From: Christoph Heiss <c.heiss@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [PATCH datacenter-manager v3 19/38] server: api: auto-installer: add access token management endpoints
Date: Fri, 3 Apr 2026 18:53:51 +0200 [thread overview]
Message-ID: <20260403165437.2166551-20-c.heiss@proxmox.com> (raw)
In-Reply-To: <20260403165437.2166551-1-c.heiss@proxmox.com>
Quick overview:
GET /auto-install/tokens
list all available answer authentication tokens
POST /auto-install/tokens
create a new token
PUT /auto-install/tokens/{id}
update an existing token
DELETE /auto-install/tokens/{id}
delete an existing token
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v2 -> v3:
* new patch
server/src/api/auto_installer/mod.rs | 279 ++++++++++++++++++++++++++-
1 file changed, 276 insertions(+), 3 deletions(-)
diff --git a/server/src/api/auto_installer/mod.rs b/server/src/api/auto_installer/mod.rs
index 60eccd8..fed88aa 100644
--- a/server/src/api/auto_installer/mod.rs
+++ b/server/src/api/auto_installer/mod.rs
@@ -1,17 +1,18 @@
//! Implements all the methods under `/api2/json/auto-install/`.
-use anyhow::{anyhow, Result};
+use anyhow::{anyhow, Context, Result};
use handlebars::Handlebars;
use http::StatusCode;
use std::collections::{BTreeMap, HashMap};
use pdm_api_types::{
auto_installer::{
+ AnswerAuthToken, AnswerAuthTokenUpdater, DeletableAnswerAuthTokenProperty,
DeletablePreparedInstallationConfigProperty, Installation, InstallationStatus,
PreparedInstallationConfig, PreparedInstallationConfigUpdater, INSTALLATION_UUID_SCHEMA,
PREPARED_INSTALL_CONFIG_ID_SCHEMA,
},
- ConfigDigest, PRIV_SYS_AUDIT, PRIV_SYS_MODIFY, PROXMOX_CONFIG_DIGEST_SCHEMA,
+ Authid, ConfigDigest, PRIV_SYS_AUDIT, PRIV_SYS_MODIFY, PROXMOX_CONFIG_DIGEST_SCHEMA,
};
use pdm_config::auto_install::types::PreparedInstallationSectionConfigWrapper;
use proxmox_installer_types::{
@@ -27,7 +28,9 @@ use proxmox_router::{
http_bail, list_subdirs_api_method, ApiHandler, ApiMethod, ApiResponseFuture, Permission,
Router, RpcEnvironment, SubdirMap,
};
-use proxmox_schema::{api, AllOfSchema, ApiType, ParameterSchema, ReturnType, StringSchema};
+use proxmox_schema::{
+ api, api_types::COMMENT_SCHEMA, AllOfSchema, ApiType, ParameterSchema, ReturnType, StringSchema,
+};
use proxmox_sortable_macro::sortable;
use proxmox_uuid::Uuid;
@@ -62,6 +65,18 @@ const SUBDIRS: SubdirMap = &sorted!([
.delete(&API_METHOD_DELETE_PREPARED_ANSWER)
)
),
+ (
+ "tokens",
+ &Router::new()
+ .get(&API_METHOD_LIST_TOKENS)
+ .post(&API_METHOD_CREATE_TOKEN)
+ .match_all(
+ "id",
+ &Router::new()
+ .put(&API_METHOD_UPDATE_TOKEN)
+ .delete(&API_METHOD_DELETE_TOKEN)
+ )
+ ),
]);
pub const ROUTER: Router = Router::new()
@@ -698,6 +713,264 @@ async fn handle_post_hook(uuid: Uuid, info: PostHookInfo) -> Result<()> {
Ok(())
}
+#[api(
+ returns: {
+ description: "List of secrets for authenticating automated installations requests.",
+ type: Array,
+ items: {
+ type: AnswerAuthToken,
+ },
+ },
+ access: {
+ permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_AUDIT, false),
+ },
+)]
+/// GET /auto-install/tokens
+///
+/// Get all tokens that can be used for authenticating automated installations requests.
