[pmg-devel] [PATCH pmg-api v2] api: use standard fingerprint-sha256 option

Thu Oct 31 13:34:43 CET 2024

so, did you check that the new (slightly relaxed compared to the
original *intended* RE) format works everywhere in PMG? in particular
cluster join (and sync after changing certificates)?

if you did, please include that information in your patch. if not,
please do so (that's why I called out that the standard option accepts
lower case hex characters as well, in addition to upper case ones).

On October 30, 2024 2:35 pm, Maximiliano Sandoval wrote:
> This makes the regex a bit more precise and specifies that the
> fingerprint uses SHA-256.
> 
> Suggested-by: Shannon Sterz <s.sterz at proxmox.com>
> Suggested-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> Signed-off-by: Maximiliano Sandoval <m.sandoval at proxmox.com>
> ---
> Differences from v1:
> 
> - Use the existing standard option
> 
>  src/PMG/API2/Cluster.pm  | 6 +-----
>  src/PMG/CLI/pmgcm.pm     | 8 +++-----
>  src/PMG/ClusterConfig.pm | 8 +++-----
>  3 files changed, 7 insertions(+), 15 deletions(-)
> 
> diff --git a/src/PMG/API2/Cluster.pm b/src/PMG/API2/Cluster.pm
> index 84dafabb..6846716f 100644
> --- a/src/PMG/API2/Cluster.pm
> +++ b/src/PMG/API2/Cluster.pm
> @@ -408,11 +408,7 @@ __PACKAGE__->register_method({
>  		description => "IP address.",
>  		type => 'string', format => 'ip',
>  	    },
> -	    fingerprint => {
> -		description => "SSL certificate fingerprint.",
> -		type => 'string',
> -		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> -	    },
> +	    fingerprint => get_standard_option('fingerprint-sha256'),
>  	    password => {
>  		description => "Superuser password.",
>  		type => 'string',
> diff --git a/src/PMG/CLI/pmgcm.pm b/src/PMG/CLI/pmgcm.pm
> index ecf9cc76..699089e0 100644
> --- a/src/PMG/CLI/pmgcm.pm
> +++ b/src/PMG/CLI/pmgcm.pm
> @@ -11,6 +11,7 @@ use PVE::SafeSyslog;
>  use PVE::Tools qw(extract_param);
>  use PVE::INotify;
>  use PVE::CLIHandler;
> +use PVE::JSONSchema qw(get_standard_option);
>  
>  use PMG::Utils;
>  use PMG::Ticket;
> @@ -166,12 +167,9 @@ __PACKAGE__->register_method({
>  		description => "IP address.",
>  		type => 'string', format => 'ip',
>  	    },
> -	    fingerprint => {
> -		description => "SSL certificate fingerprint.",
> -		type => 'string',
> -		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> +	    fingerprint => get_standard_option('fingerprint-sha256', {
>  		optional => 1,
> -	    },
> +	    }),
>  	},
>      },
>      returns => { type => 'null' },
> diff --git a/src/PMG/ClusterConfig.pm b/src/PMG/ClusterConfig.pm
> index c52508dc..491fede1 100644
> --- a/src/PMG/ClusterConfig.pm
> +++ b/src/PMG/ClusterConfig.pm
> @@ -45,6 +45,8 @@ use warnings;
>  
>  use base qw(PMG::ClusterConfig::Base);
>  
> +use PVE::JSONSchema qw(get_standard_option);
> +
>  sub valid_ssh_pubkey_regex {
>      return '^[A-Za-z0-9\.\/\+=]{200,}$';
>  }
> @@ -72,11 +74,7 @@ sub properties {
>  	    type => 'string',
>  	    pattern => valid_ssh_pubkey_regex(),
>  	},
> -	fingerprint => {
> -	    description => "SSL certificate fingerprint.",
> -	    type => 'string',
> -	    pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> -	},
> +	fingerprint => get_standard_option('fingerprint-sha256'),
>      };
>  }
>  
> -- 
> 2.39.5
> 
> 