[pmg-devel] applied-series: [PATCH v3 api/gui/wtk/acme 0/many] Certificates & ACME

[Thomas Lamprecht <t.lamprecht@proxmox.com>]

On 16.03.21 11:24, Wolfgang Bumiller wrote:
> v3 incorporating feedback from v2:
> 
> * removed 'audit' api access for acme plugins
> * Added a new patch for pve-common for a CLI arg parsing issue.
>   (This one should be looked at more closely I think)
> * Regenerate the self-signed cert when deleting the current one.
> * Add missing $cfg->write() call
> * fixed 'challengeschema/challenge-schema' path/name issue
> * added a helper for account name/file extraction
>   (but did keep the error messages for when the file is not there for now as
>    atm it's a nicer error, can be removed in later patches)
> * replace loadSSHKeyFromFile with loadTextFromFile
> 
> ---
> v2 cover letter:
> 
> v2 incorporating feedback from v1
> 
> * api call permission fixups on account methods
> * consistent locking function implementations (without `die $@ if $@`)
> * removed unnecessary call to `sort`
> * cert regex simplification
> * reload/config update code dedup & consistency
> * removed superfluous `border: 0`
> * inlined unnecessary `initComponent`
> 
> and also contains some PVE-compatibility fixes in the acme domain view:
> widget toolkit side should now work seamlessly in the PVE UI code as
> well
> 
> ---
> Original Coverletter:
> 
> These are the pmg-api, pmg-gui and proxmox-widget-toolkit and
> proxmox-acme parts of the ACME series for PMG.
> 
> This requires `pmg-rs` package, which replaces the ACME client from
> `proxmox-acme` and provides the CSR generation and is written in rust.
> Note that the DNS challenge handling still uses proxmox-acme for now.
> 
> proxmox-acme:
>   * Just a `use` statement fixup
>   * Still used for the DNS challenge
> 
> pmg-gui:
>   Just adds the "certificate view", but the real dirt lives in the
>   widget-toolkit.
> 
> proxmox-widget-toolkits:
>   Gets the Certificate, ACME Account, ACME Plugin and ACME Domain view
>   from PVE adapted to be usable for PMG.
>   Changes to PVE are mainly:
>     * API URLs need to be provided since they differ a bit between PVE
>       and PMG.
>     * some additional buttons/fields specific to pmg generated if the
>       parameters for them are present
> 
> pmg-api:
>   Simply gets API entry points for the above. These too are mostly
>   copied from PVE and adapted (also the ACME client API from pmg-rs is slightly
>   different/cleaned up, so that's a minor incompatiblity in some
>   otherwise common code, but a `pve-rs` may fix that). But some things
>   could definitely already go to pve-common (especially schema stuff).
> 
> Note that while I did add the corresponding files to the cluster sync,
> this still needs testing *and* issuing an API certificate may break
> cluster functionality currently. (Stoiko is working on that)
> 

applied, very nice work, thanks!