From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id A457A1FF14C for ; Fri, 15 May 2026 09:47:13 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 80F0CE86E; Fri, 15 May 2026 09:47:13 +0200 (CEST) From: Thomas Lamprecht To: pdm-devel@lists.proxmox.com Subject: [PATCH datacenter-manager v3 00/12] subscription key pool registry Date: Fri, 15 May 2026 09:43:10 +0200 Message-ID: <20260515074623.766766-1-t.lamprecht@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778831192182 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.003 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [mod.rs] Message-ID-Hash: LZCICVHJCK3E2CZ6PS6B6A5E6NAINFKT X-Message-ID-Hash: LZCICVHJCK3E2CZ6PS6B6A5E6NAINFKT X-MailFrom: t.lamprecht@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: v3 of the Subscription Registry - many thanks @Lukas for the review! The notable shape change vs v2: the single Reissue Key patch is split into the four discrete actions PDM can drive today (Clear Key, Adopt Key, Adopt All, Check Subscription); the on-disk layout split moves to its own commit; each user-visible action ships with its api / cli / ui / docs change so a reviewer reads one patch end-to-end. Check Subscription uses the canonical UpdateSubscription from the recently uploaded proxmox-subscription 1.0.2; the matching PBS-side adoption is posted as a separate patch on proxmox-backup. Notable v2 -> v3: * Reissue Key renamed to Clear Key (v2 reissue did not actually round- trip through the shop); "Reissue" stays reserved for the future shop-side action. * Clear Pending renamed to Discard Pending; now also cancels queued clears, not just pending pushes. * New Adopt Key / Adopt All paths import a foreign live key into the pool without touching the remote, for fleet onboarding. * New Check Subscription action drives update_subscription(force=true) and invalidates the PDM cache, so a stale Invalid / Expired verdict can be promoted without waiting for the periodic check. * Pool grid columns are sortable; new Source column (hidden by default) distinguishes manually-added from adopted entries. * ESC dismisses every confirmation dialog on the registry view. * Invalid keys land with a clear error instead of staying queued with a misleading pending badge. * Per-node Revert can drop a single queued clear without the global Discard Pending. Open follow-ups, not in this series: * Shop-side full reissue, so PDM can drive the actual key rotation rather than just Clear Key on its side. * Atomic clear-and-assign so swapping a key on a node gets reduced from doing four (Clear / Apply / Assign / Apply) steps to one queued change (+ apply). * Shop-bundle import path; the on-disk shadow file plumbing already accommodates the signed SubscriptionInfo blob. * Per-row Auto-Assign overrides for pinning a specific key to a node. * Status column filter on the node-status tree. The trailing wizard commit (v3-0012) is sent as RFC and should be probably skipped; see its diffstat note for details. Thomas Lamprecht (12): api types: subscription level: render full names pdm-client: add wait_for_local_task helper subscription: pool: add data model and config layer subscription: api: add key pool and node status endpoints ui: registry: add view with key pool and node status cli: client: add subscription key pool management subcommands docs: add subscription registry chapter subscription: add Clear Key action and per-node revert subscription: add Adopt Key action for foreign live subscriptions subscription: add Adopt All bulk action subscription: add Check Subscription action ui: registry: add Add-and-Assign wizard from Assign Key dialog Cargo.toml | 4 +- cli/client/src/subscriptions.rs | 413 ++- docs/index.rst | 1 + docs/subscription-registry.rst | 84 + lib/pdm-api-types/Cargo.toml | 1 + lib/pdm-api-types/src/subscription.rs | 496 +++- lib/pdm-api-types/tests/test_import.rs | 367 +++ lib/pdm-client/Cargo.toml | 3 + lib/pdm-client/src/lib.rs | 337 ++- lib/pdm-config/src/lib.rs | 1 + lib/pdm-config/src/setup.rs | 7 + lib/pdm-config/src/subscriptions.rs | 116 + server/src/api/mod.rs | 2 + server/src/api/resources.rs | 28 +- server/src/api/subscriptions/mod.rs | 2297 +++++++++++++++++ server/src/context.rs | 7 + server/src/pbs_client.rs | 31 + ui/Cargo.toml | 2 +- ui/src/configuration/mod.rs | 3 + ui/src/configuration/subscription_assign.rs | 755 ++++++ ui/src/configuration/subscription_keys.rs | 561 ++++ ui/src/configuration/subscription_registry.rs | 1520 +++++++++++ ui/src/dashboard/subscriptions_list.rs | 18 +- ui/src/main_menu.rs | 10 + ui/src/widget/pve_node_selector.rs | 41 +- 25 files changed, 7061 insertions(+), 44 deletions(-) create mode 100644 docs/subscription-registry.rst create mode 100644 lib/pdm-api-types/tests/test_import.rs create mode 100644 lib/pdm-config/src/subscriptions.rs create mode 100644 server/src/api/subscriptions/mod.rs create mode 100644 ui/src/configuration/subscription_assign.rs create mode 100644 ui/src/configuration/subscription_keys.rs create mode 100644 ui/src/configuration/subscription_registry.rs -- 2.47.3