From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: Markus Frank <m.frank@proxmox.com>
Cc: pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH pve-common/perl-rs/pmg-api/widget-toolkit/pmg-gui v5 0/10] fix #3892: OpenID Connect
Date: Wed, 19 Feb 2025 19:39:07 +0100 [thread overview]
Message-ID: <Z7YlS-KYHpQMG6Nt@rosa.proxmox.com> (raw)
In-Reply-To: <20250218161905.17224-1-m.frank@proxmox.com>
Thanks for the fast iteration on this!
applied the patches and compared them to your v4 - looks good from my
perspective and quick tests!
gave it another spin - my tests worked ok - one small glitch (wrong
syslog() call), and one thing that still needs a closer check (empty e-mail
addresses for OIDC users when 'autocreate' is set - see the comment on
patch 7/10.
if you send a v6, please add a hint to the patches which are based on code
from PVE where the code for PVE is (as suggested in the comment on 1/10).
On Tue, Feb 18, 2025 at 05:18:55PM +0100, Markus Frank wrote:
> Patch-series to enable OpenID Connect Login for PMG
>
> apply/compile order:
>
> pve-common:
> 1 add Schema package with auth module that contains realm sync options
>
> proxmox-perl-rs:
> 2 move openid code from pve-rs to common
> 3 remove empty PMG::RS::OpenId package to avoid confusion
>
> pmg-api:
> 4 config: add plugin system for realms
> 5 config: add oidc type realm
> 6 api: add/update/remove realms like in PVE
> 7 api: oidc login similar to PVE
>
> proxmox-widget-toolkit:
> 8 fix: window: AuthEditBase: rename variable 'realm' to 'type'
>
> pmg-gui:
> 9 login: add option to login with OIDC realm
> 10 add panel for realms to User Management
>
>
> v5:
> * renamed openid/OpenId variables, filenames and modules to oidc/OIDC
> wherever possible
> * renamed Authdomains to Realm
>
> v4:
> * split "config: add plugin system for realms & add openid type realms"
> patch into two patches
> * use the name 'OpenId' for filenames, but use 'OIDC' as realm type name
> * added autocreate-role option to set the role for automatically created
> users in a realm, but currently not exposed in GUI (needs a lot of
> changes in pmg-gui and proxmox-widget-toolkit)
>
>
>
> pve-common:
>
> Markus Frank (1):
> add Schema package with auth module that contains realm sync options
>
> src/Makefile | 2 ++
> src/PVE/Schema/Auth.pm | 82 ++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 84 insertions(+)
> create mode 100644 src/PVE/Schema/Auth.pm
>
>
> proxmox-perl-rs:
>
> Markus Frank (2):
> move openid code from pve-rs to common
> remove empty PMG::RS::OpenId package to avoid confusion
>
> common/pkg/Makefile | 1 +
> common/src/mod.rs | 1 +
> common/src/oidc/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++
> pmg-rs/Cargo.toml | 1 +
> pmg-rs/Makefile | 1 -
> pmg-rs/debian/control | 1 +
> pve-rs/src/openid/mod.rs | 32 +++++---------------
> 7 files changed, 75 insertions(+), 25 deletions(-)
> create mode 100644 common/src/oidc/mod.rs
>
>
> pmg-api:
>
> Markus Frank (4):
> config: add plugin system for realms
> config: add oidc type realm
> api: add/update/remove realms like in PVE
> api: oidc login similar to PVE
>
> src/Makefile | 6 +
> src/PMG/API2/AccessControl.pm | 17 ++-
> src/PMG/API2/OIDC.pm | 243 ++++++++++++++++++++++++++++++
> src/PMG/API2/Realm.pm | 274 ++++++++++++++++++++++++++++++++++
> src/PMG/AccessControl.pm | 33 ++++
