From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 5F7196ABF3 for ; Mon, 15 Mar 2021 19:46:30 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4F52B25D22 for ; Mon, 15 Mar 2021 19:46:00 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 7E5B325D15 for ; Mon, 15 Mar 2021 19:45:59 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 4110445804 for ; Mon, 15 Mar 2021 19:45:59 +0100 (CET) Date: Mon, 15 Mar 2021 19:45:57 +0100 From: Stoiko Ivanov To: Wolfgang Bumiller Cc: pmg-devel@lists.proxmox.com Message-ID: <20210315194557.1b1baf02@rosa.proxmox.com> In-Reply-To: <20210312152421.30114-1-w.bumiller@proxmox.com> References: <20210312152421.30114-1-w.bumiller@proxmox.com> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.065 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pmg-devel] [PATCH v2 api/gui/wtk/acme 0/many] Certificates & ACME X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2021 18:46:30 -0000 huge thanks for the effort and the patches on this long-missing feature in PMG! Gave the series a short spin on my test-installs - and it works (mostly) as advertised) - a few small comments/nits on the individual patches. Tested with: * custom cert upload (and removal) * via powerdns plugin (sadly none of my domain-providers offers API access yet) * the cluster-integration works as I'd expect it apart from the small glitches: Tested-By: Stoiko Ivanov Reviewed-By: Stoiko Ivanov On Fri, 12 Mar 2021 16:23:49 +0100 Wolfgang Bumiller wrote: > v2 incorporating feedback from v1 > > * api call permission fixups on account methods > * consistent locking function implementations (without `die $@ if $@`) > * removed unnecessary call to `sort` > * cert regex simplification > * reload/config update code dedup & consistency > * removed superfluous `border: 0` > * inlined unnecessary `initComponent` > > and also contains some PVE-compatibility fixes in the acme domain view: > widget toolkit side should now work seamlessly in the PVE UI code as > well > > --- > Original Coverletter: > > These are the pmg-api, pmg-gui and proxmox-widget-toolkit and > proxmox-acme parts of the ACME series for PMG. > > This requires `pmg-rs` package, which replaces the ACME client from > `proxmox-acme` and provides the CSR generation and is written in rust. > Note that the DNS challenge handling still uses proxmox-acme for now. > > proxmox-acme: > * Just a `use` statement fixup > * Still used for the DNS challenge > > pmg-gui: > Just adds the "certificate view", but the real dirt lives in the > widget-toolkit. > > proxmox-widget-toolkits: > Gets the Certificate, ACME Account, ACME Plugin and ACME Domain view > from PVE adapted to be usable for PMG. > Changes to PVE are mainly: > * API URLs need to be provided since they differ a bit between PVE > and PMG. > * some additional buttons/fields specific to pmg generated if the > parameters for them are present > > pmg-api: > Simply gets API entry points for the above. These too are mostly > copied from PVE and adapted (also the ACME client API from pmg-rs is slightly > different/cleaned up, so that's a minor incompatiblity in some > otherwise common code, but a `pve-rs` may fix that). But some things > could definitely already go to pve-common (especially schema stuff). > > Note that while I did add the corresponding files to the cluster sync, > this still needs testing *and* issuing an API certificate may break > cluster functionality currently. (Stoiko is working on that) > > > _______________________________________________ > pmg-devel mailing list > pmg-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel > >