From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 5/6] acme: plugin: add 'use-proxy' property
Date: Tue, 9 Nov 2021 16:54:21 +0000 [thread overview]
Message-ID: <20211109165422.311089-8-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20211109165422.311089-1-s.ivanov@proxmox.com>
this patch adds an optional 'use-proxy' property to the dns challenge
plugins.
If set to true and the node has configured an http_proxy the proxy
is set as 'http_proxy' and 'https_proxy' environment variable by the
plugin caller (and then used by curl)
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/acme/plugin.rs | 21 +++++++++++++++++++++
src/api2/config/acme.rs | 12 ++++++++++++
src/config/acme/plugin.rs | 8 ++++++++
3 files changed, 41 insertions(+)
diff --git a/src/acme/plugin.rs b/src/acme/plugin.rs
index 65eb60d1..d31c2b8f 100644
--- a/src/acme/plugin.rs
+++ b/src/acme/plugin.rs
@@ -13,6 +13,7 @@ use proxmox_acme_rs::{Authorization, Challenge};
use crate::acme::AcmeClient;
use crate::api2::types::AcmeDomain;
+use crate::config::node;
use proxmox_rest_server::WorkerTask;
use crate::config::acme::plugin::{DnsPlugin, PluginData};
@@ -111,6 +112,26 @@ impl DnsPlugin {
stdin_data.push(b'\n');
}
+ let proxy_config = match self.core.use_proxy {
+ Some(true) => {
+ if let Ok((node_config, _digest)) = node::config() {
+ node_config.http_proxy()
+ } else {
+ None
+ }
+ }
+ Some(false) => None,
+ None => None,
+ };
+
+ if let Some(proxy_config) = proxy_config {
+ if let Ok(proxystr) = proxy_config.to_proxy_string() {
+ stdin_data.extend(
+ format!("http_proxy={}\nhttps_proxy={}\n", proxystr, proxystr).as_bytes(),
+ );
+ stdin_data.push(b'\n');
+ }
+ }
let mut command = Command::new("/usr/bin/setpriv");
#[rustfmt::skip]
diff --git a/src/api2/config/acme.rs b/src/api2/config/acme.rs
index a37a9358..c52edd57 100644
--- a/src/api2/config/acme.rs
+++ b/src/api2/config/acme.rs
@@ -473,6 +473,10 @@ pub struct PluginConfig {
/// Flag to disable the config.
#[serde(skip_serializing_if = "Option::is_none", default)]
disable: Option<bool>,
+
+ /// Flag indicating if this plugin should use the node-wide proxy setting.
+ #[serde(skip_serializing_if = "Option::is_none", default)]
+ use_proxy: Option<bool>,
}
// See PMG/PVE's $modify_cfg_for_api sub
@@ -639,6 +643,8 @@ pub enum DeletableProperty {
disable,
/// Delete the validation-delay property
validation_delay,
+ /// Delete the use-proxy property
+ use_proxy,
}
#[api(
@@ -716,6 +722,9 @@ pub fn update_plugin(
DeletableProperty::disable => {
plugin.core.disable = None;
}
+ DeletableProperty::use_proxy => {
+ plugin.core.use_proxy = None;
+ }
}
}
}
@@ -731,6 +740,9 @@ pub fn update_plugin(
if update.disable.is_some() {
plugin.core.disable = update.disable;
}
+ if update.use_proxy.is_some() {
+ plugin.core.use_proxy = update.use_proxy;
+ }
*entry = serde_json::to_value(plugin)?;
}
diff --git a/src/config/acme/plugin.rs b/src/config/acme/plugin.rs
index 6ba5bcf7..8eade7c1 100644
--- a/src/config/acme/plugin.rs
+++ b/src/config/acme/plugin.rs
@@ -52,6 +52,10 @@ impl Default for StandalonePlugin {
minimum: 0,
maximum: 2 * 24 * 60 * 60,
},
+ "use-proxy": {
+ optional: true,
+ default: false,
+ },
},
)]
/// DNS ACME Challenge Plugin core data.
@@ -74,6 +78,10 @@ pub struct DnsPluginCore {
/// Flag to disable the config.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub disable: Option<bool>,
+
+ /// Flag indicating if this plugin should use the node-wide proxy setting.
+ #[serde(skip_serializing_if = "Option::is_none", default)]
+ pub use_proxy: Option<bool>,
}
#[api(
--
2.30.2
next prev parent reply other threads:[~2021-11-09 16:59 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 16:54 [pbs-devel] [PATCH proxmox-backup/proxmox-acme-rs/pwt] acme: add support for http_proxy and wildcard certs Stoiko Ivanov
2021-11-09 16:54 ` [pbs-devel] [PATCH widget-toolkit 1/1] acmeplugin: add use-proxy checkbox Stoiko Ivanov
2021-11-09 16:54 ` [pbs-devel] [PATCH proxmox-acme-rs 1/1] client: add support for proxies Stoiko Ivanov
2021-11-18 10:15 ` [pbs-devel] applied: " Wolfgang Bumiller
2021-11-09 16:54 ` [pbs-devel] [PATCH proxmox-backup 1/6] api: config: acme: rustfmt Stoiko Ivanov
2021-11-18 10:33 ` [pbs-devel] applied: " Wolfgang Bumiller
2021-11-09 16:54 ` [pbs-devel] [PATCH proxmox-backup 2/6] config: acme: plugin: rustfmt Stoiko Ivanov
2021-11-18 10:34 ` [pbs-devel] applied: " Wolfgang Bumiller
2021-11-09 16:54 ` [pbs-devel] [PATCH proxmox-backup 3/6] api: acme: fix typo Stoiko Ivanov
2021-11-18 10:34 ` [pbs-devel] applied: " Wolfgang Bumiller
2021-11-09 16:54 ` [pbs-devel] [PATCH proxmox-backup 4/6] acme: client: read http_proxy from node config Stoiko Ivanov
2021-11-09 16:54 ` Stoiko Ivanov [this message]
2021-11-09 16:54 ` [pbs-devel] [PATCH proxmox-backup 6/6] acme: add support for wildcard certificates Stoiko Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211109165422.311089-8-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal