From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 4/5] Revert "api: access: domains: add get/create/update/delete domain call"
Date: Mon, 12 Jul 2021 09:48:07 +0200 [thread overview]
Message-ID: <20210712074808.1103102-7-d.csapak@proxmox.com> (raw)
In-Reply-To: <20210712074808.1103102-1-d.csapak@proxmox.com>
This reverts commit 5117cf4f1786e0b37d486413d658d78a4bcfdf53.
we already have that in api2/config/access
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
src/api2/access/domain.rs | 281 +-------------------------------------
1 file changed, 4 insertions(+), 277 deletions(-)
diff --git a/src/api2/access/domain.rs b/src/api2/access/domain.rs
index 6b1a4743..bfc7c184 100644
--- a/src/api2/access/domain.rs
+++ b/src/api2/access/domain.rs
@@ -1,18 +1,15 @@
//! List Authentication domains/realms
-use anyhow::{bail, Error};
+use anyhow::{Error};
use serde::{Deserialize, Serialize};
use serde_json::{json, Value};
use proxmox::api::{api, Permission, Router, RpcEnvironment};
+use crate::config;
use crate::api2::types::*;
-use crate::config::{
- self,
- acl::{PRIV_REALM_ALLOCATE, PRIV_SYS_AUDIT},
- domains::{OpenIdRealmConfig, OpenIdUserAttribute},
-};
+use crate::config::domains::{OpenIdRealmConfig, OpenIdUserAttribute};
#[api]
#[derive(Deserialize, Serialize, PartialEq, Eq)]
@@ -162,275 +159,5 @@ fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<BasicRealmInf
Ok(list)
}
-#[api(
- input: {
- properties: {
- realm: {
- schema: REALM_ID_SCHEMA,
- },
- },
- },
- returns: {
- type: RealmInfo,
- },
- access: {
- permission: &Permission::Privilege(&["access", "domains"], PRIV_SYS_AUDIT | PRIV_REALM_ALLOCATE, true),
- },
-)]
-/// Get information about a realm
-fn get_domain(realm: String, mut rpcenv: &mut dyn RpcEnvironment) -> Result<RealmInfo, Error> {
- let entry = match realm.as_str() {
- "pam" => json!({
- "realm": "pam",
- "type": "pam",
- "comment": "Linux PAM standard authentication",
- "default": Some(true),
- }),
- "pbs" => json!({
- "realm": "pbs",
- "type": "pbs",
- "comment": "Proxmox Backup authentication server",
- }),
- _ => {
- let (config, digest) = config::domains::config()?;
- rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();
- if let Some((section_type, v)) = config.sections.get(&realm) {
- let mut entry = v.clone();
- entry["type"] = Value::from(section_type.clone());
- entry
- } else {
- bail!("domain '{}' does not exist", realm);
- }
- }
- };
-
- Ok(serde_json::from_value(entry)?)
-}
-
-#[api(
- protected: true,
- input: {
- properties: {
- info: {
- type: RealmInfo,
- flatten: true,
- },
- },
- },
- access: {
- permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false),
- },
-)]
-/// Create a realm
-fn create_domain(param: Value) -> Result<(), Error> {
- let basic_info: BasicRealmInfo = serde_json::from_value(param.clone())?;
-
- // for now we only have to care about openid
- if basic_info.ty != RealmType::OpenId {
- bail!(
- "Cannot create realm of type '{}'",
- serde_json::to_string(&basic_info.ty)?
- );
- }
-
- let new_realm: OpenIdRealmConfig = serde_json::from_value(param)?;
- let _lock = config::domains::lock_config()?;
-
- let (mut config, _digest) = config::domains::config()?;
-
- let existing: Vec<OpenIdRealmConfig> = config.convert_to_typed_array("openid")?;
-
- for realm in existing {
- if realm.realm == new_realm.realm {
- bail!("Entry '{}' already exists", realm.realm);
- }
- }
-
- config.set_data(&new_realm.realm, "openid", &new_realm)?;
-
- config::domains::save_config(&config)?;
-
- Ok(())
-}
-
-#[api]
-#[derive(Serialize, Deserialize)]
-#[serde(rename_all = "kebab-case")]
-#[allow(non_camel_case_types)]
-pub enum DeletableProperty {
- /// Delete the comment property.
- comment,
- /// Delete the client-key property.
- client_key,
- /// Delete the autocreate property.
- autocreate,
-}
-
-#[api(
- protected: true,
- input: {
- properties: {
- realm: {
- schema: REALM_ID_SCHEMA,
- },
- comment: {
- optional: true,
- schema: SINGLE_LINE_COMMENT_SCHEMA,
- },
- "issuer-url": {
- description: "OpenID Issuer Url",
- type: String,
- optional: true,
- },
- "client-id": {
- description: "OpenID Client ID",
- type: String,
- optional: true,
- },
- "client-key": {
- description: "OpenID Client Key",
- type: String,
- optional: true,
- },
- autocreate: {
- description: "Automatically create users if they do not exist.",
- optional: true,
- type: bool,
- },
- delete: {
- description: "List of properties to delete.",
- type: Array,
- optional: true,
- items: {
- type: DeletableProperty,
- }
- },
- digest: {
- optional: true,
- schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
- },
- },
- },
- access: {
- permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false),
- },
-)]
-/// Update a realm
-fn update_domain(
- realm: String,
- comment: Option<String>,
- issuer_url: Option<String>,
- client_id: Option<String>,
- client_key: Option<String>,
- autocreate: Option<bool>,
- delete: Option<Vec<DeletableProperty>>,
- digest: Option<String>,
- _rpcenv: &mut dyn RpcEnvironment,
-) -> Result<(), Error> {
- let _lock = config::domains::lock_config()?;
-
- let (mut config, expected_digest) = config::domains::config()?;
-
- if let Some(ref digest) = digest {
- let digest = proxmox::tools::hex_to_digest(digest)?;
- crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
- }
-
- // only have to worry about openid for now
- let mut data: OpenIdRealmConfig = config.lookup("openid", realm.as_str())?;
-
- if let Some(delete) = delete {
- for delete_prop in delete {
- match delete_prop {
- DeletableProperty::comment => data.comment = None,
- DeletableProperty::client_key => data.client_key = None,
- DeletableProperty::autocreate => data.autocreate = None,
- }
- }
- }
-
- if let Some(comment) = comment {
- let comment = comment.trim().to_string();
- if comment.is_empty() {
- data.comment = None;
- } else {
- data.comment = Some(comment);
- }
- }
-
- if let Some(issuer_url) = issuer_url {
- data.issuer_url = issuer_url
- };
- if let Some(client_id) = client_id {
- data.client_id = client_id
- };
- if let Some(client_key) = client_key {
- data.client_key = if client_key.is_empty() {
- None
- } else {
- Some(client_key)
- };
- };
- if let Some(autocreate) = autocreate {
- data.autocreate = Some(autocreate)
- };
-
- config.set_data(&realm, "openid", &data)?;
-
- config::domains::save_config(&config)?;
-
- Ok(())
-}
-
-#[api(
- protected: true,
- input: {
- properties: {
- realm: {
- schema: REALM_ID_SCHEMA,
- },
- digest: {
- optional: true,
- schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
- },
- },
- },
- access: {
- permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false),
- },
-)]
-/// Delete a realm
-fn delete_domain(realm: String, digest: Option<String>) -> Result<(), Error> {
- if realm == "pam" || realm == "pbs" {
- bail!("cannot remove realm '{}'", realm);
- }
- let _lock = config::domains::lock_config()?;
-
- let (mut config, expected_digest) = config::domains::config()?;
-
- if let Some(ref digest) = digest {
- let digest = proxmox::tools::hex_to_digest(digest)?;
- crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
- }
-
- match config.sections.get(&realm) {
- Some(_) => {
- config.sections.remove(&realm);
- }
- None => bail!("realm '{}' does not exist.", realm),
- }
-
- config::domains::save_config(&config)?;
-
- Ok(())
-}
-
pub const ROUTER: Router = Router::new()
- .get(&API_METHOD_LIST_DOMAINS)
- .post(&API_METHOD_CREATE_DOMAIN)
- .match_all("realm", &DOMAIN_ROUTER);
-
-const DOMAIN_ROUTER: Router = Router::new()
- .get(&API_METHOD_GET_DOMAIN)
- .put(&API_METHOD_UPDATE_DOMAIN)
- .delete(&API_METHOD_DELETE_DOMAIN);
+ .get(&API_METHOD_LIST_DOMAINS);
--
2.30.2
next prev parent reply other threads:[~2021-07-12 7:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-12 7:48 [pbs-devel] [PATCH widget-toolkit/proxmox-backup] fix openid realm api usage Dominik Csapak
2021-07-12 7:48 ` [pbs-devel] [PATCH widget-toolkit 1/2] window/AuthEditBase: handle differenc config api urls Dominik Csapak
2021-07-12 7:48 ` [pbs-devel] [PATCH widget-toolkit 2/2] panel/AuthView: handle different baseUrls for configuring realms Dominik Csapak
2021-07-12 7:48 ` [pbs-devel] [PATCH proxmox-backup 1/5] ui: panel/AccessControl: define baseUrland useTypeInUrl for AuthView Dominik Csapak
2021-07-12 7:48 ` [pbs-devel] [PATCH proxmox-backup 2/5] api: config: access: openid: use correct parameter for matching Dominik Csapak
2021-07-12 7:48 ` [pbs-devel] [PATCH proxmox-backup 3/5] api: config: access: openid: use better Privilige Realm.Allocate Dominik Csapak
2021-07-12 7:48 ` Dominik Csapak [this message]
2021-07-12 7:48 ` [pbs-devel] [PATCH proxmox-backup 5/5] Revert "api: access: domains: add ExtraRealmInfo and RealmInfo structs" Dominik Csapak
2021-07-12 8:26 ` [pbs-devel] applied-series: [PATCH widget-toolkit/proxmox-backup] fix openid realm api usage Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210712074808.1103102-7-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.