[pve-devel] [Patch V3 manager 5/8] Adapt acme node config parser and rename the function.
Wolfgang Link
w.link at proxmox.com
Thu Apr 16 07:18:28 CEST 2020
Signed-off-by: Wolfgang Link <w.link at proxmox.com>
---
PVE/API2/ACME.pm | 26 ++++++++++----------------
PVE/NodeConfig.pm | 44 ++++++++++++++++++++++++++++++++++++++------
2 files changed, 48 insertions(+), 22 deletions(-)
diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm
index 7bb3ab95..d215739b 100644
--- a/PVE/API2/ACME.pm
+++ b/PVE/API2/ACME.pm
@@ -73,9 +73,9 @@ my $get_plugin_type = sub {
};
my $order_certificate = sub {
- my ($acme, $domains) = @_;
+ my ($acme, $acme_node_config) = @_;
print "Placing ACME order\n";
- my ($order_url, $order) = $acme->new_order($domains);
+ my ($order_url, $order) = $acme->new_order($acme_node_config->{domains});
print "Order URL: $order_url\n";
my $index = 0;
for my $auth_url (@{$order->{authorizations}}) {
@@ -213,11 +213,9 @@ __PACKAGE__->register_method ({
if !$param->{force} && -e "${cert_prefix}.pem";
my $node_config = PVE::NodeConfig::load_config($node);
- raise("ACME settings in node configuration are missing!", 400)
- if !$node_config || !$node_config->{acme};
- my $acme_node_config = PVE::NodeConfig::parse_acme($node_config->{acme});
+ my $acme_node_config = PVE::NodeConfig::get_acme_conf($node_config);
raise("ACME domain list in node configuration is missing!", 400)
- if !$acme_node_config;
+ if !$acme_node_config || !$acme_node_config->{domains};
my $rpcenv = PVE::RPCEnvironment::get();
@@ -235,7 +233,7 @@ __PACKAGE__->register_method ({
print "Loading ACME account details\n";
$acme->load();
- my ($cert, $key) = $order_certificate->($acme, $acme_node_config->{domains});
+ my ($cert, $key) = $order_certificate->($acme, $acme_node_config);
my $code = sub {
print "Setting pveproxy certificate and key\n";
@@ -287,11 +285,9 @@ __PACKAGE__->register_method ({
if !$expires_soon && !$param->{force};
my $node_config = PVE::NodeConfig::load_config($node);
- raise("ACME settings in node configuration are missing!", 400)
- if !$node_config || !$node_config->{acme};
- my $acme_node_config = PVE::NodeConfig::parse_acme($node_config->{acme});
+ my $acme_node_config = PVE::NodeConfig::get_acme_conf($node_config);
raise("ACME domain list in node configuration is missing!", 400)
- if !$acme_node_config;
+ if !$acme_node_config || !$acme_node_config->{domains};
my $rpcenv = PVE::RPCEnvironment::get();
@@ -311,7 +307,7 @@ __PACKAGE__->register_method ({
print "Loading ACME account details\n";
$acme->load();
- my ($cert, $key) = $order_certificate->($acme, $acme_node_config->{domains});
+ my ($cert, $key) = $order_certificate->($acme, $acme_node_config);
my $code = sub {
print "Setting pveproxy certificate and key\n";
@@ -353,11 +349,9 @@ __PACKAGE__->register_method ({
my $cert_prefix = PVE::CertHelpers::cert_path_prefix($node);
my $node_config = PVE::NodeConfig::load_config($node);
- raise("ACME settings in node configuration are missing!", 400)
- if !$node_config || !$node_config->{acme};
- my $acme_node_config = PVE::NodeConfig::parse_acme($node_config->{acme});
+ my $acme_node_config = PVE::NodeConfig::get_acme_conf($node_config);
raise("ACME domain list in node configuration is missing!", 400)
- if !$acme_node_config;
+ if !$acme_node_config || !$acme_node_config->{domains};
my $rpcenv = PVE::RPCEnvironment::get();
diff --git a/PVE/NodeConfig.pm b/PVE/NodeConfig.pm
index 6ea2dac1..ae2f916c 100644
--- a/PVE/NodeConfig.pm
+++ b/PVE/NodeConfig.pm
@@ -227,18 +227,50 @@ sub write_node_config {
return $raw;
}
-sub parse_acme {
+sub get_acme_conf {
my ($data, $noerr) = @_;
$data //= '';
- my $res = eval { PVE::JSONSchema::parse_property_string($acmedesc, $data); };
- if ($@) {
- return undef if $noerr;
- die $@;
+ my $res = {};
+
+ if (defined($data->{acme})) {
+ $res->{0} = eval {
+ PVE::JSONSchema::parse_property_string($acmedesc, $data->{acme});
+ };
+ if ($@) {
+ return undef if $noerr;
+ die $@;
+ }
}
+ $res->{0}->{account} = $res->{0}->{account} // "default";
+ my $domainlist = [];
+
+ for my $index (0..$MAXDOMAINS) {
+ my $domain_rec = $data->{"acme_additional_domain$index"};
+ next if !defined($domain_rec);
+
+ # index = 0 is used by acme see above
+ $res->{($index+1)} = eval {
+ PVE::JSONSchema::parse_property_string(
+ $acme_additional_desc,
+ $domain_rec);
+ };
+ if ($@) {
+ return undef if $noerr;
+ die $@;
+ }
+ push @$domainlist, $res->{($index+1)}->{domain};
+ }
+
+ # If additional domain are used it is not allowed
+ # to have a domain(list) at acme entry
+ my @domains = split(";", $res->{0}->{domains})
+ if $res->{0}->{domains};
+ die "Mutual exclusion of setting domains in acme and additional domains\n"
+ if (0 < @domains && defined(@$domainlist[0]));
- $res->{domains} = [ PVE::Tools::split_list($res->{domains}) ];
+ $res->{"domains"} = @domains ? \@domains : $domainlist;
return $res;
}
--
2.20.1
More information about the pve-devel
mailing list