On March 31, 2020 12:08 pm, Wolfgang Link wrote: > With this configuration it is possible to use many different plugins > with different providers and users. > > Signed-off-by: Wolfgang Link <w.l...@proxmox.com> > --- > PVE/API2/ACMEPlugin.pm | 120 +++++++++++++++++++++++++++++++++++++++++ > PVE/API2/Cluster.pm | 6 +++ > PVE/API2/Makefile | 1 + > PVE/CLI/pvenode.pm | 11 ++++ > 4 files changed, 138 insertions(+) > create mode 100644 PVE/API2/ACMEPlugin.pm > > diff --git a/PVE/API2/ACMEPlugin.pm b/PVE/API2/ACMEPlugin.pm > new file mode 100644 > index 00000000..46d9b19e > --- /dev/null > +++ b/PVE/API2/ACMEPlugin.pm > @@ -0,0 +1,120 @@ > +package PVE::API2::ACMEPlugin; > + > +use strict; > +use warnings; > + > +use PVE::ACME::Challenge; > +use PVE::Tools qw(extract_param); > + > +PVE::ACME::DNSChallenge->register(); > +PVE::ACME::StandAlone->register(); > +PVE::ACME::Challenge->init(); > + > +use base qw(PVE::RESTHandler); > + > +__PACKAGE__->register_method({ > + name => 'get_plugin_options', > + path => 'plugin', > + method => 'GET', > + description => "Get ACME DNS plugin configuration options.", > + permissions => { > + check => ['perm', '/', [ 'Sys.Audit' ]],
this is a privilege that lots of users have (e.g., monitoring access). I think we need something more if we return DNS access tokens here? also, this needs protected=>1, since the config file is in priv/ > + }, > + parameters => { > + additionalProperties => 0, > + properties => { > + }, > + }, > + returns => { > + type => 'string', > + }, > + code => sub { > + > + my $config = PVE::ACME::Challenge::load_config(); > + my $line = ''; > + foreach my $ids (sort (keys %{$config->{ids}})) { > + $line .= "name: $ids\n"; > + foreach my $k (sort (keys %{$config->{ids}->{$ids}})) { > + my $v = $config->{ids}->{$ids}->{$k}; > + if ($k eq 'data') { > + $v = PVE::Tools::encode_text($config->{ids}->{$ids}->{$k}); > + } > + $line .= "$k: $v\n"; > + } > + $line .="\n"; > + } > + return $line; why not return the parsed config? > + }}); > + > +my $update_config = sub { > + my ($id, $op, $type, $param) = @_; > + > + my $conf = PVE::ACME::Challenge::load_config(); > + > + if ( $op eq "add" ) { > + die "Section with ID: $id already exists\n" > + if defined($conf->{ids}->{$id}); > + $conf->{ids}->{$id}->{type} = $type; > + } elsif ($op eq "del") { > + delete $conf->{ids}->{$id}; > + } > + > + foreach my $opt (keys %$param) { > + $conf->{ids}->{$id}->{$opt} = $param->{$opt}; > + } > + > + PVE::ACME::Challenge::write_conf($conf); > +}; > + > +__PACKAGE__->register_method({ > + name => 'add_plugin', > + path => 'plugin', > + method => 'POST', > + description => "Add ACME DNS plugin configuration.", > + permissions => { > + check => ['perm', '/', [ 'Sys.Modify' ]], > + }, > + protected => 1, > + parameters => PVE::ACME::Challenge->createSchema(), > + returns => { type => "null" }, > + code => sub { > + my ($param) = @_; > + > + my $id = extract_param($param, 'id'); > + my $type = extract_param($param, 'type'); > + > + PVE::ACME::Challenge::lock_config($update_config, $id, "add", $type, > $param); > + > + return undef; > + }}); > + > +__PACKAGE__->register_method({ > + name => 'delete_plugin', > + path => 'plugin', > + method => 'DELETE', > + description => "Delete ACME DNS plugin configuration.", > + permissions => { > + check => ['perm', '/', [ 'Sys.Modify' ]], > + }, > + protected => 1, > + parameters => { > + additionalProperties => 0, > + properties => { > + id => { > + description => "Plugin configuration name", > + type => 'string', > + }, > + }, > + }, > + returns => { type => "null" }, > + code => sub { > + my ($param) = @_; > + > + my $id = extract_param($param, 'id'); > + > + PVE::ACME::Challenge::lock_config($update_config, $id, "del", undef, > $param); > + > + return undef; > + }}); > + > +1; > diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm > index c802d440..0810da0a 100644 > --- a/PVE/API2/Cluster.pm > +++ b/PVE/API2/Cluster.pm > @@ -21,6 +21,7 @@ use PVE::Storage; > use PVE::Tools qw(extract_param); > > use PVE::API2::ACMEAccount; > +use PVE::API2::ACMEPlugin; > use PVE::API2::Backup; > use PVE::API2::Cluster::Ceph; > use PVE::API2::ClusterConfig; > @@ -66,6 +67,11 @@ __PACKAGE__->register_method ({ > path => 'acme', > }); > > +__PACKAGE__->register_method ({ > + subclass => "PVE::API2::ACMEPlugin", > + path => 'acmeplugin', > +}); > + > __PACKAGE__->register_method ({ > subclass => "PVE::API2::Cluster::Ceph", > path => 'ceph', > diff --git a/PVE/API2/Makefile b/PVE/API2/Makefile > index 8554efa1..28ecc070 100644 > --- a/PVE/API2/Makefile > +++ b/PVE/API2/Makefile > @@ -19,6 +19,7 @@ PERLSOURCE = \ > Certificates.pm \ > ACME.pm \ > ACMEAccount.pm \ > + ACMEPlugin.pm \ > NodeConfig.pm \ > Scan.pm \ > Hardware.pm \ > diff --git a/PVE/CLI/pvenode.pm b/PVE/CLI/pvenode.pm > index fd3cf52d..d9e41a8e 100644 > --- a/PVE/CLI/pvenode.pm > +++ b/PVE/CLI/pvenode.pm > @@ -5,6 +5,7 @@ use warnings; > > use PVE::API2::ACME; > use PVE::API2::ACMEAccount; > +use PVE::API2::ACMEPlugin; > use PVE::API2::Certificates; > use PVE::API2::NodeConfig; > use PVE::API2::Nodes; > @@ -207,6 +208,16 @@ our $cmddef = { > renew => [ 'PVE::API2::ACME', 'renew_certificate', [], { node => > $nodename }, $upid_exit ], > revoke => [ 'PVE::API2::ACME', 'revoke_certificate', [], { node => > $nodename }, $upid_exit ], > }, > + plugin => { namespace? why not under acme like the account stuff? > + get => [ 'PVE::API2::ACMEPlugin', 'get_plugin_options', [], {}, > + sub { > + my $line = shift; > + print $line; > + } ], > + add => [ 'PVE::API2::ACMEPlugin', 'add_plugin', ['type', 'id'] ], > + del => [ 'PVE::API2::ACMEPlugin', 'delete_plugin', ['id'] ], > + }, > + > }, > > wakeonlan => [ 'PVE::API2::Nodes::Nodeinfo', 'wakeonlan', [ 'node' ], > {}, sub { > -- > 2.20.1 > > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel