[pve-devel] [PATCH pve-manager 2/5] api: add ACME plugin return schema

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Sep 22 18:47:23 CEST 2025


Am 19.09.25 um 11:40 schrieb n.frey at proxmox.com:
> From: Nicolas Frey <n.frey at proxmox.com>
> 

FYI: these methods are operating on modules that base off a so called
SectionConfig. This is quite widely used in our stack, not only in PVE
but also in rust based projects like PBS.

I'd recommend skimming the SectionConfig.pm in the pve-commong git repo
to get a basic overview. And as the underlying config types (meaning dns
and standalone) already define a schema for their respective config types,
and while we did not really reuse that for return schema until now IIRC,
it might actually work quite well to reuse the createSchema method (or
a slight derivation from that).

That said, doing that naturally adds a bit of scope to the task you're
doing here, might be still a nice learning experience in any case though.

The rest of the review commits are written such that they ignore the
potential for reusing the SectionConfig for the schema.

> Signed-off-by: Nicolas Frey <n.frey at proxmox.com>
> ---
>  PVE/API2/ACMEPlugin.pm | 49 ++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 49 insertions(+)
> 
> diff --git a/PVE/API2/ACMEPlugin.pm b/PVE/API2/ACMEPlugin.pm
> index 510101aa..b67cb1ff 100644
> --- a/PVE/API2/ACMEPlugin.pm
> +++ b/PVE/API2/ACMEPlugin.pm
> @@ -76,6 +76,29 @@ __PACKAGE__->register_method({
>              type => "object",
>              properties => {
>                  plugin => get_standard_option('pve-acme-pluginid'),
> +                'validation-delay' => {
> +                    type => 'integer',
> +                    description => 'Waiting period after a DNS record is created.',

Stating the unit is always great for such things, as else the user has
to guess if this is milliseconds, seconds, minutes, ...

The wording is also slightly ambiguous IMO, maybe go with something like:

The waiting period in seconds before validation starts after a DNS challenge
record has been created.

> +                    default => 30,
> +                    optional => 1
> +                },
> +                data => {
> +                    type => 'string',
> +                    description => 'Additional data like keys, server, url etc.',
> +                    optional => 1
> +                },
> +                api => {
> +                    type => 'string',
> +                    description => 'One of the DNS APIs listed in /json/cluster/challenge-schema.'

Referring to another API endpoint can be OK, but I'd not include the
formatter, as we have multiple ones (e.g. json, extjs, html).

And this should be marked as optional, as while it's always present for
the plugins of type "dns", it isn't for the ones of type "standalone" (HTTP
challenge).

> +                },
> +                digest => {
> +                    type => 'string',
> +                    description => 'Digest to detect modification.'
> +                },
> +                type => {
> +                    type => 'string',
> +                    description => ''

Should have a description and could be a enumeration of the possible variants,
i.e.:

    enum => ['dns', 'standalone']

> +                },
>              },
>          },
>          links => [{ rel => 'child', href => "{plugin}" }],
> @@ -113,6 +136,32 @@ __PACKAGE__->register_method({
>      },
>      returns => {
>          type => 'object',
> +        properties => {
> +            plugin => get_standard_option('pve-acme-pluginid'),
> +            'validation-delay' => {
> +                type => 'integer',
> +                description => 'Waiting period after a DNS record is created.',
> +                default => 30,
> +                optional => 1
> +            },
> +            data => {
> +                type => 'string',
> +                description => 'Additional data like keys, server, url etc.',
> +                optional => 1
> +            },
> +            api => {
> +                type => 'string',
> +                description => 'One of the DNS APIs listed in /json/cluster/challenge-schema.'
> +            },
> +            digest => {
> +                type => 'string',
> +                description => ''
> +            },
> +            type => {
> +                type => 'string',
> +                description => ''
> +            },

shares comments with above, and FWIW, even if we do not want to reuse the section
config schema, we still could use a hash variable to reuse the same schema between
both methods, once nested in an array and once as directed return schema.

> +        },
>      },
>      code => sub {
>          my ($param) = @_;





More information about the pve-devel mailing list