public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Dominik Csapak <d.csapak@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [RFC api/gui/wtk/acme 0/many] Certificates & ACME
Date: Wed, 10 Mar 2021 13:27:33 +0100	[thread overview]
Message-ID: <117f1bea-86d1-c855-0dd0-887beeaf5a55@proxmox.com> (raw)
In-Reply-To: <20210309141401.19237-1-w.bumiller@proxmox.com>

so i tested this a bit, and mostly works as advertised
(will look a bit deeper into the code today/tomorrow)

i tested with a local 'pebble' instance and for dns i
used a local powerdns instance

a few small problems (some we already discussed off-list):
* proxmox-acme-rs/client could use a 'Content-Length' header
   (necessary for pebble acme server, seems other acme endpoints are not
   as strict)
* the 'Add ACME Account' Button in the cert panel does not work
* cannot delete accounts that do not exist on the ACME server anymore
   (triggered this by restarting the pebble instance, it does not
   save anything persistent)
* for the selection of API/SMTP i would have rather expected
   checkboxes, it was not immediately clear that it is a multi-
   select combobox (though i think thomas nudged you in that
   direction?), but it's not too bad
* the dns plugin window behaves strangely:
   when editing a field on a plugin where we have the schema,
   the form does not get dirty, only when changing another field
   though it is entirely possible that this behaviour
   was already there

otherwise LGTM

On 3/9/21 3:13 PM, Wolfgang Bumiller wrote:
> These are the pmg-api, pmg-gui and proxmox-widget-toolkit and
> proxmox-acme parts of the ACME series for PMG.
> 
> This requires `pmg-rs` package, which replaces the ACME client from
> `proxmox-acme` and provides the CSR generation and is written in rust.
> Note that the DNS challenge handling still uses proxmox-acme for now.
> 
> proxmox-acme:
>    * Just a `use` statement fixup
>    * Still used for the DNS challenge
> 
> pmg-gui:
>    Just adds the "certificate view", but the real dirt lives in the
>    widget-toolkit.
> 
> proxmox-widget-toolkits:
>    Gets the Certificate, ACME Account, ACME Plugin and ACME Domain view
>    from PVE adapted to be usable for PMG.
>    Changes to PVE are mainly:
>      * API URLs need to be provided since they differ a bit between PVE
>        and PMG.
>      * some additional buttons/fields specific to pmg generated if the
>        parameters for them are present
> 
> pmg-api:
>    Simply gets API entry points for the above. These too are mostly
>    copied from PVE and adapted (also the ACME client API from pmg-rs is slightly
>    different/cleaned up, so that's a minor incompatiblity in some
>    otherwise common code, but a `pve-rs` may fix that). But some things
>    could definitely already go to pve-common (especially schema stuff).
> 
> Note that while I did add the corresponding files to the cluster sync,
> this still needs testing *and* issuing an API certificate may break
> cluster functionality currently. (Stoiko is working on that)
> 
> 
> _______________________________________________
> pmg-devel mailing list
> pmg-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
> 
> 




      parent reply	other threads:[~2021-03-10 12:28 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-09 14:13 Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH api 1/8] depend on libpmg-rs-perl and proxmox-acme Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH api 2/8] add PMG::CertHelpers module Wolfgang Bumiller
2021-03-11 10:05   ` Dominik Csapak
2021-03-12 13:55     ` Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH api 3/8] add PMG::NodeConfig module Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH api 4/8] cluster: sync acme/ and acme-plugins.conf Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH api 5/8] api: add ACME and ACMEPlugin module Wolfgang Bumiller
2021-03-11 10:41   ` Dominik Csapak
2021-03-12 14:10     ` Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH api 6/8] add certificates api endpoint Wolfgang Bumiller
2021-03-11 11:06   ` Dominik Csapak
2021-03-12 14:51     ` Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH api 7/8] add node-config api entry points Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH api 8/8] add acme and cert subcommands to pmgconfig Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH gui] add certificates and acme view Wolfgang Bumiller
2021-03-11 12:35   ` Dominik Csapak
2021-03-09 14:13 ` [pmg-devel] [PATCH acme] add missing 'use PVE::Acme' statement Wolfgang Bumiller
2021-03-12 15:00   ` [pmg-devel] applied: " Thomas Lamprecht
2021-03-09 14:13 ` [pmg-devel] [PATCH widget-toolkit 1/7] Utils: add ACME related utilities Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH widget-toolkit 2/7] add ACME related data models Wolfgang Bumiller
2021-03-11 12:41   ` Dominik Csapak
2021-03-09 14:13 ` [pmg-devel] [PATCH widget-toolkit 3/7] add ACME forms: Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH widget-toolkit 4/7] add certificate panel Wolfgang Bumiller
2021-03-09 14:13 ` [pmg-devel] [PATCH widget-toolkit 5/7] add ACME account panel Wolfgang Bumiller
2021-03-11 13:51   ` Dominik Csapak
2021-03-11 15:14     ` Thomas Lamprecht
2021-03-11 15:16       ` Dominik Csapak
2021-03-11 15:27         ` Thomas Lamprecht
2021-03-09 14:14 ` [pmg-devel] [PATCH widget-toolkit 6/7] add ACME plugin editing Wolfgang Bumiller
2021-03-09 14:14 ` [pmg-devel] [PATCH widget-toolkit 7/7] add ACME domain editing Wolfgang Bumiller
2021-03-10 12:27 ` Dominik Csapak [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=117f1bea-86d1-c855-0dd0-887beeaf5a55@proxmox.com \
    --to=d.csapak@proxmox.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal