[pbs-devel] [PATCH proxmox-backup 4/5] Revert "api: access: domains: add get/create/update/delete domain call"
Dominik Csapak
d.csapak at proxmox.com
Mon Jul 12 09:48:07 CEST 2021
This reverts commit 5117cf4f1786e0b37d486413d658d78a4bcfdf53.
we already have that in api2/config/access
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
src/api2/access/domain.rs | 281 +-------------------------------------
1 file changed, 4 insertions(+), 277 deletions(-)
diff --git a/src/api2/access/domain.rs b/src/api2/access/domain.rs
index 6b1a4743..bfc7c184 100644
--- a/src/api2/access/domain.rs
+++ b/src/api2/access/domain.rs
@@ -1,18 +1,15 @@
//! List Authentication domains/realms
-use anyhow::{bail, Error};
+use anyhow::{Error};
use serde::{Deserialize, Serialize};
use serde_json::{json, Value};
use proxmox::api::{api, Permission, Router, RpcEnvironment};
+use crate::config;
use crate::api2::types::*;
-use crate::config::{
- self,
- acl::{PRIV_REALM_ALLOCATE, PRIV_SYS_AUDIT},
- domains::{OpenIdRealmConfig, OpenIdUserAttribute},
-};
+use crate::config::domains::{OpenIdRealmConfig, OpenIdUserAttribute};
#[api]
#[derive(Deserialize, Serialize, PartialEq, Eq)]
@@ -162,275 +159,5 @@ fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<BasicRealmInf
Ok(list)
}
-#[api(
- input: {
- properties: {
- realm: {
- schema: REALM_ID_SCHEMA,
- },
- },
- },
- returns: {
- type: RealmInfo,
- },
- access: {
- permission: &Permission::Privilege(&["access", "domains"], PRIV_SYS_AUDIT | PRIV_REALM_ALLOCATE, true),
- },
-)]
-/// Get information about a realm
-fn get_domain(realm: String, mut rpcenv: &mut dyn RpcEnvironment) -> Result<RealmInfo, Error> {
- let entry = match realm.as_str() {
- "pam" => json!({
- "realm": "pam",
- "type": "pam",
- "comment": "Linux PAM standard authentication",
- "default": Some(true),
- }),
- "pbs" => json!({
- "realm": "pbs",
- "type": "pbs",
- "comment": "Proxmox Backup authentication server",
- }),
- _ => {
- let (config, digest) = config::domains::config()?;
- rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();
- if let Some((section_type, v)) = config.sections.get(&realm) {
- let mut entry = v.clone();
- entry["type"] = Value::from(section_type.clone());
- entry
- } else {
- bail!("domain '{}' does not exist", realm);
- }
- }
- };
-
- Ok(serde_json::from_value(entry)?)
-}
-
-#[api(
- protected: true,
- input: {
- properties: {
- info: {
- type: RealmInfo,
- flatten: true,
- },
- },
- },
- access: {
- permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false),
- },
-)]
-/// Create a realm
-fn create_domain(param: Value) -> Result<(), Error> {
- let basic_info: BasicRealmInfo = serde_json::from_value(param.clone())?;
-
- // for now we only have to care about openid
- if basic_info.ty != RealmType::OpenId {
- bail!(
- "Cannot create realm of type '{}'",
- serde_json::to_string(&basic_info.ty)?
- );
- }
-
- let new_realm: OpenIdRealmConfig = serde_json::from_value(param)?;
- let _lock = config::domains::lock_config()?;
-
- let (mut config, _digest) = config::domains::config()?;
-
- let existing: Vec<OpenIdRealmConfig> = config.convert_to_typed_array("openid")?;
-
- for realm in existing {
- if realm.realm == new_realm.realm {
- bail!("Entry '{}' already exists", realm.realm);
- }
- }
-
- config.set_data(&new_realm.realm, "openid", &new_realm)?;
-
- config::domains::save_config(&config)?;
-
- Ok(())
-}
-
-#[api]
-#[derive(Serialize, Deserialize)]
-#[serde(rename_all = "kebab-case")]
-#[allow(non_camel_case_types)]
-pub enum DeletableProperty {
- /// Delete the comment property.
- comment,
- /// Delete the client-key property.
- client_key,
- /// Delete the autocreate property.
- autocreate,
-}
-
-#[api(
- protected: true,
- input: {
- properties: {
- realm: {
- schema: REALM_ID_SCHEMA,
- },
- comment: {
- optional: true,
- schema: SINGLE_LINE_COMMENT_SCHEMA,
- },
- "issuer-url": {
- description: "OpenID Issuer Url",
- type: String,
- optional: true,
- },
- "client-id": {
- description: "OpenID Client ID",
- type: String,
- optional: true,
- },
- "client-key": {
- description: "OpenID Client Key",
- type: String,
- optional: true,
- },
- autocreate: {
- description: "Automatically create users if they do not exist.",
- optional: true,
- type: bool,
- },
- delete: {
- description: "List of properties to delete.",
- type: Array,
- optional: true,
- items: {
- type: DeletableProperty,
- }
- },
- digest: {
- optional: true,
- schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
- },
- },
- },
- access: {
- permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false),
- },
-)]
-/// Update a realm
-fn update_domain(
- realm: String,
- comment: Option<String>,
- issuer_url: Option<String>,
- client_id: Option<String>,
- client_key: Option<String>,
- autocreate: Option<bool>,
- delete: Option<Vec<DeletableProperty>>,
- digest: Option<String>,
- _rpcenv: &mut dyn RpcEnvironment,
-) -> Result<(), Error> {
- let _lock = config::domains::lock_config()?;
-
- let (mut config, expected_digest) = config::domains::config()?;
-
- if let Some(ref digest) = digest {
- let digest = proxmox::tools::hex_to_digest(digest)?;
- crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
- }
-
- // only have to worry about openid for now
- let mut data: OpenIdRealmConfig = config.lookup("openid", realm.as_str())?;
-
- if let Some(delete) = delete {
- for delete_prop in delete {
- match delete_prop {
- DeletableProperty::comment => data.comment = None,
- DeletableProperty::client_key => data.client_key = None,
- DeletableProperty::autocreate => data.autocreate = None,
- }
- }
- }
-
- if let Some(comment) = comment {
- let comment = comment.trim().to_string();
- if comment.is_empty() {
- data.comment = None;
- } else {
- data.comment = Some(comment);
- }
- }
-
- if let Some(issuer_url) = issuer_url {
- data.issuer_url = issuer_url
- };
- if let Some(client_id) = client_id {
- data.client_id = client_id
- };
- if let Some(client_key) = client_key {
- data.client_key = if client_key.is_empty() {
- None
- } else {
- Some(client_key)
- };
- };
- if let Some(autocreate) = autocreate {
- data.autocreate = Some(autocreate)
- };
-
- config.set_data(&realm, "openid", &data)?;
-
- config::domains::save_config(&config)?;
-
- Ok(())
-}
-
-#[api(
- protected: true,
- input: {
- properties: {
- realm: {
- schema: REALM_ID_SCHEMA,
- },
- digest: {
- optional: true,
- schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
- },
- },
- },
- access: {
- permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false),
- },
-)]
-/// Delete a realm
-fn delete_domain(realm: String, digest: Option<String>) -> Result<(), Error> {
- if realm == "pam" || realm == "pbs" {
- bail!("cannot remove realm '{}'", realm);
- }
- let _lock = config::domains::lock_config()?;
-
- let (mut config, expected_digest) = config::domains::config()?;
-
- if let Some(ref digest) = digest {
- let digest = proxmox::tools::hex_to_digest(digest)?;
- crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
- }
-
- match config.sections.get(&realm) {
- Some(_) => {
- config.sections.remove(&realm);
- }
- None => bail!("realm '{}' does not exist.", realm),
- }
-
- config::domains::save_config(&config)?;
-
- Ok(())
-}
-
pub const ROUTER: Router = Router::new()
- .get(&API_METHOD_LIST_DOMAINS)
- .post(&API_METHOD_CREATE_DOMAIN)
- .match_all("realm", &DOMAIN_ROUTER);
-
-const DOMAIN_ROUTER: Router = Router::new()
- .get(&API_METHOD_GET_DOMAIN)
- .put(&API_METHOD_UPDATE_DOMAIN)
- .delete(&API_METHOD_DELETE_DOMAIN);
+ .get(&API_METHOD_LIST_DOMAINS);
--
2.30.2
More information about the pbs-devel
mailing list