public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pmg-devel] [PATCH pmg-api v2] api: use standard fingerprint-sha256 option
@ 2024-10-30 13:35 Maximiliano Sandoval
  2024-10-31 12:34 ` Fabian Grünbichler
  0 siblings, 1 reply; 2+ messages in thread
From: Maximiliano Sandoval @ 2024-10-30 13:35 UTC (permalink / raw)
  To: pmg-devel

This makes the regex a bit more precise and specifies that the
fingerprint uses SHA-256.

Suggested-by: Shannon Sterz <s.sterz@proxmox.com>
Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
Differences from v1:

- Use the existing standard option

 src/PMG/API2/Cluster.pm  | 6 +-----
 src/PMG/CLI/pmgcm.pm     | 8 +++-----
 src/PMG/ClusterConfig.pm | 8 +++-----
 3 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/src/PMG/API2/Cluster.pm b/src/PMG/API2/Cluster.pm
index 84dafabb..6846716f 100644
--- a/src/PMG/API2/Cluster.pm
+++ b/src/PMG/API2/Cluster.pm
@@ -408,11 +408,7 @@ __PACKAGE__->register_method({
 		description => "IP address.",
 		type => 'string', format => 'ip',
 	    },
-	    fingerprint => {
-		description => "SSL certificate fingerprint.",
-		type => 'string',
-		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
-	    },
+	    fingerprint => get_standard_option('fingerprint-sha256'),
 	    password => {
 		description => "Superuser password.",
 		type => 'string',
diff --git a/src/PMG/CLI/pmgcm.pm b/src/PMG/CLI/pmgcm.pm
index ecf9cc76..699089e0 100644
--- a/src/PMG/CLI/pmgcm.pm
+++ b/src/PMG/CLI/pmgcm.pm
@@ -11,6 +11,7 @@ use PVE::SafeSyslog;
 use PVE::Tools qw(extract_param);
 use PVE::INotify;
 use PVE::CLIHandler;
+use PVE::JSONSchema qw(get_standard_option);
 
 use PMG::Utils;
 use PMG::Ticket;
@@ -166,12 +167,9 @@ __PACKAGE__->register_method({
 		description => "IP address.",
 		type => 'string', format => 'ip',
 	    },
-	    fingerprint => {
-		description => "SSL certificate fingerprint.",
-		type => 'string',
-		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
+	    fingerprint => get_standard_option('fingerprint-sha256', {
 		optional => 1,
-	    },
+	    }),
 	},
     },
     returns => { type => 'null' },
diff --git a/src/PMG/ClusterConfig.pm b/src/PMG/ClusterConfig.pm
index c52508dc..491fede1 100644
--- a/src/PMG/ClusterConfig.pm
+++ b/src/PMG/ClusterConfig.pm
@@ -45,6 +45,8 @@ use warnings;
 
 use base qw(PMG::ClusterConfig::Base);
 
+use PVE::JSONSchema qw(get_standard_option);
+
 sub valid_ssh_pubkey_regex {
     return '^[A-Za-z0-9\.\/\+=]{200,}$';
 }
@@ -72,11 +74,7 @@ sub properties {
 	    type => 'string',
 	    pattern => valid_ssh_pubkey_regex(),
 	},
-	fingerprint => {
-	    description => "SSL certificate fingerprint.",
-	    type => 'string',
-	    pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
-	},
+	fingerprint => get_standard_option('fingerprint-sha256'),
     };
 }
 
-- 
2.39.5



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [pmg-devel] [PATCH pmg-api v2] api: use standard fingerprint-sha256 option
  2024-10-30 13:35 [pmg-devel] [PATCH pmg-api v2] api: use standard fingerprint-sha256 option Maximiliano Sandoval
@ 2024-10-31 12:34 ` Fabian Grünbichler
  0 siblings, 0 replies; 2+ messages in thread
From: Fabian Grünbichler @ 2024-10-31 12:34 UTC (permalink / raw)
  To: Maximiliano Sandoval, pmg-devel

so, did you check that the new (slightly relaxed compared to the
original *intended* RE) format works everywhere in PMG? in particular
cluster join (and sync after changing certificates)?

if you did, please include that information in your patch. if not,
please do so (that's why I called out that the standard option accepts
lower case hex characters as well, in addition to upper case ones).

