[pdm-devel] [PATCH datacenter-manager 1/6] server: api: add TLS probe endpoint for PBS

Christian Ebner c.ebner at proxmox.com
Mon Sep 22 13:09:53 CEST 2025 

Analogous to the TLS probe implementation of PVE, add and api
endpoint allowing to probe the PBS hosts TLS certificate so this can
be checked by the remote add wizard.

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
 server/src/api/pbs/mod.rs | 42 +++++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)

diff --git a/server/src/api/pbs/mod.rs b/server/src/api/pbs/mod.rs
index a31481e..0ca97cd 100644
--- a/server/src/api/pbs/mod.rs
+++ b/server/src/api/pbs/mod.rs
@@ -5,11 +5,11 @@ use proxmox_router::{list_subdirs_api_method, Permission, Router, SubdirMap};
 use proxmox_schema::api;
 use proxmox_sortable_macro::sortable;
 
-use pdm_api_types::remotes::REMOTE_ID_SCHEMA;
-use pdm_api_types::PRIV_RESOURCE_AUDIT;
+use pdm_api_types::remotes::{RemoteType, TlsProbeOutcome, REMOTE_ID_SCHEMA};
+use pdm_api_types::{HOST_OPTIONAL_PORT_FORMAT, PRIV_RESOURCE_AUDIT, PRIV_SYS_MODIFY};
 
 use crate::{
-    connection,
+    connection::{self, probe_tls_connection},
     pbs_client::{self, get_remote},
 };
 
@@ -20,7 +20,10 @@ pub const ROUTER: Router = Router::new()
     .subdirs(SUBDIRS);
 
 #[sortable]
-const SUBDIRS: SubdirMap = &sorted!([("remotes", &REMOTES_ROUTER)]);
+const SUBDIRS: SubdirMap = &sorted!([
+    ("remotes", &REMOTES_ROUTER),
+    ("probe-tls", &Router::new().post(&API_METHOD_PROBE_TLS)),
+]);
 
 const REMOTES_ROUTER: Router = Router::new().match_all("remote", &MAIN_ROUTER);
 
@@ -112,3 +115,34 @@ async fn list_snapshots_2(
     }
     .into())
 }
+
+#[api(
+    input: {
+        properties: {
+            hostname: {
+                type: String,
+                format: &HOST_OPTIONAL_PORT_FORMAT,
+                description: "Hostname (with optional port) of the target remote",
+            },
+            fingerprint: {
+                type: String,
+                description: "Fingerprint of the target remote.",
+                optional: true,
+            },
+        },
+    },
+    access: {
+        permission:
+            &Permission::Privilege(&["/"], PRIV_SYS_MODIFY, false),
+    },
+)]
+/// Probe the hosts TLS certificate.
+///
+/// If the certificate is not trusted with the given parameters, returns the certificate
+/// information.
+async fn probe_tls(
+    hostname: String,
+    fingerprint: Option<String>,
+) -> Result<TlsProbeOutcome, Error> {
+    probe_tls_connection(RemoteType::Pbs, hostname, fingerprint).await
+}
-- 
2.47.3

More information about the pdm-devel mailing list