[pmg-devel] [PATCH v3 api/gui/wtk/acme 0/many] Certificates & ACME
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue Mar 16 11:24:07 CET 2021
v3 incorporating feedback from v2:
* removed 'audit' api access for acme plugins
* Added a new patch for pve-common for a CLI arg parsing issue.
(This one should be looked at more closely I think)
* Regenerate the self-signed cert when deleting the current one.
* Add missing $cfg->write() call
* fixed 'challengeschema/challenge-schema' path/name issue
* added a helper for account name/file extraction
(but did keep the error messages for when the file is not there for now as
atm it's a nicer error, can be removed in later patches)
* replace loadSSHKeyFromFile with loadTextFromFile
---
v2 cover letter:
v2 incorporating feedback from v1
* api call permission fixups on account methods
* consistent locking function implementations (without `die $@ if $@`)
* removed unnecessary call to `sort`
* cert regex simplification
* reload/config update code dedup & consistency
* removed superfluous `border: 0`
* inlined unnecessary `initComponent`
and also contains some PVE-compatibility fixes in the acme domain view:
widget toolkit side should now work seamlessly in the PVE UI code as
well
---
Original Coverletter:
These are the pmg-api, pmg-gui and proxmox-widget-toolkit and
proxmox-acme parts of the ACME series for PMG.
This requires `pmg-rs` package, which replaces the ACME client from
`proxmox-acme` and provides the CSR generation and is written in rust.
Note that the DNS challenge handling still uses proxmox-acme for now.
proxmox-acme:
* Just a `use` statement fixup
* Still used for the DNS challenge
pmg-gui:
Just adds the "certificate view", but the real dirt lives in the
widget-toolkit.
proxmox-widget-toolkits:
Gets the Certificate, ACME Account, ACME Plugin and ACME Domain view
from PVE adapted to be usable for PMG.
Changes to PVE are mainly:
* API URLs need to be provided since they differ a bit between PVE
and PMG.
* some additional buttons/fields specific to pmg generated if the
parameters for them are present
pmg-api:
Simply gets API entry points for the above. These too are mostly
copied from PVE and adapted (also the ACME client API from pmg-rs is slightly
different/cleaned up, so that's a minor incompatiblity in some
otherwise common code, but a `pve-rs` may fix that). But some things
could definitely already go to pve-common (especially schema stuff).
Note that while I did add the corresponding files to the cluster sync,
this still needs testing *and* issuing an API certificate may break
cluster functionality currently. (Stoiko is working on that)
More information about the pmg-devel
mailing list