From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 2A82C1FF13C for ; Thu, 30 Apr 2026 14:49:05 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0E18C72A7; Thu, 30 Apr 2026 14:49:05 +0200 (CEST) From: Christoph Heiss To: pdm-devel@lists.proxmox.com Subject: [PATCH datacenter-manager v4 19/40] server: api: auto-installer: add access token management endpoints Date: Thu, 30 Apr 2026 14:46:48 +0200 Message-ID: <20260430124712.1614305-20-c.heiss@proxmox.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260430124712.1614305-1-c.heiss@proxmox.com> References: <20260430124712.1614305-1-c.heiss@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1777553238930 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.926 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_MAILER 2 Automated Mailer Tag Left in Email SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: SBCWJBBYYI73RB5QZKFV3SO5MXBM46BI X-Message-ID-Hash: SBCWJBBYYI73RB5QZKFV3SO5MXBM46BI X-MailFrom: c.heiss@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Quick overview: GET /auto-install/tokens list all available answer authentication tokens POST /auto-install/tokens create a new token PUT /auto-install/tokens/{id} update an existing token DELETE /auto-install/tokens/{id} delete an existing token Signed-off-by: Christoph Heiss --- Changes v3 -> v4: * auto-generate new token when none are given for a prepared answer on create/update * use new create/update result types * adapt to `AnswerAuthToken*` -> `AnswerToken*` rename Changes v2 -> v3: * new patch server/src/api/auto_installer/mod.rs | 315 ++++++++++++++++++++++++++- 1 file changed, 304 insertions(+), 11 deletions(-) diff --git a/server/src/api/auto_installer/mod.rs b/server/src/api/auto_installer/mod.rs index 852a233..21af492 100644 --- a/server/src/api/auto_installer/mod.rs +++ b/server/src/api/auto_installer/mod.rs @@ -1,18 +1,19 @@ //! Implements all the methods under `/api2/json/auto-install/`. -use anyhow::{anyhow, Result}; +use anyhow::{anyhow, Context, Result}; use http::StatusCode; use std::collections::{BTreeMap, HashMap}; use pdm_api_types::{ auto_installer::{ - AnswerToken, DeletablePreparedInstallationConfigProperty, Installation, InstallationStatus, - PreparedInstallationConfig, PreparedInstallationConfigCreateResult, + AnswerToken, AnswerTokenCreateResult, AnswerTokenUpdateResult, AnswerTokenUpdater, + DeletableAnswerTokenProperty, DeletablePreparedInstallationConfigProperty, Installation, + InstallationStatus, PreparedInstallationConfig, PreparedInstallationConfigCreateResult, PreparedInstallationConfigUpdateResult, PreparedInstallationConfigUpdater, INSTALLATION_UUID_SCHEMA, PREPARED_INSTALL_CONFIG_ID_SCHEMA, TEMPLATE_COUNTER_NAME_REGEX, UDEV_FILTER_KEY_REGEX, }, - ConfigDigest, PRIV_SYS_AUDIT, PRIV_SYS_MODIFY, PROXMOX_CONFIG_DIGEST_SCHEMA, + Authid, ConfigDigest, PRIV_SYS_AUDIT, PRIV_SYS_MODIFY, PROXMOX_CONFIG_DIGEST_SCHEMA, }; use pdm_config::auto_install::types::PreparedInstallationSectionConfigWrapper; use proxmox_installer_types::{ @@ -28,7 +29,9 @@ use proxmox_router::{ http_bail, list_subdirs_api_method, ApiHandler, ApiMethod, ApiResponseFuture, Permission, Router, RpcEnvironment, SubdirMap, }; -use proxmox_schema::{api, AllOfSchema, ApiType, ParameterSchema, ReturnType}; +use proxmox_schema::{ + api, api_types::COMMENT_SCHEMA, AllOfSchema, ApiType, ParameterSchema, ReturnType, +}; use proxmox_sortable_macro::sortable; use proxmox_uuid::Uuid; @@ -63,6 +66,18 @@ const SUBDIRS: SubdirMap = &sorted!([ .delete(&API_METHOD_DELETE_PREPARED_ANSWER) ) ), + ( + "tokens", + &Router::new() + .get(&API_METHOD_LIST_TOKENS) + .post(&API_METHOD_CREATE_TOKEN) + .match_all( + "id", + &Router::new() + .put(&API_METHOD_UPDATE_TOKEN) + .delete(&API_METHOD_DELETE_TOKEN) + ) + ), ]); pub const ROUTER: Router = Router::new() @@ -342,6 +357,7 @@ async fn list_prepared_answers( async fn create_prepared_answer( mut config: PreparedInstallationConfig, root_password: Option, + rpcenv: &mut dyn RpcEnvironment, ) -> Result { let _lock = pdm_config::auto_install::prepared_answers_write_lock(); let (mut prepared, _) = pdm_config::auto_install::read_prepared_answers()?; @@ -376,6 +392,15 @@ async fn create_prepared_answer( ); } + let token = if config.authorized_tokens.is_empty() { + // if no token was specified, generate a new one + let token = generate_token(&config.id, rpcenv)?; + config.authorized_tokens.push(token.token.id.clone()); + Some(token) + } else { + None + }; + validate_udev_filter_map(&config.netdev_filter)?; validate_udev_filter_map(&config.disk_filter)?; validate_template_map(&config.template_counters)?; @@ -383,10 +408,7 @@ async fn create_prepared_answer( prepared.insert(config.id.clone(), config.clone().try_into()?); pdm_config::auto_install::save_prepared_answers(&prepared)?; - Ok(PreparedInstallationConfigCreateResult { - config, - token: None, - }) + Ok(PreparedInstallationConfigCreateResult { config, token }) } #[api( @@ -462,6 +484,7 @@ async fn update_prepared_answer( root_password: Option, delete: Option>, digest: Option, + rpcenv: &mut dyn RpcEnvironment, ) -> Result { let _lock = pdm_config::auto_install::prepared_answers_write_lock(); @@ -548,7 +571,15 @@ async fn update_prepared_answer( template_counters, } = update; - if let Some(tokens) = authorized_tokens { + let mut new_token = None; + if let Some(mut tokens) = authorized_tokens { + if tokens.is_empty() { + // if no token was specified, generate a new one + let token = generate_token(&p.id, rpcenv)?; + tokens.push(token.token.id.clone()); + new_token = Some(token); + } + p.authorized_tokens = tokens; } @@ -666,7 +697,7 @@ async fn update_prepared_answer( Ok(PreparedInstallationConfigCreateResult { config, - token: None, + token: new_token, }) } @@ -752,6 +783,249 @@ async fn handle_post_hook(uuid: Uuid, info: PostHookInfo) -> Result<()> { Ok(()) } +#[api( + returns: { + description: "List of tokens for authenticating automated installations requests.", + type: Array, + items: { + type: AnswerToken, + }, + }, + access: { + permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_AUDIT, false), + }, +)] +/// GET /auto-install/tokens +/// +/// Get all tokens that can be used for authenticating automated installations requests. +async fn list_tokens(rpcenv: &mut dyn RpcEnvironment) -> Result> { + let (tokens, digest) = pdm_config::auto_install::read_tokens()?; + + rpcenv["digest"] = hex::encode(digest).into(); + + Ok(tokens.values().map(|t| t.clone().into()).collect()) +} + +#[api( + input: { + properties: { + id: { + type: String, + description: "Token ID.", + }, + comment: { + schema: COMMENT_SCHEMA, + optional: true, + }, + enabled: { + type: bool, + description: "Whether the token is enabled.", + default: true, + optional: true, + }, + "expire-at": { + type: Integer, + description: "Token expiration date, in seconds since the epoch. '0' means no expiration.", + default: 0, + minimum: 0, + optional: true, + }, + }, + }, + returns: { + type: AnswerTokenCreateResult, + }, + access: { + permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_MODIFY, false), + }, + protected: true, +)] +/// POST /auto-install/tokens +/// +/// Creates a new token for authenticating automated installations. +fn create_token( + id: String, + comment: Option, + enabled: Option, + expire_at: Option, + rpcenv: &mut dyn RpcEnvironment, +) -> Result { + let _lock = pdm_config::auto_install::tokens_write_lock(); + + let authid = rpcenv + .get_auth_id() + .ok_or_else(|| anyhow!("no authid"))? + .parse::()?; + + let token = AnswerToken { + id, + created_by: authid.user().clone(), + comment, + enabled, + expire_at, + }; + let secret = Uuid::generate(); + + pdm_config::auto_install::add_token(&token, &secret.to_string()) + .context("failed to create new token")?; + + Ok(AnswerTokenCreateResult { + token, + secret: secret.to_string(), + }) +} + +#[api( + input: { + properties: { + id: { + type: String, + description: "Token ID.", + }, + update: { + type: AnswerTokenUpdater, + flatten: true, + }, + delete: { + type: Array, + description: "List of properties to delete.", + optional: true, + items: { + type: DeletableAnswerTokenProperty, + } + }, + "regenerate-secret": { + type: bool, + description: "Whether to regenerate the current secret, invalidating the old one.", + optional: true, + default: false, + }, + digest: { + type: ConfigDigest, + optional: true, + }, + }, + }, + returns: { + type: AnswerTokenUpdateResult, + }, + access: { + permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_MODIFY, false), + }, + protected: true, +)] +/// PUT /auto-install/tokens/{id} +/// +/// Updates an existing access token. +async fn update_token( + id: String, + update: AnswerTokenUpdater, + delete: Option>, + regenerate_secret: bool, + digest: Option, +) -> Result { + let _lock = pdm_config::auto_install::tokens_write_lock(); + let (tokens, config_digest) = pdm_config::auto_install::read_tokens()?; + + config_digest.detect_modification(digest.as_ref())?; + + let mut token: AnswerToken = match tokens.get(&id.to_string()).cloned() { + Some(secret) => secret.into(), + None => http_bail!(NOT_FOUND, "no such access token: {id}"), + }; + + if let Some(delete) = delete { + for prop in delete { + match prop { + DeletableAnswerTokenProperty::Comment => token.comment = None, + DeletableAnswerTokenProperty::ExpireAt => token.expire_at = None, + } + } + } + + let AnswerTokenUpdater { + comment, + enabled, + expire_at, + } = update; + + if let Some(comment) = comment { + token.comment = Some(comment); + } + + if let Some(enabled) = enabled { + token.enabled = Some(enabled); + } + + if let Some(expire_at) = expire_at { + token.expire_at = Some(expire_at); + } + + if regenerate_secret { + // If the user instructed to update secret, just delete + re-create the token and let + // the config implementation handle updating the shadow + pdm_config::auto_install::delete_token(&token.id)?; + + let secret = Uuid::generate().to_string(); + pdm_config::auto_install::add_token(&token, &secret)?; + + Ok(AnswerTokenUpdateResult { + token, + secret: Some(secret), + }) + } else { + pdm_config::auto_install::update_token(&token).context("failed to update token")?; + + Ok(AnswerTokenUpdateResult { + token, + secret: None, + }) + } +} + +#[api( + input: { + properties: { + id: { + type: String, + description: "Token ID.", + }, + }, + }, + access: { + permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_MODIFY, false), + }, + protected: true, +)] +/// DELETE /auto-install/tokens/{id} +/// +/// Deletes a prepared auto-installer answer configuration. +/// +/// If the token is currently in use by any prepared answer configuration, the deletion will fail. +async fn delete_token(id: String) -> Result<()> { + // first check if the token is used anywhere + let (prepared, _) = pdm_config::auto_install::read_prepared_answers()?; + + let used = prepared + .values() + .filter_map(|p| { + let PreparedInstallationSectionConfigWrapper::PreparedConfig(p) = p; + p.authorized_tokens.contains(&id).then(|| p.id.clone()) + }) + .collect::>(); + + if !used.is_empty() { + http_bail!( + CONFLICT, + "token still in use by answer configurations: {}", + used.join(", ") + ); + } + + let _lock = pdm_config::auto_install::tokens_write_lock(); + pdm_config::auto_install::delete_token(&id) +} + /// Tries to find a prepared answer configuration matching the given target node system /// information. /// @@ -964,3 +1238,22 @@ fn increment_template_counters(id: &str) -> Result<()> { pdm_config::auto_install::save_prepared_answers(&prepared)?; Ok(()) } + +fn generate_token( + config_id: &str, + rpcenv: &mut dyn RpcEnvironment, +) -> Result { + let id = format!( + "{}-{}", + config_id, + hex::encode(proxmox_sys::linux::random_data(4)?) + ); + + create_token( + id.clone(), + Some("Automatically generated.".to_owned()), + Some(true), + None, + rpcenv, + ) +} -- 2.53.0