From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 431751FF13E for ; Fri, 03 Apr 2026 18:55:58 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0691780CC; Fri, 3 Apr 2026 18:56:29 +0200 (CEST) From: Christoph Heiss To: pdm-devel@lists.proxmox.com Subject: [PATCH datacenter-manager v3 19/38] server: api: auto-installer: add access token management endpoints Date: Fri, 3 Apr 2026 18:53:51 +0200 Message-ID: <20260403165437.2166551-20-c.heiss@proxmox.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260403165437.2166551-1-c.heiss@proxmox.com> References: <20260403165437.2166551-1-c.heiss@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1775235324038 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.934 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_MAILER 2 Automated Mailer Tag Left in Email SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 3DVSQZNMZ32EIZOFWKQE25O6RLH26M6H X-Message-ID-Hash: 3DVSQZNMZ32EIZOFWKQE25O6RLH26M6H X-MailFrom: c.heiss@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Quick overview: GET /auto-install/tokens list all available answer authentication tokens POST /auto-install/tokens create a new token PUT /auto-install/tokens/{id} update an existing token DELETE /auto-install/tokens/{id} delete an existing token Signed-off-by: Christoph Heiss --- Changes v2 -> v3: * new patch server/src/api/auto_installer/mod.rs | 279 ++++++++++++++++++++++++++- 1 file changed, 276 insertions(+), 3 deletions(-) diff --git a/server/src/api/auto_installer/mod.rs b/server/src/api/auto_installer/mod.rs index 60eccd8..fed88aa 100644 --- a/server/src/api/auto_installer/mod.rs +++ b/server/src/api/auto_installer/mod.rs @@ -1,17 +1,18 @@ //! Implements all the methods under `/api2/json/auto-install/`. -use anyhow::{anyhow, Result}; +use anyhow::{anyhow, Context, Result}; use handlebars::Handlebars; use http::StatusCode; use std::collections::{BTreeMap, HashMap}; use pdm_api_types::{ auto_installer::{ + AnswerAuthToken, AnswerAuthTokenUpdater, DeletableAnswerAuthTokenProperty, DeletablePreparedInstallationConfigProperty, Installation, InstallationStatus, PreparedInstallationConfig, PreparedInstallationConfigUpdater, INSTALLATION_UUID_SCHEMA, PREPARED_INSTALL_CONFIG_ID_SCHEMA, }, - ConfigDigest, PRIV_SYS_AUDIT, PRIV_SYS_MODIFY, PROXMOX_CONFIG_DIGEST_SCHEMA, + Authid, ConfigDigest, PRIV_SYS_AUDIT, PRIV_SYS_MODIFY, PROXMOX_CONFIG_DIGEST_SCHEMA, }; use pdm_config::auto_install::types::PreparedInstallationSectionConfigWrapper; use proxmox_installer_types::{ @@ -27,7 +28,9 @@ use proxmox_router::{ http_bail, list_subdirs_api_method, ApiHandler, ApiMethod, ApiResponseFuture, Permission, Router, RpcEnvironment, SubdirMap, }; -use proxmox_schema::{api, AllOfSchema, ApiType, ParameterSchema, ReturnType, StringSchema}; +use proxmox_schema::{ + api, api_types::COMMENT_SCHEMA, AllOfSchema, ApiType, ParameterSchema, ReturnType, StringSchema, +}; use proxmox_sortable_macro::sortable; use proxmox_uuid::Uuid; @@ -62,6 +65,18 @@ const SUBDIRS: SubdirMap = &sorted!([ .delete(&API_METHOD_DELETE_PREPARED_ANSWER) ) ), + ( + "tokens", + &Router::new() + .get(&API_METHOD_LIST_TOKENS) + .post(&API_METHOD_CREATE_TOKEN) + .match_all( + "id", + &Router::new() + .put(&API_METHOD_UPDATE_TOKEN) + .delete(&API_METHOD_DELETE_TOKEN) + ) + ), ]); pub const ROUTER: Router = Router::new() @@ -698,6 +713,264 @@ async fn handle_post_hook(uuid: Uuid, info: PostHookInfo) -> Result<()> { Ok(()) } +#[api( + returns: { + description: "List of secrets for authenticating automated installations requests.", + type: Array, + items: { + type: AnswerAuthToken, + }, + }, + access: { + permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_AUDIT, false), + }, +)] +/// GET /auto-install/tokens +/// +/// Get all tokens that can be used for authenticating automated installations requests. +async fn list_tokens(rpcenv: &mut dyn RpcEnvironment) -> Result> { + let (secrets, digest) = pdm_config::auto_install::read_tokens()?; + + rpcenv["digest"] = hex::encode(digest).into(); + + Ok(secrets.values().map(|t| t.clone().into()).collect()) +} + +#[api( + input: { + properties: { + id: { + type: String, + description: "Token ID.", + }, + comment: { + schema: COMMENT_SCHEMA, + optional: true, + }, + enabled: { + type: bool, + description: "Whether the token is enabled.", + default: true, + optional: true, + }, + "expire-at": { + type: Integer, + description: "Token expiration date, in seconds since the epoch. '0' means no expiration.", + default: 0, + minimum: 0, + optional: true, + }, + }, + }, + returns: { + type: Object, + description: "Secret of the newly created token.", + properties: { + token: { + type: AnswerAuthToken, + }, + secret: { + type: String, + description: "Secret of the newly created token.", + }, + }, + }, + access: { + permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_MODIFY, false), + }, + protected: true, +)] +/// POST /auto-install/tokens +/// +/// Creates a new token for authenticating automated installations. +async fn create_token( + id: String, + comment: Option, + enabled: Option, + expire_at: Option, + rpcenv: &mut dyn RpcEnvironment, +) -> Result { + let _lock = pdm_config::auto_install::token_write_lock(); + + let authid = rpcenv + .get_auth_id() + .ok_or_else(|| anyhow!