From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 8AE891FF13C for ; Thu, 11 Jun 2026 14:03:58 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4ED4B3AE8; Thu, 11 Jun 2026 14:03:53 +0200 (CEST) From: Shannon Sterz To: pdm-devel@lists.proxmox.com Subject: [PATCH datacenter-manager 13/17] pdm-api-types: add staged_fingerprints field to NodeUrl Date: Thu, 11 Jun 2026 14:03:23 +0200 Message-ID: <20260611120327.257523-14-s.sterz@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260611120327.257523-1-s.sterz@proxmox.com> References: <20260611120327.257523-1-s.sterz@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1781179364769 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.108 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: O4FLZ5HRO4BYUQQ6MPY4NBCNKFJMK7E2 X-Message-ID-Hash: O4FLZ5HRO4BYUQQ6MPY4NBCNKFJMK7E2 X-MailFrom: s.sterz@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: and fix up all use sides as well as the update endpoint. Signed-off-by: Shannon Sterz --- lib/pdm-api-types/src/remotes.rs | 15 ++++++++++++++- server/src/api/pbs/mod.rs | 2 ++ server/src/api/pve/mod.rs | 3 +++ server/src/api/remotes/mod.rs | 27 ++++++++++++++++++++++++++- ui/src/remotes/config.rs | 1 + ui/src/remotes/node_url_list.rs | 1 + ui/src/remotes/wizard_page_info.rs | 1 + 7 files changed, 48 insertions(+), 2 deletions(-) diff --git a/lib/pdm-api-types/src/remotes.rs b/lib/pdm-api-types/src/remotes.rs index 50c7892e..0a2e8651 100644 --- a/lib/pdm-api-types/src/remotes.rs +++ b/lib/pdm-api-types/src/remotes.rs @@ -8,7 +8,7 @@ use proxmox_schema::{ApiType, Schema, StringSchema, Updater, api}; use proxmox_section_config::typed::ApiSectionDataEntry; use proxmox_section_config::{SectionConfig, SectionConfigPlugin}; -use crate::{Authid, HOST_OPTIONAL_PORT_FORMAT}; +use crate::{Authid, Fingerprint, HOST_OPTIONAL_PORT_FORMAT}; pub const REMOTE_ID_SCHEMA: Schema = StringSchema::new("Remote ID.") .format(&crate::PROXMOX_SAFE_ID_FORMAT) @@ -26,11 +26,19 @@ pub const REMOTE_ID_SCHEMA: Schema = StringSchema::new("Remote ID.") format: &crate::FINGERPRINT_SHA256_FORMAT, optional: true, }, + "staged-fingerprints": { + type: Array, + optional: true, + items: { + type: Fingerprint, + } + } }, default_key: "hostname", )] /// A node and its certificate information. #[derive(Clone, Debug, Deserialize, Serialize, PartialEq)] +#[serde(rename_all = "kebab-case")] pub struct NodeUrl { /// The node address. pub hostname: String, @@ -38,6 +46,11 @@ pub struct NodeUrl { /// Certificate fingerprint. #[serde(skip_serializing_if = "Option::is_none")] pub fingerprint: Option, + + /// A list of staged fingerprints. If one of these is encountered while connecting to a node, + /// they'll replace the main certificate fingerprint. The connection will be deemed valid. + #[serde(skip_serializing_if = "Option::is_none")] + pub staged_fingerprints: Option>, } #[api] diff --git a/server/src/api/pbs/mod.rs b/server/src/api/pbs/mod.rs index 1fc75c34..98a88a23 100644 --- a/server/src/api/pbs/mod.rs +++ b/server/src/api/pbs/mod.rs @@ -273,6 +273,7 @@ pub async fn scan_remote_pbs( nodes: vec![PropertyString::new(NodeUrl { hostname, fingerprint, + staged_fingerprints: None, })], authid: authid.clone(), token, @@ -325,6 +326,7 @@ pub async fn list_realm_remote_pbs( nodes: vec![PropertyString::new(NodeUrl { hostname, fingerprint, + staged_fingerprints: None, })], authid: "root@pam".parse()?, token: String::new(), diff --git a/server/src/api/pve/mod.rs b/server/src/api/pve/mod.rs index 0970f2ff..64413a3e 100644 --- a/server/src/api/pve/mod.rs +++ b/server/src/api/pve/mod.rs @@ -483,6 +483,7 @@ pub async fn scan_remote_pve( nodes: vec![PropertyString::new(NodeUrl { hostname, fingerprint, + staged_fingerprints: None, })], authid: authid.clone(), token, @@ -508,6 +509,7 @@ pub async fn scan_remote_pve( nodes.push(PropertyString::new(NodeUrl { hostname: node.node, fingerprint, + staged_fingerprints: None, })); } @@ -574,6 +576,7 @@ pub async fn list_realm_remote_pve( nodes: vec![PropertyString::new(NodeUrl { hostname, fingerprint, + staged_fingerprints: None, })], authid: "root@pam".parse()?, token: String::new(), diff --git a/server/src/api/remotes/mod.rs b/server/src/api/remotes/mod.rs index e416f619..090a3b32 100644 --- a/server/src/api/remotes/mod.rs +++ b/server/src/api/remotes/mod.rs @@ -412,7 +412,32 @@ pub fn update_remote( } } - if let Some(v) = updater.nodes { + if let Some(mut v) = updater.nodes { + for node in &mut v { + // If the updater included staged fingerprints for the remote, update them. + if node.staged_fingerprints.is_some() { + continue; + } + + // If not, keep the previous fingerprints intact. + let staged_fp = entry + .nodes + .iter() + .find_map(|n| { + if n.hostname == node.hostname + && n.fingerprint.as_ref().map(|f| f.to_lowercase()) + == node.fingerprint.as_ref().map(|f| f.to_lowercase()) + { + return Some(n.staged_fingerprints.clone()); + } + + None + }) + .flatten(); + + node.staged_fingerprints = staged_fp; + } + entry.nodes = v; } if let Some(v) = updater.authid { diff --git a/ui/src/remotes/config.rs b/ui/src/remotes/config.rs index ea3c5bcd..0e272c2c 100644 --- a/ui/src/remotes/config.rs +++ b/ui/src/remotes/config.rs @@ -59,6 +59,7 @@ pub async fn create_remote(mut data: Value, remote_type: RemoteType) -> Result<( let nodes = vec![PropertyString::new(NodeUrl { hostname: data["hostname"].as_str().unwrap_or_default().to_string(), fingerprint: data["fingerprint"].as_str().map(|fp| fp.to_string()), + staged_fingerprints: None, })]; data["nodes"] = serde_json::to_value(nodes)?; } diff --git a/ui/src/remotes/node_url_list.rs b/ui/src/remotes/node_url_list.rs index d18d8a23..4afc6482 100644 --- a/ui/src/remotes/node_url_list.rs +++ b/ui/src/remotes/node_url_list.rs @@ -220,6 +220,7 @@ impl ManagedField for PdmNodeUrlField { data: NodeUrl { hostname: String::new(), fingerprint: None, + staged_fingerprints: None, }, }) } diff --git a/ui/src/remotes/wizard_page_info.rs b/ui/src/remotes/wizard_page_info.rs index 1e56c4e1..4f8e3302 100644 --- a/ui/src/remotes/wizard_page_info.rs +++ b/ui/src/remotes/wizard_page_info.rs @@ -131,6 +131,7 @@ async fn scan( PropertyString::new(NodeUrl { hostname, fingerprint: fingerprint.map(|fp| fp.to_uppercase()), + staged_fingerprints: None, }), ); } -- 2.47.3