+async fn list_tokens(rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<AnswerAuthToken>> {
+ let (secrets, digest) = pdm_config::auto_install::read_tokens()?;
+
+ rpcenv["digest"] = hex::encode(digest).into();
+
+ Ok(secrets.values().map(|t| t.clone().into()).collect())
+}
+
+#[api(
+ input: {
+ properties: {
+ id: {
+ type: String,
+ description: "Token ID.",
+ },
+ comment: {
+ schema: COMMENT_SCHEMA,
+ optional: true,
+ },
+ enabled: {
+ type: bool,
+ description: "Whether the token is enabled.",
+ default: true,
+ optional: true,
+ },
+ "expire-at": {
+ type: Integer,
+ description: "Token expiration date, in seconds since the epoch. '0' means no expiration.",
+ default: 0,
+ minimum: 0,
+ optional: true,
+ },
+ },
+ },
+ returns: {
+ type: Object,
+ description: "Secret of the newly created token.",
+ properties: {
+ token: {
+ type: AnswerAuthToken,
+ },
+ secret: {
+ type: String,
+ description: "Secret of the newly created token.",
+ },
+ },
+ },
+ access: {
+ permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_MODIFY, false),
+ },
+ protected: true,
+)]
+/// POST /auto-install/tokens
+///
+/// Creates a new token for authenticating automated installations.
+async fn create_token(
+ id: String,
+ comment: Option<String>,
+ enabled: Option<bool>,
+ expire_at: Option<i64>,
+ rpcenv: &mut dyn RpcEnvironment,
+) -> Result<serde_json::Value> {
+ let _lock = pdm_config::auto_install::token_write_lock();
+
+ let authid = rpcenv
+ .get_auth_id()
+ .ok_or_else(|| anyhow!("no authid"))?
+ .parse::<Authid>()?;
+
+ let token = AnswerAuthToken {
+ id,
+ created_by: authid.user().clone(),
+ comment,
+ enabled,
+ expire_at,
+ };
+ let secret = Uuid::generate();
+
+ pdm_config::auto_install::add_token(&token, &secret.to_string())
+ .context("failed to create new token")?;
+
+ Ok(serde_json::json!({
+ "token": token,
+ "secret": secret,
+ }))
+}
+
+#[api(
+ input: {
+ properties: {
+ id: {
+ type: String,
+ description: "Token ID.",
+ },
+ update: {
+ type: AnswerAuthTokenUpdater,
+ flatten: true,
+ },
+ delete: {
+ type: Array,
+ description: "List of properties to delete.",
+ optional: true,
+ items: {
+ type: DeletableAnswerAuthTokenProperty,
+ }
+ },
+ "regenerate-secret": {
+ type: bool,
+ description: "Whether to regenerate the current secret, invalidating the old one.",
+ optional: true,
+ default: false,
+ },
+ digest: {
+ type: ConfigDigest,
+ optional: true,
+ },
+ },
+ },
+ returns: {
+ type: Object,
+ description: "The updated access token information.",
+ properties: {
+ token: {
+ type: AnswerAuthToken,
+ },
+ },
+ },
+ access: {
+ permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_MODIFY, false),
+ },
+ protected: true,
+)]
+/// PUT /auto-install/tokens/{id}
+///
+/// Updates an existing access token.
+async fn update_token(
+ id: String,
+ update: AnswerAuthTokenUpdater,
+ delete: Option<Vec<DeletableAnswerAuthTokenProperty>>,
+ regenerate_secret: bool,
+ digest: Option<ConfigDigest>,
+) -> Result<serde_json::Value> {
+ let _lock = pdm_config::auto_install::token_write_lock();
+ let (tokens, config_digest) = pdm_config::auto_install::read_tokens()?;
+
+ config_digest.detect_modification(digest.as_ref())?;
+
+ let mut token: AnswerAuthToken = match tokens.get(&id.to_string()).cloned() {
+ Some(token) => token.into(),
+ None => http_bail!(NOT_FOUND, "no such access token: {id}"),
+ };
+
+ if let Some(delete) = delete {
+ for prop in delete {
+ match prop {
+ DeletableAnswerAuthTokenProperty::Comment => token.comment = None,
+ DeletableAnswerAuthTokenProperty::ExpireAt => token.expire_at = None,
+ }
+ }
+ }
+
+ let AnswerAuthTokenUpdater {
+ comment,
+ enabled,
+ expire_at,
+ } = update;
+
+ if let Some(comment) = comment {
+ token.comment = Some(comment);
+ }
+
+ if let Some(enabled) = enabled {
+ token.enabled = Some(enabled);
+ }
+
+ if let Some(expire_at) = expire_at {
+ token.expire_at = Some(expire_at);
+ }
+
+ if regenerate_secret {
+ // If the user instructed to update secret, just delete + re-create the token and let
+ // the config implementation handle updating the shadow
+ pdm_config::auto_install::delete_token(&token.id)?;
+
+ let secret = Uuid::generate();
+ pdm_config::auto_install::add_token(&token, &secret.to_string())?;
+
+ Ok(serde_json::json!({
+ "token": token,
+ "secret": secret,
+ }))
+ } else {
+ pdm_config::auto_install::update_token(&token).context("failed to update token")?;
+
+ Ok(serde_json::json!({
+ "token": token,
+ }))
+ }
+}
+
+#[api(
+ input: {
+ properties: {
+ id: {
+ type: String,
+ description: "Token ID.",
+ },
+ },
+ },
+ access: {
+ permission: &Permission::Privilege(&["system", "auto-installation"], PRIV_SYS_MODIFY, false),
+ },
+ protected: true,
+)]
+/// DELETE /auto-install/tokens/{id}
+///
+/// Deletes a prepared auto-installer answer configuration.
+///
+/// If the token is currently in use by any prepared answer configuration, the deletion will fail.
+async fn delete_token(id: String) -> Result<()> {
+ // first check if the token is used anywhere
+ let (prepared, _) = pdm_config::auto_install::read_prepared_answers()?;
+
+ let used = prepared
+ .values()
+ .filter_map(|p| {
+ let PreparedInstallationSectionConfigWrapper::PreparedConfig(p) = p;
+ p.authorized_tokens.contains(&id).then(|| p.id.clone())
+ })
+ .collect::<Vec<String>>();
+
+ if !used.is_empty() {
+ http_bail!(
+ CONFLICT,
+ "token still in use by answer configurations: {}",
+ used.join(", ")
+ );
+ }
+
+ let _lock = pdm_config::auto_install::token_write_lock();
+ pdm_config::auto_install::delete_token(&id)
+}
+
/// Tries to find a prepared answer configuration matching the given target node system
/// information.
///
--
2.53.0
next prev parent reply other threads:[~2026-04-03 16:55 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-03 16:53 [PATCH proxmox/yew-pwt/datacenter-manager/installer v3 00/38] add auto-installer integration Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 01/38] api-macro: allow $ in identifier name Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 02/38] schema: oneOf: allow single string variant Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 03/38] schema: implement UpdaterType for HashMap and BTreeMap Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 04/38] network-types: move `Fqdn` type from proxmox-installer-common Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 05/38] network-types: implement api type for Fqdn Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 06/38] network-types: add api wrapper type for std::net::IpAddr Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 07/38] network-types: cidr: implement generic `IpAddr::new` constructor Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 08/38] network-types: fqdn: implement standard library Error for Fqdn Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 09/38] node-status: make KernelVersionInformation Clone + PartialEq Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 10/38] installer-types: add common types used by the installer Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 11/38] installer-types: add types used by the auto-installer Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 12/38] installer-types: implement api type for all externally-used types Christoph Heiss
2026-04-03 16:53 ` [PATCH yew-widget-toolkit v3 13/38] widget: kvlist: add widget for user-modifiable data tables Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 14/38] api-types, cli: use ReturnType::new() instead of constructing it manually Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 15/38] api-types: add api types for auto-installer integration Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 16/38] config: add auto-installer configuration module Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 17/38] acl: wire up new /system/auto-installation acl path Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 18/38] server: api: add auto-installer integration module Christoph Heiss
2026-04-03 16:53 ` Christoph Heiss [this message]
2026-04-03 16:53 ` [PATCH datacenter-manager v3 20/38] client: add bindings for auto-installer endpoints Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 21/38] ui: auto-installer: add installations overview panel Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 22/38] ui: auto-installer: add prepared answer configuration panel Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 23/38] ui: auto-installer: add access token " Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 24/38] docs: add documentation for auto-installer integration Christoph Heiss
2026-04-03 16:53 ` [PATCH installer v3 25/38] install: iso env: use JSON boolean literals for product config Christoph Heiss
2026-04-03 16:53 ` [PATCH installer v3 26/38] common: http: allow passing custom headers to post() Christoph Heiss
2026-04-03 16:53 ` [PATCH installer v3 27/38] common: options: move regex construction out of loop Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 28/38] assistant: support adding an authorization token for HTTP-based answers Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 29/38] tree-wide: used moved `Fqdn` type to proxmox-network-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 30/38] tree-wide: use `Cidr` type from proxmox-network-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 31/38] tree-wide: switch to filesystem types from proxmox-installer-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 32/38] post-hook: switch to types in proxmox-installer-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 33/38] auto: sysinfo: switch to types from proxmox-installer-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 34/38] fetch-answer: " Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 35/38] fetch-answer: http: prefer json over toml for answer format Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 36/38] fetch-answer: send auto-installer HTTP authorization token if set Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 37/38] tree-wide: switch out `Answer` -> `AutoInstallerConfig` types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 38/38] auto: drop now-dead answer file definitions Christoph Heiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260403165437.2166551-20-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox