[pmg-devel] [PATCH v3 api/gui/wtk/acme 0/many] Certificates & ACME

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Mar 16 11:24:07 CET 2021 

v3 incorporating feedback from v2:

* removed 'audit' api access for acme plugins
* Added a new patch for pve-common for a CLI arg parsing issue.
  (This one should be looked at more closely I think)
* Regenerate the self-signed cert when deleting the current one.
* Add missing $cfg->write() call
* fixed 'challengeschema/challenge-schema' path/name issue
* added a helper for account name/file extraction
  (but did keep the error messages for when the file is not there for now as
   atm it's a nicer error, can be removed in later patches)
* replace loadSSHKeyFromFile with loadTextFromFile

---
v2 cover letter:

v2 incorporating feedback from v1

* api call permission fixups on account methods
* consistent locking function implementations (without `die $@ if $@`)
* removed unnecessary call to `sort`
* cert regex simplification
* reload/config update code dedup & consistency
* removed superfluous `border: 0`
* inlined unnecessary `initComponent`

and also contains some PVE-compatibility fixes in the acme domain view:
widget toolkit side should now work seamlessly in the PVE UI code as
well

---
Original Coverletter:

These are the pmg-api, pmg-gui and proxmox-widget-toolkit and
proxmox-acme parts of the ACME series for PMG.

This requires `pmg-rs` package, which replaces the ACME client from
`proxmox-acme` and provides the CSR generation and is written in rust.
Note that the DNS challenge handling still uses proxmox-acme for now.

proxmox-acme:
  * Just a `use` statement fixup
  * Still used for the DNS challenge

pmg-gui:
  Just adds the "certificate view", but the real dirt lives in the
  widget-toolkit.

proxmox-widget-toolkits:
  Gets the Certificate, ACME Account, ACME Plugin and ACME Domain view
  from PVE adapted to be usable for PMG.
  Changes to PVE are mainly:
    * API URLs need to be provided since they differ a bit between PVE
      and PMG.
    * some additional buttons/fields specific to pmg generated if the
      parameters for them are present

pmg-api:
  Simply gets API entry points for the above. These too are mostly
  copied from PVE and adapted (also the ACME client API from pmg-rs is slightly
  different/cleaned up, so that's a minor incompatiblity in some
  otherwise common code, but a `pve-rs` may fix that). But some things
  could definitely already go to pve-common (especially schema stuff).

Note that while I did add the corresponding files to the cluster sync,
this still needs testing *and* issuing an API certificate may break
cluster functionality currently. (Stoiko is working on that)

More information about the pmg-devel mailing list