On October 30, 2024 2:35 pm, Maximiliano Sandoval wrote:
> This makes the regex a bit more precise and specifies that the
> fingerprint uses SHA-256.
> 
> Suggested-by: Shannon Sterz <s.sterz@proxmox.com>
> Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
> Differences from v1:
> 
> - Use the existing standard option
> 
>  src/PMG/API2/Cluster.pm  | 6 +-----
>  src/PMG/CLI/pmgcm.pm     | 8 +++-----
>  src/PMG/ClusterConfig.pm | 8 +++-----
>  3 files changed, 7 insertions(+), 15 deletions(-)
> 
> diff --git a/src/PMG/API2/Cluster.pm b/src/PMG/API2/Cluster.pm
> index 84dafabb..6846716f 100644
> --- a/src/PMG/API2/Cluster.pm
> +++ b/src/PMG/API2/Cluster.pm
> @@ -408,11 +408,7 @@ __PACKAGE__->register_method({
>  		description => "IP address.",
>  		type => 'string', format => 'ip',
>  	    },
> -	    fingerprint => {
> -		description => "SSL certificate fingerprint.",
> -		type => 'string',
> -		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> -	    },
> +	    fingerprint => get_standard_option('fingerprint-sha256'),
>  	    password => {
>  		description => "Superuser password.",
>  		type => 'string',
> diff --git a/src/PMG/CLI/pmgcm.pm b/src/PMG/CLI/pmgcm.pm
> index ecf9cc76..699089e0 100644
> --- a/src/PMG/CLI/pmgcm.pm
> +++ b/src/PMG/CLI/pmgcm.pm
> @@ -11,6 +11,7 @@ use PVE::SafeSyslog;
>  use PVE::Tools qw(extract_param);
>  use PVE::INotify;
>  use PVE::CLIHandler;
> +use PVE::JSONSchema qw(get_standard_option);
>  
>  use PMG::Utils;
>  use PMG::Ticket;
> @@ -166,12 +167,9 @@ __PACKAGE__->register_method({
>  		description => "IP address.",
>  		type => 'string', format => 'ip',
>  	    },
> -	    fingerprint => {
> -		description => "SSL certificate fingerprint.",
> -		type => 'string',
> -		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> +	    fingerprint => get_standard_option('fingerprint-sha256', {
>  		optional => 1,
> -	    },
> +	    }),
>  	},
>      },
>      returns => { type => 'null' },
> diff --git a/src/PMG/ClusterConfig.pm b/src/PMG/ClusterConfig.pm
> index c52508dc..491fede1 100644
> --- a/src/PMG/ClusterConfig.pm
> +++ b/src/PMG/ClusterConfig.pm
> @@ -45,6 +45,8 @@ use warnings;
>  
>  use base qw(PMG::ClusterConfig::Base);
>  
> +use PVE::JSONSchema qw(get_standard_option);
> +
>  sub valid_ssh_pubkey_regex {
>      return '^[A-Za-z0-9\.\/\+=]{200,}$';
>  }
> @@ -72,11 +74,7 @@ sub properties {
>  	    type => 'string',
>  	    pattern => valid_ssh_pubkey_regex(),
>  	},
> -	fingerprint => {
> -	    description => "SSL certificate fingerprint.",
> -	    type => 'string',
> -	    pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> -	},
> +	fingerprint => get_standard_option('fingerprint-sha256'),
>      };
>  }
>  
> -- 
> 2.39.5
> 
> 


_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-10-31 12:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-30 13:35 [pmg-devel] [PATCH pmg-api v2] api: use standard fingerprint-sha256 option Maximiliano Sandoval
2024-10-31 12:34 ` Fabian Grünbichler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal