[PATCH proxmox 05/17] pve-api-types: expose certificates info endpoint

public inbox for pdm-devel@lists.proxmox.com
 help / color / mirror / Atom feed

From: Shannon Sterz <s.sterz@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [PATCH proxmox 05/17] pve-api-types: expose certificates info endpoint
Date: Thu, 11 Jun 2026 14:03:15 +0200	[thread overview]
Message-ID: <20260611120327.257523-6-s.sterz@proxmox.com> (raw)
In-Reply-To: <20260611120327.257523-1-s.sterz@proxmox.com>

so the certificate information of a cluster node can be queried.

Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
 pve-api-types/Cargo.toml            |  1 +
 pve-api-types/generate.pl           |  3 +++
 pve-api-types/src/generated/code.rs | 15 ++++++++++++++-
 pve-api-types/src/types/mod.rs      |  1 +
 4 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/pve-api-types/Cargo.toml b/pve-api-types/Cargo.toml
index a56cfef4..4b57f855 100644
--- a/pve-api-types/Cargo.toml
+++ b/pve-api-types/Cargo.toml
@@ -21,6 +21,7 @@ serde = { workspace = true, features = [ "derive" ] }
 serde_json.workspace = true
 serde_plain.workspace = true
 #
+proxmox-acme-api.workspace = true
 proxmox-api-macro.workspace = true
 proxmox-apt-api-types.workspace = true
 proxmox-fixed-string.workspace = true
diff --git a/pve-api-types/generate.pl b/pve-api-types/generate.pl
index 6e987753..465bba68 100755
--- a/pve-api-types/generate.pl
+++ b/pve-api-types/generate.pl
@@ -723,6 +723,9 @@ api(POST => '/nodes/{node}/ceph/start', 'start_ceph_services', 'param-name' => '
 api(POST => '/nodes/{node}/ceph/stop', 'stop_ceph_services', 'param-name' => 'StopCephServices', 'output-type' => 'PveUpid');
 api(POST => '/nodes/{node}/ceph/restart', 'restart_ceph_services', 'param-name' => 'RestartCephServices', 'output-type' => 'PveUpid');
 
+# Certificates: Allow query a node's current certificates
+api(GET => '/nodes/{node}/certificates/info', 'certificates_info', 'output-type' => 'Vec<CertificateInfo>');
+
 # NOW DUMP THE CODE:
 #
 # We generate one file for API types, and one for API method calls.
diff --git a/pve-api-types/src/generated/code.rs b/pve-api-types/src/generated/code.rs
index c66df0d9..1b3484a8 100644
--- a/pve-api-types/src/generated/code.rs
+++ b/pve-api-types/src/generated/code.rs
@@ -157,7 +157,6 @@
 /// - /nodes/{node}/certificates/acme
 /// - /nodes/{node}/certificates/acme/certificate
 /// - /nodes/{node}/certificates/custom
-/// - /nodes/{node}/certificates/info
 /// - /nodes/{node}/disks
 /// - /nodes/{node}/disks/directory
 /// - /nodes/{node}/disks/directory/{name}
@@ -350,6 +349,11 @@ pub trait PveClient {
         Err(Error::Other("ceph_osd_scrub not implemented"))
     }
 
+    /// Get information about node's certificates.
+    async fn certificates_info(&self, node: &str) -> Result<Vec<CertificateInfo>, Error> {
+        Err(Error::Other("certificates_info not implemented"))
+    }
+
     /// get the status of all ceph flags
     async fn cluster_ceph_flags(&self) -> Result<Vec<CephFlagInfo>, Error> {
         Err(Error::Other("cluster_ceph_flags not implemented"))
@@ -1870,6 +1874,15 @@ where
         self.0.post(url, &params).await?.nodata()
     }
 
+    /// Get information about node's certificates.
+    async fn certificates_info(&self, node: &str) -> Result<Vec<CertificateInfo>, Error> {
+        let url = &format!(
+            "/api2/extjs/nodes/{}/certificates/info",
+            percent_encode(node.as_bytes(), percent_encoding::NON_ALPHANUMERIC)
+        );
+        Ok(self.0.get(url).await?.expect_json()?.data)
+    }
+
     /// get the status of all ceph flags
     async fn cluster_ceph_flags(&self) -> Result<Vec<CephFlagInfo>, Error> {
         let url = "/api2/extjs/cluster/ceph/flags";
diff --git a/pve-api-types/src/types/mod.rs b/pve-api-types/src/types/mod.rs
index 22ded561..79016483 100644
--- a/pve-api-types/src/types/mod.rs
+++ b/pve-api-types/src/types/mod.rs
@@ -22,6 +22,7 @@ pub mod verifiers;
 
 use proxmox_fixed_string::FixedString;
 
+pub use proxmox_acme_api::CertificateInfo;
 pub use proxmox_apt_api_types::APTRepositoriesResult;
 
 include!("../generated/types.rs");
-- 
2.47.3

next prev parent reply	other threads:[~2026-06-11 12:03 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-11 12:03 [RFC cluster/datacenter-manager/manager/proxmox 00/17] TLS Certificate Staging Shannon Sterz
2026-06-11 12:03 ` [PATCH cluster 01/17] setup: allow caller to provide the certificate filename Shannon Sterz
2026-06-11 12:03 ` [PATCH manager 02/17] bin/api: add a new staged certificate when renewing self-signed cert Shannon Sterz
2026-06-11 12:03 ` [PATCH manager 03/17] api: certificates: if node parameter is 'localhost' return local certs Shannon Sterz
2026-06-11 12:03 ` [PATCH proxmox 04/17] client: ignore certificate trust store validation result on fp option Shannon Sterz
2026-06-11 12:03 ` Shannon Sterz [this message]
2026-06-11 12:03 ` [PATCH datacenter-manager 06/17] client: don't short-circuit on valid certificate when tls fp exists Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 07/17] client: allow users to update a changed fingerprint interactively Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 08/17] cli/api-types: move Fingerprint to common api type crate Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 09/17] server: connection: report mismatching fingerprint as untrusted on probe Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 10/17] ui: wizzard: add context if a provided fingerprint did not match remote Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 11/17] ui: wizzard: nodes page: always update fingerprints on user confirmation Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 12/17] pdm-api-types: implement ApiType for Fingerprint Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 13/17] pdm-api-types: add staged_fingerprints field to NodeUrl Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 14/17] server: remotes: lock remotes config when updating it Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 15/17] server: connection: rotate in staged fingerprints when encountering them Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 16/17] server: api: tasks: move `spawn_aborted_on_shutdown()` to super module Shannon Sterz
2026-06-11 12:03 ` [PATCH datacenter-manager 17/17] server: bin: api: tasks: add task to discover new staged certificates Shannon Sterz

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a56cfef dfblob:4b57f85 dfblob:6e98775 dfblob:465bba6
dfblob:c66df0d dfblob:1b3484a dfblob:22ded56 dfblob:7901648 )
 OR (
bs:"[PATCH proxmox 05/17] pve-api-types: expose certificates info endpoint" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260611120327.257523-6-s.sterz@proxmox.com \
    --to=s.sterz@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal