[pve-devel] [Patch V3 manager 5/8] Adapt acme node config parser and rename the function.

Wolfgang Link w.link at proxmox.com
Thu Apr 16 07:18:28 CEST 2020


Signed-off-by: Wolfgang Link <w.link at proxmox.com>
---
 PVE/API2/ACME.pm  | 26 ++++++++++----------------
 PVE/NodeConfig.pm | 44 ++++++++++++++++++++++++++++++++++++++------
 2 files changed, 48 insertions(+), 22 deletions(-)

diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm
index 7bb3ab95..d215739b 100644
--- a/PVE/API2/ACME.pm
+++ b/PVE/API2/ACME.pm
@@ -73,9 +73,9 @@ my $get_plugin_type = sub {
 };
 
 my $order_certificate = sub {
-    my ($acme, $domains) = @_;
+    my ($acme, $acme_node_config) = @_;
     print "Placing ACME order\n";
-    my ($order_url, $order) = $acme->new_order($domains);
+    my ($order_url, $order) = $acme->new_order($acme_node_config->{domains});
     print "Order URL: $order_url\n";
     my $index = 0;
     for my $auth_url (@{$order->{authorizations}}) {
@@ -213,11 +213,9 @@ __PACKAGE__->register_method ({
 	    if !$param->{force} && -e "${cert_prefix}.pem";
 
 	my $node_config = PVE::NodeConfig::load_config($node);
-	raise("ACME settings in node configuration are missing!", 400)
-	    if !$node_config || !$node_config->{acme};
-	my $acme_node_config = PVE::NodeConfig::parse_acme($node_config->{acme});
+	my $acme_node_config = PVE::NodeConfig::get_acme_conf($node_config);
 	raise("ACME domain list in node configuration is missing!", 400)
-	    if !$acme_node_config;
+	    if !$acme_node_config || !$acme_node_config->{domains};
 
 	my $rpcenv = PVE::RPCEnvironment::get();
 
@@ -235,7 +233,7 @@ __PACKAGE__->register_method ({
 	    print "Loading ACME account details\n";
 	    $acme->load();
 
-	    my ($cert, $key) = $order_certificate->($acme, $acme_node_config->{domains});
+	    my ($cert, $key) = $order_certificate->($acme, $acme_node_config);
 
 	    my $code = sub {
 		print "Setting pveproxy certificate and key\n";
@@ -287,11 +285,9 @@ __PACKAGE__->register_method ({
 	    if !$expires_soon && !$param->{force};
 
 	my $node_config = PVE::NodeConfig::load_config($node);
-	raise("ACME settings in node configuration are missing!", 400)
-	    if !$node_config || !$node_config->{acme};
-	my $acme_node_config = PVE::NodeConfig::parse_acme($node_config->{acme});
+	my $acme_node_config = PVE::NodeConfig::get_acme_conf($node_config);
 	raise("ACME domain list in node configuration is missing!", 400)
-	    if !$acme_node_config;
+	    if !$acme_node_config || !$acme_node_config->{domains};
 
 	my $rpcenv = PVE::RPCEnvironment::get();
 
@@ -311,7 +307,7 @@ __PACKAGE__->register_method ({
 	    print "Loading ACME account details\n";
 	    $acme->load();
 
-	    my ($cert, $key) = $order_certificate->($acme, $acme_node_config->{domains});
+	    my ($cert, $key) = $order_certificate->($acme, $acme_node_config);
 
 	    my $code = sub {
 		print "Setting pveproxy certificate and key\n";
@@ -353,11 +349,9 @@ __PACKAGE__->register_method ({
 	my $cert_prefix = PVE::CertHelpers::cert_path_prefix($node);
 
 	my $node_config = PVE::NodeConfig::load_config($node);
-	raise("ACME settings in node configuration are missing!", 400)
-	    if !$node_config || !$node_config->{acme};
-	my $acme_node_config = PVE::NodeConfig::parse_acme($node_config->{acme});
+	my $acme_node_config = PVE::NodeConfig::get_acme_conf($node_config);
 	raise("ACME domain list in node configuration is missing!", 400)
-	    if !$acme_node_config;
+	    if !$acme_node_config || !$acme_node_config->{domains};
 
 	my $rpcenv = PVE::RPCEnvironment::get();
 
diff --git a/PVE/NodeConfig.pm b/PVE/NodeConfig.pm
index 6ea2dac1..ae2f916c 100644
--- a/PVE/NodeConfig.pm
+++ b/PVE/NodeConfig.pm
@@ -227,18 +227,50 @@ sub write_node_config {
     return $raw;
 }
 
-sub parse_acme {
+sub get_acme_conf {
     my ($data, $noerr) = @_;
 
     $data //= '';
 
-    my $res = eval { PVE::JSONSchema::parse_property_string($acmedesc, $data); };
-    if ($@) {
-	return undef if $noerr;
-	die $@;
+    my $res = {};
+
+    if (defined($data->{acme})) {
+	$res->{0} = eval {
+	    PVE::JSONSchema::parse_property_string($acmedesc, $data->{acme});
+	};
+	if ($@) {
+	    return undef if $noerr;
+	    die $@;
+	}
     }
+    $res->{0}->{account} = $res->{0}->{account} // "default";
+    my $domainlist = [];
+
+    for my $index (0..$MAXDOMAINS) {
+	my $domain_rec = $data->{"acme_additional_domain$index"};
+	next if !defined($domain_rec);
+
+	# index = 0 is used by acme see above
+	$res->{($index+1)} = eval {
+	    PVE::JSONSchema::parse_property_string(
+		$acme_additional_desc,
+		$domain_rec);
+	};
+	if ($@) {
+	    return undef if $noerr;
+	    die $@;
+	}
+	push @$domainlist, $res->{($index+1)}->{domain};
+    }
+
+    # If additional domain are used it is not allowed
+    # to have a domain(list) at acme entry
+    my @domains = split(";", $res->{0}->{domains})
+	if $res->{0}->{domains};
+    die "Mutual exclusion of setting domains in acme and additional domains\n"
+	if (0 < @domains && defined(@$domainlist[0]));
 
-    $res->{domains} = [ PVE::Tools::split_list($res->{domains}) ];
+    $res->{"domains"} = @domains ? \@domains : $domainlist;
 
     return $res;
 }
-- 
2.20.1





More information about the pve-devel mailing list