[PATCH datacenter-manager] api: certificates: require only AUDIT for listing certificate info

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [PATCH datacenter-manager] api: certificates: require only AUDIT for listing certificate info
@ 2026-05-22  9:53 Christoph Heiss
  2026-05-22 14:12 ` applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Christoph Heiss @ 2026-05-22  9:53 UTC (permalink / raw)
  To: pdm-devel

No need to have listing endpoint require MODIFY permissions.

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Had a brief discussion with Shannon about this - the endpoint could
probably be even public, not requiring any particular permissions?
Since certificate information isn't private (by definition) anyway. 

Or are there plans to eventually add support for having multiple
certificates or something? In which case it *might* be useful to have
not public.

Happy to send a patch for that too, but wanted to quickly discuss it
beforehand.

 server/src/api/nodes/certificates.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/src/api/nodes/certificates.rs b/server/src/api/nodes/certificates.rs
index 47aef7a..fc12e47 100644
--- a/server/src/api/nodes/certificates.rs
+++ b/server/src/api/nodes/certificates.rs
@@ -13,7 +13,7 @@ use proxmox_acme_api::{AcmeDomain, CertificateInfo};
 use proxmox_rest_server::WorkerTask;
 use proxmox_schema::api_types::NODE_SCHEMA;
 
-use pdm_api_types::PRIV_SYS_MODIFY;
+use pdm_api_types::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
 
 use crate::auth::certs::{API_CERT_FN, API_KEY_FN};
 
@@ -60,7 +60,7 @@ fn get_certificate_info() -> Result<CertificateInfo, Error> {
         },
     },
     access: {
-        permission: &Permission::Privilege(&["system", "certificates"], PRIV_SYS_MODIFY, false),
+        permission: &Permission::Privilege(&["system", "certificates"], PRIV_SYS_AUDIT, false),
     },
     returns: {
         type: Array,
-- 
2.53.0





^ permalink raw reply related	[flat|nested] 2+ messages in thread

* applied: [PATCH datacenter-manager] api: certificates: require only AUDIT for listing certificate info
  2026-05-22  9:53 [PATCH datacenter-manager] api: certificates: require only AUDIT for listing certificate info Christoph Heiss
@ 2026-05-22 14:12 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2026-05-22 14:12 UTC (permalink / raw)
  To: pdm-devel, Christoph Heiss

On Fri, 22 May 2026 11:53:01 +0200, Christoph Heiss wrote:
> No need to have listing endpoint require MODIFY permissions.

Applied, thanks!

[1/1] api: certificates: require only AUDIT for listing certificate info
      commit: 36d0c8edb0c56168aa10879a2b71ab9e3cdb1fe4




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-05-22 14:12 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-22  9:53 [PATCH datacenter-manager] api: certificates: require only AUDIT for listing certificate info Christoph Heiss
2026-05-22 14:12 ` applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal