From: Shan Shaji <s.shaji@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [PATCH datacenter-manager v4 2/5] api: acme: define API type for ACME registration parameters
Date: Wed, 1 Apr 2026 16:21:40 +0200 [thread overview]
Message-ID: <20260401142143.309509-3-s.shaji@proxmox.com> (raw)
In-Reply-To: <20260401142143.309509-1-s.shaji@proxmox.com>
Earlier, the ACME CLI was using the proxmox-acme-api crate's register
function to register an ACME account. Since it did not create a worker
task internally, the logs were not being recorded in the task log file.
The API handler function accepts a `Value` type, inorder to pass the
parameters from the CLI, it had to be converted into a `Value` type. To
support this defined a new struct to create the request parameters. This
also makes sure that even if additional parameters are added later, they
are not forgotten in the CLI tool.
Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
---
changes since v3:
- fix merge conflicts inside the register_account function.
changes since v2: Thanks @Lukas
- add doc comments for AcmeRegistrationParams fields.
lib/pdm-api-types/src/acme.rs | 65 +++++++++++++++++++++++++++++++++++
lib/pdm-api-types/src/lib.rs | 2 ++
server/src/api/config/acme.rs | 48 ++++++++------------------
3 files changed, 82 insertions(+), 33 deletions(-)
create mode 100644 lib/pdm-api-types/src/acme.rs
diff --git a/lib/pdm-api-types/src/acme.rs b/lib/pdm-api-types/src/acme.rs
new file mode 100644
index 0000000..8684eac
--- /dev/null
+++ b/lib/pdm-api-types/src/acme.rs
@@ -0,0 +1,65 @@
+use serde::{Deserialize, Serialize};
+
+use proxmox_acme_api::AcmeAccountName;
+use proxmox_schema::{api, ApiStringFormat, ArraySchema, Schema, StringSchema};
+
+use crate::EMAIL_SCHEMA;
+
+pub const ACME_CONTACT_LIST_SCHEMA: Schema =
+ StringSchema::new("List of email addresses, comma seperated.")
+ .format(&ApiStringFormat::PropertyString(
+ &ArraySchema::new("Contact list.", &EMAIL_SCHEMA).schema(),
+ ))
+ .schema();
+
+#[api(
+ properties: {
+ name: {
+ type: AcmeAccountName,
+ optional: true,
+ },
+ contact: {
+ schema: ACME_CONTACT_LIST_SCHEMA
+ },
+ tos_url: {
+ type: String,
+ optional: true,
+ },
+ directory: {
+ type: String,
+ optional: true,
+ },
+ eab_kid: {
+ type: String,
+ optional: true,
+ },
+ eab_hmac_key: {
+ type: String,
+ optional: true,
+ }
+ },
+)]
+#[derive(Serialize, Deserialize)]
+/// ACME account registration properties.
+pub struct AcmeRegistrationParams {
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub name: Option<AcmeAccountName>,
+
+ pub contact: String,
+
+ /// URL of CA TermsOfService - setting this indicates agreement.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub tos_url: Option<String>,
+
+ /// The ACME Directory.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub directory: Option<String>,
+
+ /// Key Identifier for External Account Binding.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub eab_kid: Option<String>,
+
+ /// HMAC key for External Account Binding.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub eab_hmac_key: Option<String>,
+}
diff --git a/lib/pdm-api-types/src/lib.rs b/lib/pdm-api-types/src/lib.rs
index d4cc7ef..fec3c8f 100644
--- a/lib/pdm-api-types/src/lib.rs
+++ b/lib/pdm-api-types/src/lib.rs
@@ -116,6 +116,8 @@ pub mod sdn;
pub mod views;
+pub mod acme;
+
const_regex! {
// just a rough check - dummy acceptor is used before persisting
pub OPENSSL_CIPHERS_REGEX = r"^[0-9A-Za-z_:, +!\-@=.]+$";
diff --git a/server/src/api/config/acme.rs b/server/src/api/config/acme.rs
index e18975a..cd85ef4 100644
--- a/server/src/api/config/acme.rs
+++ b/server/src/api/config/acme.rs
@@ -1,5 +1,6 @@
use anyhow::{Context, Error};
+use pdm_api_types::acme::AcmeRegistrationParams;
use proxmox_router::list_subdirs_api_method;
use proxmox_router::{Router, RpcEnvironment, SubdirMap};
@@ -79,31 +80,9 @@ pub fn list_accounts() -> Result<Vec<AccountEntry>, Error> {
#[api(
input: {
properties: {
- name: {
- type: AcmeAccountName,
- optional: true,
- },
- contact: {
- description: "List of email addresses.",
- },
- tos_url: {
- description: "URL of CA TermsOfService - setting this indicates agreement.",
- optional: true,
- },
- directory: {
- type: String,
- description: "The ACME Directory.",
- optional: true,
- },
- eab_kid: {
- type: String,
- description: "Key Identifier for External Account Binding.",
- optional: true,
- },
- eab_hmac_key: {
- type: String,
- description: "HMAC Key for External Account Binding.",
- optional: true,
+ params: {
+ type: AcmeRegistrationParams,
+ flatten: true
}
},
},
@@ -116,16 +95,19 @@ pub fn list_accounts() -> Result<Vec<AccountEntry>, Error> {
},
)]
/// Register an ACME account.
-fn register_account(
- name: Option<AcmeAccountName>,
- // Todo: email & email-list schema
- contact: String,
- tos_url: Option<String>,
- directory: Option<String>,
- eab_kid: Option<String>,
- eab_hmac_key: Option<String>,
+pub fn register_account(
+ params: AcmeRegistrationParams,
rpcenv: &mut dyn RpcEnvironment,
) -> Result<String, Error> {
+ let AcmeRegistrationParams {
+ name,
+ contact,
+ tos_url,
+ directory,
+ eab_kid,
+ eab_hmac_key,
+ } = params;
+
let auth_id = rpcenv.get_auth_id().context("no authid available")?;
let name = name.unwrap_or_else(|| unsafe {
AcmeAccountName::from_string_unchecked("default".to_string())
--
2.47.3
next prev parent reply other threads:[~2026-04-01 14:21 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-01 14:21 [PATCH datacenter-manager v4 0/5] fix #7179: expose ACME commands inside admin CLI Shan Shaji
2026-04-01 14:21 ` [PATCH datacenter-manager v4 1/5] cli: admin: initialize worker tasks before calling acme API methods Shan Shaji
2026-04-01 14:21 ` Shan Shaji [this message]
2026-04-01 14:21 ` [PATCH datacenter-manager v4 3/5] server: api: add contact schema for ACME account update endpoint Shan Shaji
2026-04-01 14:21 ` [PATCH datacenter-manager v4 4/5] fix #7179: cli: admin: add commands to manage ACME settings Shan Shaji
2026-04-01 14:21 ` [PATCH datacenter-manager v4 5/5] chore: update proxmox-acme version to 1 Shan Shaji
2026-04-02 12:04 ` applied: [PATCH datacenter-manager v4 0/5] fix #7179: expose ACME commands inside admin CLI Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260401142143.309509-3-s.shaji@proxmox.com \
--to=s.shaji@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.