From: Dominik Csapak <d.csapak@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [pdm-devel] [PATCH datacenter-manager v3 13/23] ui: pve wizard: nodes: probe hosts to verify fingerprint settings
Date: Thu, 21 Aug 2025 10:39:34 +0200 [thread overview]
Message-ID: <20250821084229.1523597-14-d.csapak@proxmox.com> (raw)
In-Reply-To: <20250821084229.1523597-1-d.csapak@proxmox.com>
when advancing the wizard.
* check each host if the fingerprint is correct
* for hosts without fingerprint configured, will prompt the user to
use the fingerprints if the certificates are not trusted
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
ui/src/remotes/wizard_page_nodes.rs | 237 ++++++++++++++++++++++++++--
1 file changed, 226 insertions(+), 11 deletions(-)
diff --git a/ui/src/remotes/wizard_page_nodes.rs b/ui/src/remotes/wizard_page_nodes.rs
index ce73f6e..5b5b1ed 100644
--- a/ui/src/remotes/wizard_page_nodes.rs
+++ b/ui/src/remotes/wizard_page_nodes.rs
@@ -1,15 +1,20 @@
+use std::collections::HashMap;
use std::rc::Rc;
-use pdm_client::types::Remote;
-use pwt::css::FlexFit;
+use pdm_api_types::remotes::TlsProbeOutcome;
+use proxmox_schema::property_string::PropertyString;
+use serde_json::Value;
use yew::virtual_dom::{VComp, VNode};
-use pwt::prelude::*;
-use pwt::widget::Container;
+use pwt::css::{FlexFit, FontStyle, JustifyContent, Overflow};
+use pwt::widget::{error_message, Button, Column, Container, Dialog, Mask, Row};
+use pwt::{prelude::*, AsyncAbortGuard};
+use pwt_macros::builder;
-use proxmox_yew_comp::WizardPageRenderInfo;
+use proxmox_yew_comp::{KVGrid, KVGridRow, WizardPageRenderInfo};
-use pwt_macros::builder;
+use pdm_api_types::{remotes::NodeUrl, CertificateInfo};
+use pdm_client::types::Remote;
use super::NodeUrlList;
@@ -29,14 +34,193 @@ impl WizardPageNodes {
}
}
-pub struct PdmWizardPageNodes {}
+pub enum Msg {
+ Scan,
+ ScanResult(Vec<(String, Result<TlsProbeOutcome, proxmox_client::Error>)>),
+ ConfirmResult(bool),
+}
+
+pub struct PdmWizardPageNodes {
+ scan_results: Vec<(String, Result<TlsProbeOutcome, proxmox_client::Error>)>,
+ scan_guard: Option<AsyncAbortGuard>,
+ loading: bool,
+ certificate_rows: Rc<Vec<KVGridRow>>,
+}
+
+impl PdmWizardPageNodes {
+ fn create_certificate_confirmation_dialog(
+ &self,
+ ctx: &Context<Self>,
+ certificates: Vec<(&String, &CertificateInfo)>,
+ ) -> Dialog {
+ let link = ctx.link();
+ Dialog::new(tr!("Connection Certificate"))
+ .on_close(link.callback(|_| Msg::ConfirmResult(false)))
+ .with_child(
+ Column::new()
+ .padding(2)
+ .gap(2)
+ .class(FlexFit)
+ .with_child(Container::new().with_child(tr!(
+ "The following certificates of remote servers are not trusted."
+ )))
+ .with_child(Container::new().with_child(tr!(
+ "Do you want to trust them by saving their fingerprint?"
+ )))
+ .with_child(
+ Column::new()
+ .max_height(400)
+ .gap(1)
+ .padding(2)
+ .class(Overflow::Auto)
+ .children(certificates.into_iter().map(|(hostname, certificate)| {
+ Column::new()
+ .with_child(
+ Container::new().class(FontStyle::TitleSmall).with_child(
+ format!("{}: {hostname}", tr!("Server Address")),
+ ),
+ )
+ .with_child(
+ KVGrid::new()
+ .class(FlexFit)
+ .borderless(true)
+ .striped(false)
+ .rows(self.certificate_rows.clone())
+ .data(Rc::new(
+ serde_json::to_value(certificate)
+ .unwrap_or_default(),
+ )),
+ )
+ .into()
+ })),
+ )
+ .with_child(
+ Row::new()
+ .gap(2)
+ .class(JustifyContent::Center)
+ .with_child(
+ Button::new(tr!("Yes"))
+ .onclick(link.callback(|_| Msg::ConfirmResult(true))),
+ )
+ .with_child(
+ Button::new(tr!("No"))
+ .onclick(link.callback(|_| Msg::ConfirmResult(false))),
+ ),
+ ),
+ )
+ }
+}
impl Component for PdmWizardPageNodes {
- type Message = ();
+ type Message = Msg;
type Properties = WizardPageNodes;
fn create(_ctx: &Context<Self>) -> Self {
- Self {}
+ _ctx.props().info.on_next({
+ let link = _ctx.link().clone();
+ move |_| {
+ link.send_message(Msg::Scan);
+ false
+ }
+ });
+ Self {
+ scan_results: Vec::new(),
+ scan_guard: None,
+ loading: false,
+ certificate_rows: Rc::new(rows()),
+ }
+ }
+
+ fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
+ let props = ctx.props();
+ match msg {
+ Msg::Scan => {
+ self.loading = true;
+ let link = ctx.link().clone();
+ let nodes = props.info.form_ctx.read().get_field_value("nodes");
+ let Some(Value::Array(nodes)) = nodes else {
+ return true;
+ };
+ self.scan_guard = Some(AsyncAbortGuard::spawn(async move {
+ let futures = nodes.into_iter().filter_map(|node| {
+ let node = match serde_json::from_value::<PropertyString<NodeUrl>>(node) {
+ Ok(node) => node.into_inner(),
+ Err(_) => return None,
+ };
+
+ let future = async move {
+ let res = crate::pdm_client()
+ .pve_probe_tls(&node.hostname, node.fingerprint.as_deref())
+ .await;
+ (node.hostname, res)
+ };
+ Some(future)
+ });
+
+ let res = futures::future::join_all(futures).await;
+ link.send_message(Msg::ScanResult(res));
+ }));
+ }
+ Msg::ScanResult(scan_results) => {
+ self.loading = false;
+ self.scan_results = scan_results;
+ let mut success = true;
+ for (_hostname, result) in &self.scan_results {
+ match result {
+ Ok(TlsProbeOutcome::TrustedCertificate) => {}
+ _ => success = false,
+ }
+ }
+
+ if success {
+ props.info.go_to_next_page();
+ }
+ }
+ Msg::ConfirmResult(confirm) => {
+ if confirm {
+ // update connect information with gathered certificate information
+ // and navigate to next page
+ let mut map = HashMap::new();
+ for (hostname, res) in self.scan_results.drain(..) {
+ if let Ok(TlsProbeOutcome::UntrustedCertificate(cert)) = res {
+ if let Some(fp) = cert.fingerprint {
+ map.insert(hostname, fp);
+ }
+ }
+ }
+
+ let mut form = props.info.form_ctx.write();
+ let value = form
+ .get_field_value("nodes")
+ .unwrap_or(Value::Array(Vec::new()));
+
+ let value = match serde_json::from_value::<Vec<PropertyString<NodeUrl>>>(value)
+ {
+ Ok(mut nodes) => {
+ for node in nodes.iter_mut() {
+ if node.fingerprint.is_none() && map.contains_key(&node.hostname) {
+ node.fingerprint =
+ Some(map.get(&node.hostname).unwrap().to_uppercase());
+ }
+ }
+ // this should never fail
+ serde_json::to_value(nodes).unwrap()
+ }
+ Err(_) => {
+ // data from field is wrong, this should not happen
+ unreachable!("internal data in node field is wrong");
+ }
+ };
+
+ form.set_field_value("nodes", value);
+ drop(form);
+ props.info.go_to_next_page();
+ } else {
+ self.scan_results.clear();
+ }
+ }
+ }
+ true
}
fn view(&self, ctx: &Context<Self>) -> Html {
@@ -46,7 +230,25 @@ impl Component for PdmWizardPageNodes {
.as_ref()
.map(|info| info.nodes.clone())
.unwrap_or_default();
- Container::new()
+
+ let mut errors = Vec::new();
+ let mut certificates = Vec::new();
+
+ for (hostname, result) in &self.scan_results {
+ match result {
+ Ok(TlsProbeOutcome::UntrustedCertificate(cert)) => {
+ certificates.push((hostname, cert));
+ }
+ Ok(_) => {}
+ Err(err) => {
+ errors.push(error_message(&format!("{hostname} - {err}")).into());
+ }
+ }
+ }
+
+ let has_errors = !errors.is_empty();
+
+ let content = Container::new()
.class(FlexFit)
.padding(4)
.with_child(Container::new().padding(4).with_child(tr!(
@@ -61,10 +263,23 @@ impl Component for PdmWizardPageNodes {
.key("nodes")
.required(true),
)
- .into()
+ .with_optional_child((has_errors).then_some(Column::new().children(errors)))
+ .with_optional_child(
+ (!has_errors && !certificates.is_empty())
+ .then_some(self.create_certificate_confirmation_dialog(ctx, certificates)),
+ );
+ Mask::new(content).visible(self.loading).into()
}
}
+fn rows() -> Vec<KVGridRow> {
+ vec![
+ KVGridRow::new("fingerprint", tr!("Fingerprint")),
+ KVGridRow::new("issuer", tr!("Issuer")),
+ KVGridRow::new("subject", tr!("Subject")),
+ ]
+}
+
impl Into<VNode> for WizardPageNodes {
fn into(self) -> VNode {
let comp = VComp::new::<PdmWizardPageNodes>(Rc::new(self), None);
--
2.47.2
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-08-21 8:43 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-21 8:39 [pdm-devel] [PATCH datacenter-manager v3 00/23] ] improve remote wizard Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 01/23] server/ui: pve: change 'realm list' api call to GET Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 02/23] api types: RemoteType: put default port info to the type Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 03/23] server: connection: add probe_tls_connection helper Dominik Csapak
2025-08-21 11:46 ` Lukas Wagner
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 04/23] server: add probe-tls endpoint Dominik Csapak
2025-08-21 11:46 ` Lukas Wagner
2025-08-21 11:55 ` Dominik Csapak
2025-08-21 11:58 ` Lukas Wagner
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 05/23] server: pve api: extend 'scan' so it tls-probes the nodes Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 06/23] pdm-client: add scan_remote and probe_tls methods Dominik Csapak
2025-08-21 11:46 ` Lukas Wagner
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 07/23] ui: remotes: node url list: add placeholder and clear trigger Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 08/23] ui: remotes: node url list: make column header clearer Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 09/23] ui: remotes: node url list: handle changing default Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 10/23] ui: pve wizard: rename 'realm' variable to 'info' Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 11/23] ui: pve wizard: summary: add default text for fingerprint Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 12/23] ui: pve wizard: nodes: improve info text Dominik Csapak
2025-08-21 8:39 ` Dominik Csapak [this message]
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 14/23] ui: pve wizard: info: use pdm_client for scanning Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 15/23] ui: pve wizard: info: detect hostname and fingerprint Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 16/23] ui: pve wizard: info: remove manual scan button Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 17/23] ui: widget: add pve realm selector Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 18/23] ui: pve wizard: info: use " Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 19/23] ui: pve wizard: connect: factor out normalize_hostname Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 20/23] ui: pve wizard: connect: move connection logic to next button Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 21/23] ui: pve wizard: connect: reset later pages when form changes Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 22/23] ui: pve wizard: connect: use scan api endpoint instead of realms Dominik Csapak
2025-08-21 8:39 ` [pdm-devel] [PATCH datacenter-manager v3 23/23] ui: pve wizard: connect: add certificate confirmation dialog Dominik Csapak
2025-08-21 11:45 ` [pdm-devel] [PATCH datacenter-manager v3 00/23] ] improve remote wizard Lukas Wagner
2025-08-22 8:10 ` Thomas Lamprecht
2025-08-22 9:03 ` [pdm-devel] superseded: " Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250821084229.1523597-14-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.