Re: [PATCH installer v3 36/38] fetch-answer: send auto-installer HTTP authorization token if set

public inbox for pdm-devel@lists.proxmox.com
 help / color / mirror / Atom feed

From: "Lukas Wagner" <l.wagner@proxmox.com>
To: "Christoph Heiss" <c.heiss@proxmox.com>, <pdm-devel@lists.proxmox.com>
Subject: Re: [PATCH installer v3 36/38] fetch-answer: send auto-installer HTTP authorization token if set
Date: Tue, 14 Apr 2026 14:13:53 +0200	[thread overview]
Message-ID: <DHSVAXUOZJB7.3KBWAIO8LI072@proxmox.com> (raw)
In-Reply-To: <20260403165437.2166551-37-c.heiss@proxmox.com>

On Fri Apr 3, 2026 at 6:54 PM CEST, Christoph Heiss wrote:
> If an authorization token is present in the internal auto-installer
> HTTP configuration, add it as
>
>   Authorization: ProxmoxInstallerToken <token>
>

As mentioned in the other patch, *maybe* this should just be a `Bearer`
token, but no hard feelings.

> header to the POST HTTP request when retrieving the answer.
>
> Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
> ---
> Changes v2 -> v3:
>   * new patch
>
>  .../src/fetch_plugins/http.rs                 |  8 +++++++
>  proxmox-fetch-answer/src/main.rs              | 22 ++++++++++++-------
>  2 files changed, 22 insertions(+), 8 deletions(-)
>
> diff --git a/proxmox-fetch-answer/src/fetch_plugins/http.rs b/proxmox-fetch-answer/src/fetch_plugins/http.rs
> index 6508721..121b620 100644
> --- a/proxmox-fetch-answer/src/fetch_plugins/http.rs
> +++ b/proxmox-fetch-answer/src/fetch_plugins/http.rs
> @@ -95,6 +95,14 @@ impl FetchFromHTTP {
>              HeaderValue::from_str("application/json, application/toml;q=0.5")?,
>          );
>  
> +        if let Some(token) = &settings.token {
> +            info!("Authentication token provided through ISO.");
> +            headers.insert(
> +                http::header::AUTHORIZATION,
> +                HeaderValue::from_str(&format!("ProxmoxInstallerToken {token}"))?,
> +            );
> +        }
> +
>          let (body, content_type) =
>              http::post(&answer_url, fingerprint.as_deref(), headers, payload)?;
>  
> diff --git a/proxmox-fetch-answer/src/main.rs b/proxmox-fetch-answer/src/main.rs
> index 18b27e7..2e399d1 100644
> --- a/proxmox-fetch-answer/src/main.rs
> +++ b/proxmox-fetch-answer/src/main.rs
> @@ -23,8 +23,13 @@ const CLI_USAGE_HELPTEXT: &str = concat!(
>  
>  Commands:
>    iso         Fetch the builtin answer file from the ISO
> +
>    http        Fetch the answer file via HTTP(S)
> -              Additional parameters: [<http-url>] [<tls-cert-fingerprint>]
> +              Additional parameters: [<http-url>] [<tls-cert-fingerprint>] [<auth-token>]
> +
> +              To provide an authentication token without a certificate fingerprint, pass an
> +              empty string to <tls-cert-fingerprint>.
> +
>    partition   Fetch the answer file from a mountable partition
>                Additional parameters: [<partition-label>]
>  
> @@ -47,18 +52,18 @@ fn fetch_answer(install_settings: &AutoInstSettings) -> Result<String> {
>              let answer_path = PathBuf::from("/cdrom/answer.toml");
>              match fs::read_to_string(answer_path) {
>                  Ok(answer) => return Ok(answer),
> -                Err(err) => info!("Fetching answer file from ISO failed: {err}"),
> +                Err(err) => info!("Fetching answer file from ISO failed: {err:#}"),
>              }
>          }
>          FetchAnswerFrom::Partition => {
>              match FetchFromPartition::get_answer(&install_settings.partition_label) {
>                  Ok(answer) => return Ok(answer),
> -                Err(err) => info!("Fetching answer file from partition failed: {err}"),
> +                Err(err) => info!("Fetching answer file from partition failed: {err:#}"),
>              }
>          }
>          FetchAnswerFrom::Http => match FetchFromHTTP::get_answer(&install_settings.http) {
>              Ok(answer) => return Ok(answer),
> -            Err(err) => info!("Fetching answer file via HTTP failed: {err}"),
> +            Err(err) => info!("Fetching answer file via HTTP failed: {err:#}"),

It's only a pretty minor change, but it seems like these should be split
out, especially since you also touch the CDROM/Partition paths

>          },
>      }
>      bail!("Could not find any answer file!");
> @@ -80,8 +85,8 @@ fn settings_from_cli_args(args: &[String]) -> Result<AutoInstSettings> {
>          FetchAnswerFrom::Iso if args.len() > 2 => {
>              bail!("'iso' mode does not take any additional arguments")
>          }
> -        FetchAnswerFrom::Http if args.len() > 4 => {
> -            bail!("'http' mode takes at most 2 additional arguments")
> +        FetchAnswerFrom::Http if args.len() > 5 => {
> +            bail!("'http' mode takes at most 3 additional arguments")
>          }
>          FetchAnswerFrom::Partition if args.len() > 3 => {
>              bail!("'partition' mode takes at most 1 additional argument")
> @@ -97,8 +102,9 @@ fn settings_from_cli_args(args: &[String]) -> Result<AutoInstSettings> {
>              .cloned()?,
>          http: HttpOptions {
>              url: args.get(2).cloned(),
> -            cert_fingerprint: args.get(3).cloned(),
> -            token: None,
> +            // treat empty value as not existing
> +            cert_fingerprint: args.get(3).cloned().filter(|s| !s.is_empty()),
> +            token: args.get(4).cloned(),
>          },
>      })
>  }


Code-wise this looks okay, maybe split out the logging out changes into
a separate patch.

Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>

next prev parent reply	other threads:[~2026-04-14 12:13 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-03 16:53 [PATCH proxmox/yew-pwt/datacenter-manager/installer v3 00/38] add auto-installer integration Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 01/38] api-macro: allow $ in identifier name Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 02/38] schema: oneOf: allow single string variant Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 03/38] schema: implement UpdaterType for HashMap and BTreeMap Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 04/38] network-types: move `Fqdn` type from proxmox-installer-common Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 05/38] network-types: implement api type for Fqdn Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 06/38] network-types: add api wrapper type for std::net::IpAddr Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 07/38] network-types: cidr: implement generic `IpAddr::new` constructor Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 08/38] network-types: fqdn: implement standard library Error for Fqdn Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 09/38] node-status: make KernelVersionInformation Clone + PartialEq Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 10/38] installer-types: add common types used by the installer Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 11/38] installer-types: add types used by the auto-installer Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 12/38] installer-types: implement api type for all externally-used types Christoph Heiss
2026-04-03 16:53 ` [PATCH yew-widget-toolkit v3 13/38] widget: kvlist: add widget for user-modifiable data tables Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 14/38] api-types, cli: use ReturnType::new() instead of constructing it manually Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 15/38] api-types: add api types for auto-installer integration Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 16/38] config: add auto-installer configuration module Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 17/38] acl: wire up new /system/auto-installation acl path Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 18/38] server: api: add auto-installer integration module Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 19/38] server: api: auto-installer: add access token management endpoints Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 20/38] client: add bindings for auto-installer endpoints Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 21/38] ui: auto-installer: add installations overview panel Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 22/38] ui: auto-installer: add prepared answer configuration panel Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 23/38] ui: auto-installer: add access token " Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 24/38] docs: add documentation for auto-installer integration Christoph Heiss
2026-04-03 16:53 ` [PATCH installer v3 25/38] install: iso env: use JSON boolean literals for product config Christoph Heiss
2026-04-03 16:53 ` [PATCH installer v3 26/38] common: http: allow passing custom headers to post() Christoph Heiss
2026-04-14 12:13   ` Lukas Wagner
2026-04-15  8:53     ` Christoph Heiss
2026-04-03 16:53 ` [PATCH installer v3 27/38] common: options: move regex construction out of loop Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 28/38] assistant: support adding an authorization token for HTTP-based answers Christoph Heiss
2026-04-14 12:13   ` Lukas Wagner
2026-04-03 16:54 ` [PATCH installer v3 29/38] tree-wide: used moved `Fqdn` type to proxmox-network-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 30/38] tree-wide: use `Cidr` type from proxmox-network-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 31/38] tree-wide: switch to filesystem types from proxmox-installer-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 32/38] post-hook: switch to types in proxmox-installer-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 33/38] auto: sysinfo: switch to types from proxmox-installer-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 34/38] fetch-answer: " Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 35/38] fetch-answer: http: prefer json over toml for answer format Christoph Heiss
2026-04-14 12:13   ` Lukas Wagner
2026-04-03 16:54 ` [PATCH installer v3 36/38] fetch-answer: send auto-installer HTTP authorization token if set Christoph Heiss
2026-04-14 12:13   ` Lukas Wagner [this message]
2026-04-14 12:14   ` Lukas Wagner
2026-04-03 16:54 ` [PATCH installer v3 37/38] tree-wide: switch out `Answer` -> `AutoInstallerConfig` types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 38/38] auto: drop now-dead answer file definitions Christoph Heiss
2026-04-14 12:16 ` [PATCH proxmox/yew-pwt/datacenter-manager/installer v3 00/38] add auto-installer integration Lukas Wagner
2026-04-14 13:58 ` Lukas Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DHSVAXUOZJB7.3KBWAIO8LI072@proxmox.com \
    --to=l.wagner@proxmox.com \
    --cc=c.heiss@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal