From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id CAA3769F2E for ; Fri, 12 Mar 2021 16:24:25 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B9515346B0 for ; Fri, 12 Mar 2021 16:24:25 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id E8DF13468F for ; Fri, 12 Mar 2021 16:24:24 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id AAD50463F1 for ; Fri, 12 Mar 2021 16:24:24 +0100 (CET) From: Wolfgang Bumiller To: pmg-devel@lists.proxmox.com Date: Fri, 12 Mar 2021 16:23:49 +0100 Message-Id: <20210312152421.30114-1-w.bumiller@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.037 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [PATCH v2 api/gui/wtk/acme 0/many] Certificates & ACME X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Mar 2021 15:24:25 -0000 v2 incorporating feedback from v1 * api call permission fixups on account methods * consistent locking function implementations (without `die $@ if $@`) * removed unnecessary call to `sort` * cert regex simplification * reload/config update code dedup & consistency * removed superfluous `border: 0` * inlined unnecessary `initComponent` and also contains some PVE-compatibility fixes in the acme domain view: widget toolkit side should now work seamlessly in the PVE UI code as well --- Original Coverletter: These are the pmg-api, pmg-gui and proxmox-widget-toolkit and proxmox-acme parts of the ACME series for PMG. This requires `pmg-rs` package, which replaces the ACME client from `proxmox-acme` and provides the CSR generation and is written in rust. Note that the DNS challenge handling still uses proxmox-acme for now. proxmox-acme: * Just a `use` statement fixup * Still used for the DNS challenge pmg-gui: Just adds the "certificate view", but the real dirt lives in the widget-toolkit. proxmox-widget-toolkits: Gets the Certificate, ACME Account, ACME Plugin and ACME Domain view from PVE adapted to be usable for PMG. Changes to PVE are mainly: * API URLs need to be provided since they differ a bit between PVE and PMG. * some additional buttons/fields specific to pmg generated if the parameters for them are present pmg-api: Simply gets API entry points for the above. These too are mostly copied from PVE and adapted (also the ACME client API from pmg-rs is slightly different/cleaned up, so that's a minor incompatiblity in some otherwise common code, but a `pve-rs` may fix that). But some things could definitely already go to pve-common (especially schema stuff). Note that while I did add the corresponding files to the cluster sync, this still needs testing *and* issuing an API certificate may break cluster functionality currently. (Stoiko is working on that)