> src/PMG/Auth/OIDC.pm | 95 ++++++++++++
> src/PMG/Auth/PAM.pm | 22 +++
> src/PMG/Auth/PMG.pm | 39 +++++
> src/PMG/Auth/Plugin.pm | 199 ++++++++++++++++++++++++
> src/PMG/HTTPServer.pm | 2 +
> src/PMG/RESTEnvironment.pm | 14 ++
> src/PMG/UserConfig.pm | 25 ++--
> src/PMG/Utils.pm | 29 +++-
> 13 files changed, 981 insertions(+), 17 deletions(-)
> create mode 100644 src/PMG/API2/OIDC.pm
> create mode 100644 src/PMG/API2/Realm.pm
> create mode 100755 src/PMG/Auth/OIDC.pm
> create mode 100755 src/PMG/Auth/PAM.pm
> create mode 100755 src/PMG/Auth/PMG.pm
> create mode 100755 src/PMG/Auth/Plugin.pm
>
>
> widget-toolkit:
>
> Markus Frank (1):
> fix: window: AuthEditBase: rename variable 'realm' to 'type'
>
> src/window/AuthEditBase.js | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>
> pmg-gui:
>
> Markus Frank (2):
> login: add option to login with OIDC realm
> add panel for realms to User Management
>
> js/LoginView.js | 208 ++++++++++++++++++++++++++++++++-----------
> js/UserManagement.js | 6 ++
> js/Utils.js | 23 +++++
> 3 files changed, 186 insertions(+), 51 deletions(-)
>
> --
> 2.39.5
>
>
>
> _______________________________________________
> pmg-devel mailing list
> pmg-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>
>
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
prev parent reply other threads:[~2025-02-19 18:39 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-18 16:18 Markus Frank
2025-02-18 16:18 ` [pmg-devel] [PATCH pve-common v5 1/10] add Schema package with auth module that contains realm sync options Markus Frank
2025-02-19 18:18 ` Stoiko Ivanov
2025-02-21 12:22 ` Fabian Grünbichler
2025-02-18 16:18 ` [pmg-devel] [PATCH proxmox-perl-rs v5 2/10] move openid code from pve-rs to common Markus Frank
2025-02-21 12:25 ` Fabian Grünbichler
2025-02-18 16:18 ` [pmg-devel] [PATCH proxmox-perl-rs v5 3/10] remove empty PMG::RS::OpenId package to avoid confusion Markus Frank
2025-02-18 16:18 ` [pmg-devel] [PATCH pmg-api v5 4/10] config: add plugin system for realms Markus Frank
2025-02-21 12:35 ` Fabian Grünbichler
2025-02-18 16:19 ` [pmg-devel] [PATCH pmg-api v5 5/10] config: add oidc type realm Markus Frank
2025-02-21 12:38 ` Fabian Grünbichler
2025-02-18 16:19 ` [pmg-devel] [PATCH pmg-api v5 6/10] api: add/update/remove realms like in PVE Markus Frank
2025-02-21 12:41 ` Fabian Grünbichler
2025-02-21 13:44 ` Markus Frank
2025-02-21 13:52 ` Fabian Grünbichler
2025-02-21 14:38 ` Stoiko Ivanov
2025-02-21 16:45 ` Thomas Lamprecht
2025-02-18 16:19 ` [pmg-devel] [PATCH pmg-api v5 7/10] api: oidc login similar to PVE Markus Frank
2025-02-19 18:31 ` Stoiko Ivanov
2025-02-21 12:44 ` Fabian Grünbichler
2025-02-18 16:19 ` [pmg-devel] [PATCH widget-toolkit v5 8/10] fix: window: AuthEditBase: rename variable 'realm' to 'type' Markus Frank
2025-02-21 12:45 ` Fabian Grünbichler
2025-02-18 16:19 ` [pmg-devel] [PATCH pmg-gui v5 09/10] login: add option to login with OIDC realm Markus Frank
2025-02-18 16:19 ` [pmg-devel] [PATCH pmg-gui v5 10/10] add panel for realms to User Management Markus Frank
2025-02-21 9:22 ` Christoph Heiss
2025-02-21 12:45 ` Fabian Grünbichler
2025-02-19 18:39 ` Stoiko Ivanov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z7YlS-KYHpQMG6Nt@rosa.proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=m.frank@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.