Re: [PATCH datacenter-manager 1/3] server: api: access: add endpoints for configuring pdm and pam realms

public inbox for pdm-devel@lists.proxmox.com
 help / color / mirror / Atom feed

From: "Shan Shaji" <s.shaji@proxmox.com>
To: "Shannon Sterz" <s.sterz@proxmox.com>, <pdm-devel@lists.proxmox.com>
Subject: Re: [PATCH datacenter-manager 1/3] server: api: access: add endpoints for configuring pdm and pam realms
Date: Wed, 24 Jun 2026 14:45:52 +0200	[thread overview]
Message-ID: <DJHAG3M3K76G.2QXW1USKV61KN@proxmox.com> (raw)
In-Reply-To: <20260618102126.177217-2-s.sterz@proxmox.com>

On Thu Jun 18, 2026 at 12:21 PM CEST, Shannon Sterz wrote:
> this allows users to set those realms as default realms and also
> allows editing their comments.
>
> also makes sure that the pam and pdm realms exist in the domains.cfg
>
> Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
> ---
>  lib/pdm-api-types/src/lib.rs                  |  96 ++++++++++++++
>  lib/pdm-config/src/domains.rs                 |  37 +++++-
>  server/src/api/access/domains.rs              |  16 +--
>  server/src/api/config/access/mod.rs           |   4 +
>  server/src/api/config/access/pam.rs           | 119 ++++++++++++++++++
>  server/src/api/config/access/pdm.rs           | 119 ++++++++++++++++++
>  .../bin/proxmox-datacenter-privileged-api.rs  |   1 +
>  7 files changed, 375 insertions(+), 17 deletions(-)
>  create mode 100644 server/src/api/config/access/pam.rs
>  create mode 100644 server/src/api/config/access/pdm.rs
>

[...]

> diff --git a/server/src/api/config/access/pdm.rs b/server/src/api/config/access/pdm.rs
> new file mode 100644
> index 00000000..e35cba0c
> --- /dev/null
> +++ b/server/src/api/config/access/pdm.rs
> @@ -0,0 +1,119 @@
> +use ::serde::{Deserialize, Serialize};

small nit: Do we need the `::` symbol here?

> +use anyhow::Error;
> +
> +use proxmox_config_digest::ConfigDigest;
> +use proxmox_router::{Permission, Router, RpcEnvironment};
> +use proxmox_schema::api;
> +
> +use pdm_api_types::{PRIV_REALM_ALLOCATE, PRIV_SYS_AUDIT, PdmRealmConfig, PdmRealmConfigUpdater};
> +use pdm_config::domains;
> +
> +#[api(
> +    returns: {
> +        type: PdmRealmConfig,
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["access", "domains"], PRIV_SYS_AUDIT, false),
> +    },
> +)]
> +/// Read the Proxmox Datacenter Manager authentication server realm configuration
> +pub fn read_pdm_realm(rpcenv: &mut dyn RpcEnvironment) -> Result<PdmRealmConfig, Error> {
> +    let (domains, digest) = domains::config()?;
> +
> +    let config = domains.lookup("pdm", "pdm")?;
> +
> +    rpcenv["digest"] = digest.to_hex().into();
> +
> +    Ok(config)
> +}
> +
> +#[api]
> +#[derive(Serialize, Deserialize)]
> +#[serde(rename_all = "kebab-case")]
> +/// Deletable property name
> +pub enum DeletableProperty {
> +    /// Delete the comment property.
> +    Comment,
> +    /// Delete the default property.
> +    Default,
> +}
> +
> +#[api(
> +    protected: true,
> +    input: {
> +        properties: {
> +            update: {
> +                type: PdmRealmConfigUpdater,
> +                flatten: true,
> +            },
> +            delete: {
> +                description: "List of properties to delete.",
> +                type: Array,
> +                optional: true,
> +                items: {
> +                    type: DeletableProperty,
> +                }
> +            },
> +            digest: {
> +                optional: true,
> +                type: ConfigDigest,
> +            },
> +        },
> +    },
> +    returns: {
> +        type: PdmRealmConfig,
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false),
> +    },
> +)]
> +/// Update the Proxmox Datacenter Manager authentication server realm configuration
> +pub fn update_pdm_realm(
> +    update: PdmRealmConfigUpdater,
> +    delete: Option<Vec<DeletableProperty>>,
> +    digest: Option<ConfigDigest>,
> +    _rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<(), Error> {
> +    let _lock = domains::lock_config()?;
> +
> +    let (mut domains, expected_digest) = domains::config()?;
> +
> +    expected_digest.detect_modification(digest.as_ref())?;
> +
> +    let mut config: PdmRealmConfig = domains.lookup("pdm", "pdm")?;
> +
> +    if let Some(delete) = delete {
> +        for delete_prop in delete {
> +            match delete_prop {
> +                DeletableProperty::Comment => config.comment = None,
> +                DeletableProperty::Default => config.default = None,
> +            }
> +        }
> +    }
> +
> +    if let Some(comment) = update.comment {
> +        let comment = comment.trim().to_string();
> +        if comment.is_empty() {
> +            config.comment = None;
> +        } else {
> +            config.comment = Some(comment);
> +        }
> +    }
> +
> +    if let Some(true) = update.default {
> +        pdm_config::domains::unset_default_realm(&mut domains)?;
> +        config.default = Some(true);
> +    } else {
> +        config.default = None;
> +    }
> +
> +    domains.set_data("pdm", "pdm", &config)?;
> +
> +    domains::save_config(&domains)?;
> +
> +    Ok(())
> +}
> +
> +pub const ROUTER: Router = Router::new()
> +    .get(&API_METHOD_READ_PDM_REALM)
> +    .put(&API_METHOD_UPDATE_PDM_REALM);
> diff --git a/server/src/bin/proxmox-datacenter-privileged-api.rs b/server/src/bin/proxmox-datacenter-privileged-api.rs
> index fdc4e8a9..59d30513 100644
> --- a/server/src/bin/proxmox-datacenter-privileged-api.rs
> +++ b/server/src/bin/proxmox-datacenter-privileged-api.rs
> @@ -118,6 +118,7 @@ async fn run() -> Result<(), Error> {
>      auth::init(true);
>  
>      proxmox_acme_api::init(configdir!("/acme"), true)?;
> +    pdm_config::domains::add_default_realms()?;
>  
>      let api_user = pdm_config::api_user()?;
>      let mut command_sock = proxmox_daemon::command_socket::CommandSocket::new(api_user.gid);

next prev parent reply	other threads:[~2026-06-24 12:45 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-18 10:21 [PATCH datacenter-manager/yew-comp 0/3] Allow Editing of Default Realms in PDM Shannon Sterz
2026-06-18 10:21 ` [PATCH datacenter-manager 1/3] server: api: access: add endpoints for configuring pdm and pam realms Shannon Sterz
2026-06-24 12:45   ` Shan Shaji [this message]
2026-06-18 10:21 ` [PATCH yew-comp 2/3] auth_view: enable editing of default realms Shannon Sterz
2026-06-24 14:27   ` Shan Shaji
2026-06-18 10:21 ` [PATCH yew-comp 3/3] auth_view: clarify the documentation of pre-existing properties Shannon Sterz
2026-06-24 13:10 ` [PATCH datacenter-manager/yew-comp 0/3] Allow Editing of Default Realms in PDM Shan Shaji
2026-06-25 12:54 ` Superseded: " Shannon Sterz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DJHAG3M3K76G.2QXW1USKV61KN@proxmox.com \
    --to=s.shaji@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    --cc=s.sterz@proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal