[pmg-devel] [PATCH pve-common v5 1/10] add Schema package with auth module that contains realm sync options

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Feb 21 13:22:55 CET 2025 

> Markus Frank <m.frank at proxmox.com> hat am 18.02.2025 17:18 CET geschrieben:
> This is because these standard options & formats are used by both PVE
> and PMG.

but this is not yet true - it's only used by PMG, and duplicated from the one in PVE? I am not sure if it makes sense to extract only this part and put it into common code, because the rest of the auth things are still very much different between PVE/PBS/PMG.. or are you specifically working on unifying those and this is the first step of doing so? ;)

> 
> Signed-off-by: Markus Frank <m.frank at proxmox.com>
> ---
>  src/Makefile           |  2 ++
>  src/PVE/Schema/Auth.pm | 82 ++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 84 insertions(+)
>  create mode 100644 src/PVE/Schema/Auth.pm
> 
> diff --git a/src/Makefile b/src/Makefile
> index 2d8bdc4..833bbc1 100644
> --- a/src/Makefile
> +++ b/src/Makefile
> @@ -29,6 +29,7 @@ LIB_SOURCES = \
>  	RESTEnvironment.pm \
>  	RESTHandler.pm \
>  	SafeSyslog.pm \
> +	Schema/Auth.pm \
>  	SectionConfig.pm \
>  	SysFSTools.pm \
>  	Syscall.pm \
> @@ -41,6 +42,7 @@ all:
>  install: $(addprefix PVE/,${LIB_SOURCES})
>  	install -d -m 0755 ${DESTDIR}${PERLDIR}/PVE
>  	install -d -m 0755 ${DESTDIR}${PERLDIR}/PVE/Job
> +	install -d -m 0755 ${DESTDIR}${PERLDIR}/PVE/Schema
>  	for i in ${LIB_SOURCES}; do install -D -m 0644 PVE/$$i ${DESTDIR}${PERLDIR}/PVE/$$i; done
>  
>  
> diff --git a/src/PVE/Schema/Auth.pm b/src/PVE/Schema/Auth.pm
> new file mode 100644
> index 0000000..1f7f586
> --- /dev/null
> +++ b/src/PVE/Schema/Auth.pm
> @@ -0,0 +1,82 @@
> +package PVE::Schema::Auth;
> +
> +use strict;
> +use warnings;
> +
> +use PVE::JSONSchema qw(get_standard_option parse_property_string);
> +
> +my $remove_options = "(?:acl|properties|entry)";
> +
> +PVE::JSONSchema::register_standard_option('sync-scope', {
> +    description => "Select what to sync.",
> +    type => 'string',
> +    enum => [qw(users groups both)],

for example - PMG doesn't have groups like PVE, so this doesn't make any sense?

> +    optional => '1',
> +});
> +
> +PVE::JSONSchema::register_standard_option('sync-remove-vanished', {
> +    description => "A semicolon-seperated list of things to remove when they or the user"
> +    ." vanishes during a sync. The following values are possible: 'entry' removes the"
> +    ." user/group when not returned from the sync. 'properties' removes the set"
> +    ." properties on existing user/group that do not appear in the source (even custom ones)."
> +    ." 'acl' removes acls when the user/group is not returned from the sync."
> +    ." Instead of a list it also can be 'none' (the default).",
> +    type => 'string',
> +    default => 'none',
> +    typetext => "([acl];[properties];[entry])|none",
> +    pattern => "(?:(?:$remove_options\;)*$remove_options)|none",
> +    optional => '1',
> +});
> +
> +my $realm_sync_options_desc = {
> +    scope => get_standard_option('sync-scope'),
> +    'remove-vanished' => get_standard_option('sync-remove-vanished'),
> +    'enable-new' => {
> +	description => "Enable newly synced users immediately.",
> +	type => 'boolean',
> +	default => '1',
> +	optional => '1',
> +    },
> +};
> +PVE::JSONSchema::register_standard_option('realm-sync-options', $realm_sync_options_desc);
> +PVE::JSONSchema::register_format('realm-sync-options', $realm_sync_options_desc);
> +
> +my $tfa_format = {
> +    type => {
> +	description => "The type of 2nd factor authentication.",
> +	format_description => 'TFATYPE',
> +	type => 'string',
> +	enum => [qw(oath)],
> +    },
> +    digits => {
> +	description => "TOTP digits.",
> +	format_description => 'COUNT',
> +	type => 'integer',
> +	minimum => 6, maximum => 8,
> +	default => 6,
> +	optional => 1,
> +    },
> +    step => {
> +	description => "TOTP time period.",
> +	format_description => 'SECONDS',
> +	type => 'integer',
> +	minimum => 10,
> +	default => 30,
> +	optional => 1,
> +    },
> +};
> +
> +PVE::JSONSchema::register_format('pve-tfa-config', $tfa_format);
> +
> +PVE::JSONSchema::register_standard_option('tfa', {
> +    description => "Use Two-factor authentication.",
> +    type => 'string', format => 'pve-tfa-config',
> +    optional => 1,
> +    maxLength => 128,
> +});
> +
> +sub parse_tfa_config {
> +    my ($data) = @_;
> +
> +    return parse_property_string($tfa_format, $data);
> +}
> -- 
> 2.39.5
> 
> 
> 
> _______________________________________________
> pmg-devel mailing list
> pmg-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

More information about the pmg-devel mailing list