From: Shan Shaji <s.shaji@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [PATCH datacenter-manager v3 2/5] api: acme: define API type for ACME registration parameters
Date: Tue, 10 Feb 2026 17:32:47 +0100 [thread overview]
Message-ID: <20260210163250.398269-3-s.shaji@proxmox.com> (raw)
In-Reply-To: <20260210163250.398269-1-s.shaji@proxmox.com>
Earlier, the ACME CLI was using the proxmox-acme-api crate's register
function to register an ACME account. Since it did not create a worker
task internally, the logs were not being recorded in the task log file.
The API handler function accepts a Value type, inorder to pass the
parameters from the CLI it had to be converted into a Value type.
Defined a new struct to create the request parameters. This also makes
sure that even if additional parameters are added later, they
are not forgotten in the CLI tool.
Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
Tested-by: Lukas Wagner <l.wagner@proxmox.com>
---
changes since v2: Thanks @Lukas
- add doc comments for AcmeRegistrationParams fields.
lib/pdm-api-types/src/acme.rs | 65 +++++++++++++++++++++++++++++++++++
lib/pdm-api-types/src/lib.rs | 2 ++
server/src/api/config/acme.rs | 48 ++++++++------------------
3 files changed, 82 insertions(+), 33 deletions(-)
create mode 100644 lib/pdm-api-types/src/acme.rs
diff --git a/lib/pdm-api-types/src/acme.rs b/lib/pdm-api-types/src/acme.rs
new file mode 100644
index 0000000..8684eac
--- /dev/null
+++ b/lib/pdm-api-types/src/acme.rs
@@ -0,0 +1,65 @@
+use serde::{Deserialize, Serialize};
+
+use proxmox_acme_api::AcmeAccountName;
+use proxmox_schema::{api, ApiStringFormat, ArraySchema, Schema, StringSchema};
+
+use crate::EMAIL_SCHEMA;
+
+pub const ACME_CONTACT_LIST_SCHEMA: Schema =
+ StringSchema::new("List of email addresses, comma seperated.")
+ .format(&ApiStringFormat::PropertyString(
+ &ArraySchema::new("Contact list.", &EMAIL_SCHEMA).schema(),
+ ))
+ .schema();
+
+#[api(
+ properties: {
+ name: {
+ type: AcmeAccountName,
+ optional: true,
+ },
+ contact: {
+ schema: ACME_CONTACT_LIST_SCHEMA
+ },
+ tos_url: {
+ type: String,
+ optional: true,
+ },
+ directory: {
+ type: String,
+ optional: true,
+ },
+ eab_kid: {
+ type: String,
+ optional: true,
+ },
+ eab_hmac_key: {
+ type: String,
+ optional: true,
+ }
+ },
+)]
+#[derive(Serialize, Deserialize)]
+/// ACME account registration properties.
+pub struct AcmeRegistrationParams {
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub name: Option<AcmeAccountName>,
+
+ pub contact: String,
+
+ /// URL of CA TermsOfService - setting this indicates agreement.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub tos_url: Option<String>,
+
+ /// The ACME Directory.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub directory: Option<String>,
+
+ /// Key Identifier for External Account Binding.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub eab_kid: Option<String>,
+
+ /// HMAC key for External Account Binding.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub eab_hmac_key: Option<String>,
+}
diff --git a/lib/pdm-api-types/src/lib.rs b/lib/pdm-api-types/src/lib.rs
index d4cc7ef..fec3c8f 100644
--- a/lib/pdm-api-types/src/lib.rs
+++ b/lib/pdm-api-types/src/lib.rs
@@ -116,6 +116,8 @@ pub mod sdn;
pub mod views;
+pub mod acme;
+
const_regex! {
// just a rough check - dummy acceptor is used before persisting
pub OPENSSL_CIPHERS_REGEX = r"^[0-9A-Za-z_:, +!\-@=.]+$";
diff --git a/server/src/api/config/acme.rs b/server/src/api/config/acme.rs
index 0c583c4..3c40a27 100644
--- a/server/src/api/config/acme.rs
+++ b/server/src/api/config/acme.rs
@@ -1,5 +1,6 @@
use anyhow::Error;
+use pdm_api_types::acme::AcmeRegistrationParams;
use proxmox_router::list_subdirs_api_method;
use proxmox_router::{Router, RpcEnvironment, SubdirMap};
@@ -79,31 +80,9 @@ pub fn list_accounts() -> Result<Vec<AccountEntry>, Error> {
#[api(
input: {
properties: {
- name: {
- type: AcmeAccountName,
- optional: true,
- },
- contact: {
- description: "List of email addresses.",
- },
- tos_url: {
- description: "URL of CA TermsOfService - setting this indicates agreement.",
- optional: true,
- },
- directory: {
- type: String,
- description: "The ACME Directory.",
- optional: true,
- },
- eab_kid: {
- type: String,
- description: "Key Identifier for External Account Binding.",
- optional: true,
- },
- eab_hmac_key: {
- type: String,
- description: "HMAC Key for External Account Binding.",
- optional: true,
+ params: {
+ type: AcmeRegistrationParams,
+ flatten: true
}
},
},
@@ -116,16 +95,19 @@ pub fn list_accounts() -> Result<Vec<AccountEntry>, Error> {
},
)]
/// Register an ACME account.
-fn register_account(
- name: Option<AcmeAccountName>,
- // Todo: email & email-list schema
- contact: String,
- tos_url: Option<String>,
- directory: Option<String>,
- eab_kid: Option<String>,
- eab_hmac_key: Option<String>,
+pub fn register_account(
+ params: AcmeRegistrationParams,
rpcenv: &mut dyn RpcEnvironment,
) -> Result<String, Error> {
+ let AcmeRegistrationParams {
+ name,
+ contact,
+ tos_url,
+ directory,
+ eab_kid,
+ eab_hmac_key,
+ } = params;
+
let auth_id = rpcenv.get_auth_id().unwrap();
let name = name.unwrap_or_else(|| unsafe {
AcmeAccountName::from_string_unchecked("default".to_string())
--
2.47.3
next prev parent reply other threads:[~2026-02-10 16:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-10 16:32 [PATCH datacenter-manager v3 0/5] fix #7179: expose ACME commands inside admin CLI Shan Shaji
2026-02-10 16:32 ` [PATCH datacenter-manager v3 1/5] cli: admin: make cli handling async Shan Shaji
2026-02-10 16:32 ` Shan Shaji [this message]
2026-02-10 16:32 ` [PATCH datacenter-manager v3 3/5] server: api: add contact schema for ACME account update endpoint Shan Shaji
2026-02-10 16:32 ` [PATCH datacenter-manager v3 4/5] fix #7179: cli: admin: expose acme commands Shan Shaji
2026-02-10 16:32 ` [PATCH datacenter-manager v3 5/5] chore: update proxmox-acme version to 1 Shan Shaji
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260210163250.398269-3-s.shaji@proxmox.com \
--to=s.shaji@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.