("no authid"))? + .parse::()?; + + let token = AnswerAuthToken { + id, + created_by: authid.user().clone(), + comment, + enabled, + expire_at, + }; + let secret = Uuid::generate(); + + pdm_config::auto_install::add_token(&token, &secret.to_string()) + .context("failed to create new token")?; + + Ok(serde_json::json!({ + "token": token, + "secret": secret, + })) +} + +#[api( + input: { + properties: { + id: { + type: String, + description: "Token ID.", + }, + update: { + type: AnswerAuthTokenUpdater, + flatten: true, + }, + delete: { + type: Array, + description: "List of properties to delete.", + optional: true, + items: { + type: DeletableAnswerAuthTokenProperty, + } + }, + "regenerate-secret": { + type: bool, + description: "Whether to regenerate the current secret, invalidating the old one.", + optional: true, + default: false, + }, + digest: { + type: ConfigDigest, + optional: true, + }, + }, + }, + returns: { + type: Object, + description: "The updated access token information.", + properties: { + token: { + type: AnswerAuthToken, + }, + }, + }, + access: { + permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_MODIFY, false), + }, + protected: true, +)] +/// PUT /auto-install/tokens/{id} +/// +/// Updates an existing access token. +async fn update_token( + id: String, + update: AnswerAuthTokenUpdater, + delete: Option>, + regenerate_secret: bool, + digest: Option, +) -> Result { + let _lock = pdm_config::auto_install::token_write_lock(); + let (tokens, config_digest) = pdm_config::auto_install::read_tokens()?; + + config_digest.detect_modification(digest.as_ref())?; + + let mut token: AnswerAuthToken = match tokens.get(&id.to_string()).cloned() { + Some(token) => token.into(), + None => http_bail!(NOT_FOUND, "no such access token: {id}"), + }; + + if let Some(delete) = delete { + for prop in delete { + match prop { + DeletableAnswerAuthTokenProperty::Comment => token.comment = None, + DeletableAnswerAuthTokenProperty::ExpireAt => token.expire_at = None, + } + } + } + + let AnswerAuthTokenUpdater { + comment, + enabled, + expire_at, + } = update; + + if let Some(comment) = comment { + token.comment = Some(comment); + } + + if let Some(enabled) = enabled { + token.enabled = Some(enabled); + } + + if let Some(expire_at) = expire_at { + token.expire_at = Some(expire_at); + } + + if regenerate_secret { + // If the user instructed to update secret, just delete + re-create the token and let + // the config implementation handle updating the shadow + pdm_config::auto_install::delete_token(&token.id)?; + + let secret = Uuid::generate(); + pdm_config::auto_install::add_token(&token, &secret.to_string())?; + + Ok(serde_json::json!({ + "token": token, + "secret": secret, + })) + } else { + pdm_config::auto_install::update_token(&token).context("failed to update token")?; + + Ok(serde_json::json!({ + "token": token, + })) + } +} + +#[api( + input: { + properties: { + id: { + type: String, + description: "Token ID.", + }, + }, + }, + access: { + permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_MODIFY, false), + }, + protected: true, +)] +/// DELETE /auto-install/tokens/{id} +/// +/// Deletes a prepared auto-installer answer configuration. +/// +/// If the token is currently in use by any prepared answer configuration, the deletion will fail. +async fn delete_token(id: String) -> Result<()> { + // first check if the token is used anywhere + let (prepared, _) = pdm_config::auto_install::read_prepared_answers()?; + + let used = prepared + .values() + .filter_map(|p| { + let PreparedInstallationSectionConfigWrapper::PreparedConfig(p) = p; + p.authorized_tokens.contains(&id).then(|| p.id.clone()) + }) + .collect::>(); + + if !used.is_empty() { + http_bail!( + CONFLICT, + "token still in use by answer configurations: {}", + used.join(", ") + ); + } + + let _lock = pdm_config::auto_install::token_write_lock(); + pdm_config::auto_install::delete_token(&id) +} + /// Tries to find a prepared answer configuration matching the given target node system /// information. /// -- 2.53.0