUNT_OPTION = re.compile(r"^[^']+$")
 
 VALIDATE_NAME = vol.Match(RE_MOUNT_NAME)
 VALIDATE_SERVER = vol.Match(RE_PATH_PART)
 VALIDATE_SHARE = vol.Match(RE_PATH_PART)
-VALIDATE_USERNAME = vol.Match(RE_MOUNT_OPTION)
-VALIDATE_PASSWORD = vol.Match(RE_MOUNT_OPTION)
+
 
 _SCHEMA_BASE_MOUNT_CONFIG = vol.Schema(
     {
@@ -49,8 +48,8 @@ SCHEMA_MOUNT_CIFS = _SCHEMA_MOUNT_NETWORK.extend(
     {
         vol.Required(ATTR_TYPE): MountType.CIFS.value,
         vol.Required(ATTR_SHARE): VALIDATE_SHARE,
-        vol.Inclusive(ATTR_USERNAME, "basic_auth"): VALIDATE_USERNAME,
-        vol.Inclusive(ATTR_PASSWORD, "basic_auth"): VALIDATE_PASSWORD,
+        vol.Inclusive(ATTR_USERNAME, "basic_auth"): vol.Match(RE_MOUNT_OPTION),
+        vol.Inclusive(ATTR_PASSWORD, "basic_auth"): vol.Match(RE_MOUNT_OPTION),
     }
 )
 

supervisor/resolution/checks/docker_config.py

@@ -12,7 +12,7 @@ from .base import CheckBase
 def _check_container(container: DockerInterface) -> bool:
     """Return true if container has a config issue."""
     return any(
-        mount.get("Propagation") != PropagationMode.SLAVE.value
+        mount.get("Propagation") != PropagationMode.RSLAVE.value
         for mount in container.meta_mounts
         if mount.get("Destination") in ["/media", "/share"]
     )

supervisor/resolution/evaluations/operating_system.py

@@ -5,7 +5,7 @@ from ...coresys import CoreSys
 from ..const import UnsupportedReason
 from .base import EvaluateBase
 
-SUPPORTED_OS = ["Debian GNU/Linux 11 (bullseye)"]
+SUPPORTED_OS = ["Debian GNU/Linux 11 (bullseye)", "Debian GNU/Linux 12 (bookworm)"]
 
 
 def setup(coresys: CoreSys) -> EvaluateBase:

tests/api/test_backups.py

@@ -95,6 +95,11 @@ async def test_backup_to_location(
 
     assert (tmp_supervisor_data / backup_dir / f"{slug}.tar").exists()
 
+    resp = await api_client.get(f"/backups/{slug}/info")
+    result = await resp.json()
+    assert result["result"] == "ok"
+    assert result["data"]["location"] == location
+
 
 async def test_backup_to_default(
     api_client: TestClient,

tests/docker/test_addon.py

@@ -121,7 +121,7 @@ def test_addon_map_folder_defaults(
             source=coresys.config.path_extern_media.as_posix(),
             target="/media",
             read_only=True,
-            propagation="slave",
+            propagation="rslave",
         )
         in docker_addon.mounts
     )
@@ -133,7 +133,7 @@ def test_addon_map_folder_defaults(
             source=coresys.config.path_extern_share.as_posix(),
             target="/share",
             read_only=True,
-            propagation="slave",
+            propagation="rslave",
         )
         in docker_addon.mounts
     )

tests/mounts/test_mount.py

@@ -39,7 +39,7 @@ async def test_cifs_mount(
         "server": "test.local",
         "share": "camera",
         "username": "admin",
-        "password": "password",
+        "password": "p@assword!,=",
     }
     mount: CIFSMount = Mount.from_dict(coresys, mount_data)
 
@@ -54,7 +54,7 @@ async def test_cifs_mount(
     assert mount.what == "//test.local/camera"
     assert mount.where == Path("/mnt/data/supervisor/mounts/test")
     assert mount.local_where == tmp_supervisor_data / "mounts" / "test"
-    assert mount.options == ["username=admin", "password=password"]
+    assert mount.options == ["username=admin", "password='p@assword!,='"]
 
     assert not mount.local_where.exists()
     assert mount.to_dict(skip_secrets=False) == mount_data
@@ -73,7 +73,7 @@ async def test_cifs_mount(
             "mnt-data-supervisor-mounts-test.mount",
             "fail",
             [
-                ["Options", Variant("s", "username=admin,password=password")],
+                ["Options", Variant("s", "username=admin,password='p@assword!,='")],
                 ["Type", Variant("s", "cifs")],
                 ["Description", Variant("s", "Supervisor cifs mount: test")],
                 ["What", Variant("s", "//test.local/camera")],

tests/mounts/test_validate.py

@@ -1,5 +1,7 @@
 """Tests for mount manager validation."""
 
+import re
+
 import pytest
 from voluptuous import Invalid
 
@@ -15,6 +17,8 @@ async def test_valid_mounts():
             "type": "cifs",
             "server": "test.local",
             "share": "test",
+            "username": "admin",
+            "password": "p@assword!,=",
         }
     )
 
@@ -77,12 +81,39 @@ async def test_invalid_cifs():
         SCHEMA_MOUNT_CONFIG(base)
 
     # Path is for NFS
-    with pytest.raises(Invalid):
-        SCHEMA_MOUNT_CONFIG({"path": "backups"})
+    with pytest.raises(
+        Invalid, match=re.escape("required key not provided @ data['share']")
+    ):
+        SCHEMA_MOUNT_CONFIG({**base, "path": "backups"})
 
     # Username and password must be together
-    with pytest.raises(Invalid):
-        SCHEMA_MOUNT_CONFIG({"username": "admin"})
+    with pytest.raises(
+        Invalid,
+        match=re.escape(
+            "some but not all values in the same group of inclusion 'basic_auth' @ data[<basic_auth>]"
+        ),
+    ):
+        SCHEMA_MOUNT_CONFIG({**base, "share": "test", "username": "admin"})
+
+    # Username and password must be together
+    with pytest.raises(
+        Invalid,
+        match=re.escape(
+            "some but not all values in the same group of inclusion 'basic_auth' @ data[<basic_auth>]"
+        ),
+    ):
+        SCHEMA_MOUNT_CONFIG({**base, "share": "test", "password": "my=!pass"})
+
+    # Invalid password
+    with pytest.raises(
+        Invalid,
+        match=re.escape(
+            "does not match regular expression ^[^']+$ for dictionary value @ data['password']"
+        ),
+    ):
+        SCHEMA_MOUNT_CONFIG(
+            {**base, "share": "test", "username": "admin", "password": "my=!pa'ss,"}
+        )
 
 
 async def test_invalid_nfs():