Re: [PATCH datacenter-manager 1/3] server: api: access: add endpoints for configuring pdm and pam realms

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

From: "Shan Shaji" <s.shaji@proxmox.com>
To: "Shannon Sterz" <s.sterz@proxmox.com>, <pdm-devel@lists.proxmox.com>
Subject: Re: [PATCH datacenter-manager 1/3] server: api: access: add endpoints for configuring pdm and pam realms
Date: Wed, 24 Jun 2026 14:45:52 +0200	[thread overview]
Message-ID: <DJHAG3M3K76G.2QXW1USKV61KN@proxmox.com> (raw)
In-Reply-To: <20260618102126.177217-2-s.sterz@proxmox.com>

On Thu Jun 18, 2026 at 12:21 PM CEST, Shannon Sterz wrote:
> this allows users to set those realms as default realms and also
> allows editing their comments.
>
> also makes sure that the pam and pdm realms exist in the domains.cfg
>
> Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
> ---
>  lib/pdm-api-types/src/lib.rs                  |  96 ++++++++++++++
>  lib/pdm-config/src/domains.rs                 |  37 +++++-
>  server/src/api/access/domains.rs              |  16 +--
>  server/src/api/config/access/mod.rs           |   4 +
>  server/src/api/config/access/pam.rs           | 119 ++++++++++++++++++
>  server/src/api/config/access/pdm.rs           | 119 ++++++++++++++++++
>  .../bin/proxmox-datacenter-privileged-api.rs  |   1 +
>  7 files changed, 375 insertions(+), 17 deletions(-)
>  create mode 100644 server/src/api/config/access/pam.rs
>  create mode 100644 server/src/api/config/access/pdm.rs
>

[...]

> diff --git a/server/src/api/config/access/pdm.rs b/server/src/api/config/access/pdm.rs
> new file mode 100644
> index 00000000..e35cba0c
> --- /dev/null
> +++ b/server/src/api/config/access/pdm.rs
> @@ -0,0 +1,119 @@
> +use ::serde::{Deserialize, Serialize};

small nit: Do we need the `::` symbol here?

> +use anyhow::Error;
> +
> +use proxmox_config_digest::ConfigDigest;
> +use proxmox_router::{Permission, Router, RpcEnvironment};
> +use proxmox_schema::api;
> +
> +use pdm_api_types::{PRIV_REALM_ALLOCATE, PRIV_SYS_AUDIT, PdmRealmConfig, PdmRealmConfigUpdater};
> +use pdm_config::domains;
> +
> +#[api(
> +    returns: {
> +        type: PdmRealmConfig,
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["access", "domains"], PRIV_SYS_AUDIT, false),
> +    },
> +)]
> +/// Read the Proxmox Datacenter Manager authentication server realm configuration
> +pub fn read_pdm_realm(rpcenv: &mut dyn RpcEnvironment) -> Result<PdmRealmConfig, Error> {
> +    let (domains, digest) = domains::config()?;
> +
> +    let config = domains.lookup("pdm", "pdm")?;
> +
> +    rpcenv["digest"] = digest.to_hex().into();
> +
> +    Ok(config)
> +}
> +
> +#[api]
> +#[derive(Serialize, Deserialize)]
> +#[serde(rename_all = "kebab-case")]
> +/// Deletable property name
> +pub enum DeletableProperty {
> +    /// Delete the comment property.
> +    Comment,
> +    /// Delete the default property.
> +    Default,
> +}
> +
> +#[api(
> +    protected: true,
> +    input: {
> +        properties: {
> +            update: {
> +                type: PdmRealmConfigUpdater,
> +                flatten: true,
> +            },
> +            delete: {
> +                description: "List of properties to delete.",
> +                type: Array,
> +                optional: true,
> +                items: {
> +                    type: DeletableProperty,
> +                }
> +            },
> +            digest: {
> +                optional: true,
> +                type: ConfigDigest,
> +            },
> +        },
> +    },
> +    returns: {
> +        type: PdmRealmConfig,
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false),
> +    },
> +)]
> +/// Update the Proxmox Datacenter Manager authentication server realm configuration
> +pub fn update_pdm_realm(
> +    update: PdmRealmConfigUpdater,
> +    delete: Option<Vec<DeletableProperty>>,
> +    digest: Option<ConfigDigest>,
> +    _rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<(), Error> {
> +    let _lock = domains::lock_config()?;
> +
> +    let (mut domains, expected_digest) = domains::config()?;
> +
> +    expected_digest.detect_modification(digest.as_ref())?;
> +
> +    let mut config: PdmRealmConfig = domains.lookup("pdm", "pdm")?;
> +
> +    if let Some(delete) = delete {
> +        for delete_prop in delete {
> +            match delete_prop {
> +                DeletableProperty::Comment => config.comment = None,
> +                DeletableProperty::Default => config.default = None,
> +            }
> +        }
> +    }
> +
> +    if let Some(comment) = update.comment {
> +        let comment = comment.trim().to_string();
> +        if comment.is_empty() {
> +            config.comment = None;
> +        } else {
> +            config.comment = Some(comment);
> +        }
> +    }
> +
> +    if let Some(true) = update.default {
> +        pdm_config::domains::unset_default_realm(&mut domains)?;
> +        config.default = Some(true);
> +    } else {
> +        config.default = None;
> +    }
> +
> +    domains.set_data("pdm", "pdm", &config)?;
> +
> +    domains::save_config(&domains)?;
> +
> +    Ok(())
> +}
> +
> +pub const ROUTER: Router = Router::new()
> +    .get(&API_METHOD_READ_PDM_REALM)
> +    .put(&API_METHOD_UPDATE_PDM_REALM);
> diff --git a/server/src/bin/proxmox-datacenter-privileged-api.rs b/server/src/bin/proxmox-datacenter-privileged-api.rs
> index fdc4e8a9..59d30513 100644
> --- a/server/src/bin/proxmox-datacenter-privileged-api.rs
> +++ b/server/src/bin/proxmox-datacenter-privileged-api.rs
> @@ -118,6 +118,7 @@ async fn run() -> Result<(), Error> {
>      auth::init(true);
>  
>      proxmox_acme_api::init(configdir!("/acme"), true)?;
> +    pdm_config::domains::add_default_realms()?;
>  
>      let api_user = pdm_config::api_user()?;
>      let mut command_sock = proxmox_daemon::command_socket::CommandSocket::new(api_user.gid);

next prev parent reply	other threads:[~2026-06-24 12:45 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-18 10:21 [PATCH datacenter-manager/yew-comp 0/3] Allow Editing of Default Realms in PDM Shannon Sterz
2026-06-18 10:21 ` [PATCH datacenter-manager 1/3] server: api: access: add endpoints for configuring pdm and pam realms Shannon Sterz
2026-06-24 12:45   ` Shan Shaji [this message]
2026-06-18 10:21 ` [PATCH yew-comp 2/3] auth_view: enable editing of default realms Shannon Sterz
2026-06-24 14:27   ` Shan Shaji
2026-06-18 10:21 ` [PATCH yew-comp 3/3] auth_view: clarify the documentation of pre-existing properties Shannon Sterz
2026-06-24 13:10 ` [PATCH datacenter-manager/yew-comp 0/3] Allow Editing of Default Realms in PDM Shan Shaji

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DJHAG3M3K76G.2QXW1USKV61KN@proxmox.com \
    --to=s.shaji@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    --cc=s.sterz@proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal