Re: [pmg-devel] [PATCH pmg-api v2] api: use standard fingerprint-sha256 option

From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Maximiliano Sandoval <m.sandoval@proxmox.com>,
	pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH pmg-api v2] api: use standard fingerprint-sha256 option
Date: Thu, 31 Oct 2024 13:34:43 +0100	[thread overview]
Message-ID: <1730377977.pgi4kvgodh.astroid@yuna.none> (raw)
In-Reply-To: <20241030133503.300014-1-m.sandoval@proxmox.com>

so, did you check that the new (slightly relaxed compared to the
original *intended* RE) format works everywhere in PMG? in particular
cluster join (and sync after changing certificates)?

if you did, please include that information in your patch. if not,
please do so (that's why I called out that the standard option accepts
lower case hex characters as well, in addition to upper case ones).

On October 30, 2024 2:35 pm, Maximiliano Sandoval wrote:
> This makes the regex a bit more precise and specifies that the
> fingerprint uses SHA-256.
> 
> Suggested-by: Shannon Sterz <s.sterz@proxmox.com>
> Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
> Differences from v1:
> 
> - Use the existing standard option
> 
>  src/PMG/API2/Cluster.pm  | 6 +-----
>  src/PMG/CLI/pmgcm.pm     | 8 +++-----
>  src/PMG/ClusterConfig.pm | 8 +++-----
>  3 files changed, 7 insertions(+), 15 deletions(-)
> 
> diff --git a/src/PMG/API2/Cluster.pm b/src/PMG/API2/Cluster.pm
> index 84dafabb..6846716f 100644
> --- a/src/PMG/API2/Cluster.pm
> +++ b/src/PMG/API2/Cluster.pm
> @@ -408,11 +408,7 @@ __PACKAGE__->register_method({
>  		description => "IP address.",
>  		type => 'string', format => 'ip',
>  	    },
> -	    fingerprint => {
> -		description => "SSL certificate fingerprint.",
> -		type => 'string',
> -		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> -	    },
> +	    fingerprint => get_standard_option('fingerprint-sha256'),
>  	    password => {
>  		description => "Superuser password.",
>  		type => 'string',
> diff --git a/src/PMG/CLI/pmgcm.pm b/src/PMG/CLI/pmgcm.pm
> index ecf9cc76..699089e0 100644
> --- a/src/PMG/CLI/pmgcm.pm
> +++ b/src/PMG/CLI/pmgcm.pm
> @@ -11,6 +11,7 @@ use PVE::SafeSyslog;
>  use PVE::Tools qw(extract_param);
>  use PVE::INotify;
>  use PVE::CLIHandler;
> +use PVE::JSONSchema qw(get_standard_option);
>  
>  use PMG::Utils;
>  use PMG::Ticket;
> @@ -166,12 +167,9 @@ __PACKAGE__->register_method({
>  		description => "IP address.",
>  		type => 'string', format => 'ip',
>  	    },
> -	    fingerprint => {
> -		description => "SSL certificate fingerprint.",
> -		type => 'string',
> -		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> +	    fingerprint => get_standard_option('fingerprint-sha256', {
>  		optional => 1,
> -	    },
> +	    }),
>  	},
>      },
>      returns => { type => 'null' },
> diff --git a/src/PMG/ClusterConfig.pm b/src/PMG/ClusterConfig.pm
> index c52508dc..491fede1 100644
> --- a/src/PMG/ClusterConfig.pm
> +++ b/src/PMG/ClusterConfig.pm
> @@ -45,6 +45,8 @@ use warnings;
>  
>  use base qw(PMG::ClusterConfig::Base);
>  
> +use PVE::JSONSchema qw(get_standard_option);
> +
>  sub valid_ssh_pubkey_regex {
>      return '^[A-Za-z0-9\.\/\+=]{200,}$';
>  }
> @@ -72,11 +74,7 @@ sub properties {
>  	    type => 'string',
>  	    pattern => valid_ssh_pubkey_regex(),
>  	},
> -	fingerprint => {
> -	    description => "SSL certificate fingerprint.",
> -	    type => 'string',
> -	    pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> -	},
> +	fingerprint => get_standard_option('fingerprint-sha256'),
>      };
>  }
>  
> -- 
> 2.39.5
> 
> 

_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel