[pve-devel] [Patch V2 manager 6/8] Create ACME Plugin config.
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Apr 1 15:27:13 CEST 2020
On March 31, 2020 12:08 pm, Wolfgang Link wrote:
> With this configuration it is possible to use many different plugins
> with different providers and users.
>
> Signed-off-by: Wolfgang Link <w.link at proxmox.com>
> ---
> PVE/API2/ACMEPlugin.pm | 120 +++++++++++++++++++++++++++++++++++++++++
> PVE/API2/Cluster.pm | 6 +++
> PVE/API2/Makefile | 1 +
> PVE/CLI/pvenode.pm | 11 ++++
> 4 files changed, 138 insertions(+)
> create mode 100644 PVE/API2/ACMEPlugin.pm
>
> diff --git a/PVE/API2/ACMEPlugin.pm b/PVE/API2/ACMEPlugin.pm
> new file mode 100644
> index 00000000..46d9b19e
> --- /dev/null
> +++ b/PVE/API2/ACMEPlugin.pm
> @@ -0,0 +1,120 @@
> +package PVE::API2::ACMEPlugin;
> +
> +use strict;
> +use warnings;
> +
> +use PVE::ACME::Challenge;
> +use PVE::Tools qw(extract_param);
> +
> +PVE::ACME::DNSChallenge->register();
> +PVE::ACME::StandAlone->register();
> +PVE::ACME::Challenge->init();
> +
> +use base qw(PVE::RESTHandler);
> +
> +__PACKAGE__->register_method({
> + name => 'get_plugin_options',
> + path => 'plugin',
> + method => 'GET',
> + description => "Get ACME DNS plugin configuration options.",
> + permissions => {
> + check => ['perm', '/', [ 'Sys.Audit' ]],
this is a privilege that lots of users have (e.g., monitoring access). I
think we need something more if we return DNS access tokens here? also,
this needs protected=>1, since the config file is in priv/
> + },
> + parameters => {
> + additionalProperties => 0,
> + properties => {
> + },
> + },
> + returns => {
> + type => 'string',
> + },
> + code => sub {
> +
> + my $config = PVE::ACME::Challenge::load_config();
> + my $line = '';
> + foreach my $ids (sort (keys %{$config->{ids}})) {
> + $line .= "name: $ids\n";
> + foreach my $k (sort (keys %{$config->{ids}->{$ids}})) {
> + my $v = $config->{ids}->{$ids}->{$k};
> + if ($k eq 'data') {
> + $v = PVE::Tools::encode_text($config->{ids}->{$ids}->{$k});
> + }
> + $line .= "$k: $v\n";
> + }
> + $line .="\n";
> + }
> + return $line;
why not return the parsed config?
> + }});
> +
> +my $update_config = sub {
> + my ($id, $op, $type, $param) = @_;
> +
> + my $conf = PVE::ACME::Challenge::load_config();
> +
> + if ( $op eq "add" ) {
> + die "Section with ID: $id already exists\n"
> + if defined($conf->{ids}->{$id});
> + $conf->{ids}->{$id}->{type} = $type;
> + } elsif ($op eq "del") {
> + delete $conf->{ids}->{$id};
> + }
> +
> + foreach my $opt (keys %$param) {
> + $conf->{ids}->{$id}->{$opt} = $param->{$opt};
> + }
> +
> + PVE::ACME::Challenge::write_conf($conf);
> +};
> +
> +__PACKAGE__->register_method({
> + name => 'add_plugin',
> + path => 'plugin',
> + method => 'POST',
> + description => "Add ACME DNS plugin configuration.",
> + permissions => {
> + check => ['perm', '/', [ 'Sys.Modify' ]],
> + },
> + protected => 1,
> + parameters => PVE::ACME::Challenge->createSchema(),
> + returns => { type => "null" },
> + code => sub {
> + my ($param) = @_;
> +
> + my $id = extract_param($param, 'id');
> + my $type = extract_param($param, 'type');
> +
> + PVE::ACME::Challenge::lock_config($update_config, $id, "add", $type, $param);
> +
> + return undef;
> + }});
> +
> +__PACKAGE__->register_method({
> + name => 'delete_plugin',
> + path => 'plugin',
> + method => 'DELETE',
> + description => "Delete ACME DNS plugin configuration.",
> + permissions => {
> + check => ['perm', '/', [ 'Sys.Modify' ]],
> + },
> + protected => 1,
> + parameters => {
> + additionalProperties => 0,
> + properties => {
> + id => {
> + description => "Plugin configuration name",
> + type => 'string',
> + },
> + },
> + },
> + returns => { type => "null" },
> + code => sub {
> + my ($param) = @_;
> +
> + my $id = extract_param($param, 'id');
> +
> + PVE::ACME::Challenge::lock_config($update_config, $id, "del", undef, $param);
> +
> + return undef;
> + }});
> +
> +1;
> diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
> index c802d440..0810da0a 100644
> --- a/PVE/API2/Cluster.pm
> +++ b/PVE/API2/Cluster.pm
> @@ -21,6 +21,7 @@ use PVE::Storage;
> use PVE::Tools qw(extract_param);
>
> use PVE::API2::ACMEAccount;
> +use PVE::API2::ACMEPlugin;
> use PVE::API2::Backup;
> use PVE::API2::Cluster::Ceph;
> use PVE::API2::ClusterConfig;
> @@ -66,6 +67,11 @@ __PACKAGE__->register_method ({
> path => 'acme',
> });
>
> +__PACKAGE__->register_method ({
> + subclass => "PVE::API2::ACMEPlugin",
> + path => 'acmeplugin',
> +});
> +
> __PACKAGE__->register_method ({
> subclass => "PVE::API2::Cluster::Ceph",
> path => 'ceph',
> diff --git a/PVE/API2/Makefile b/PVE/API2/Makefile
> index 8554efa1..28ecc070 100644
> --- a/PVE/API2/Makefile
> +++ b/PVE/API2/Makefile
> @@ -19,6 +19,7 @@ PERLSOURCE = \
> Certificates.pm \
> ACME.pm \
> ACMEAccount.pm \
> + ACMEPlugin.pm \
> NodeConfig.pm \
> Scan.pm \
> Hardware.pm \
> diff --git a/PVE/CLI/pvenode.pm b/PVE/CLI/pvenode.pm
> index fd3cf52d..d9e41a8e 100644
> --- a/PVE/CLI/pvenode.pm
> +++ b/PVE/CLI/pvenode.pm
> @@ -5,6 +5,7 @@ use warnings;
>
> use PVE::API2::ACME;
> use PVE::API2::ACMEAccount;
> +use PVE::API2::ACMEPlugin;
> use PVE::API2::Certificates;
> use PVE::API2::NodeConfig;
> use PVE::API2::Nodes;
> @@ -207,6 +208,16 @@ our $cmddef = {
> renew => [ 'PVE::API2::ACME', 'renew_certificate', [], { node => $nodename }, $upid_exit ],
> revoke => [ 'PVE::API2::ACME', 'revoke_certificate', [], { node => $nodename }, $upid_exit ],
> },
> + plugin => {
namespace? why not under acme like the account stuff?
> + get => [ 'PVE::API2::ACMEPlugin', 'get_plugin_options', [], {},
> + sub {
> + my $line = shift;
> + print $line;
> + } ],
> + add => [ 'PVE::API2::ACMEPlugin', 'add_plugin', ['type', 'id'] ],
> + del => [ 'PVE::API2::ACMEPlugin', 'delete_plugin', ['id'] ],
> + },
> +
> },
>
> wakeonlan => [ 'PVE::API2::Nodes::Nodeinfo', 'wakeonlan', [ 'node' ], {}, sub {
> --
> 2.20.1
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
More information about the pve-devel
mailing list