From: Markus Frank <m.frank@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pve-common v3 1/8] add Schema package with auth module that contains realm sync options
Date: Mon, 24 Jun 2024 11:08:43 +0200 [thread overview]
Message-ID: <20240624090850.4683-2-m.frank@proxmox.com> (raw)
In-Reply-To: <20240624090850.4683-1-m.frank@proxmox.com>
This is because these standard options & formats are used by both PVE
and PMG.
Signed-off-by: Markus Frank <m.frank@proxmox.com>
---
src/Makefile | 2 ++
src/PVE/Schema/Auth.pm | 82 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 84 insertions(+)
create mode 100644 src/PVE/Schema/Auth.pm
diff --git a/src/Makefile b/src/Makefile
index 2d8bdc4..833bbc1 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -29,6 +29,7 @@ LIB_SOURCES = \
RESTEnvironment.pm \
RESTHandler.pm \
SafeSyslog.pm \
+ Schema/Auth.pm \
SectionConfig.pm \
SysFSTools.pm \
Syscall.pm \
@@ -41,6 +42,7 @@ all:
install: $(addprefix PVE/,${LIB_SOURCES})
install -d -m 0755 ${DESTDIR}${PERLDIR}/PVE
install -d -m 0755 ${DESTDIR}${PERLDIR}/PVE/Job
+ install -d -m 0755 ${DESTDIR}${PERLDIR}/PVE/Schema
for i in ${LIB_SOURCES}; do install -D -m 0644 PVE/$$i ${DESTDIR}${PERLDIR}/PVE/$$i; done
diff --git a/src/PVE/Schema/Auth.pm b/src/PVE/Schema/Auth.pm
new file mode 100644
index 0000000..1f7f586
--- /dev/null
+++ b/src/PVE/Schema/Auth.pm
@@ -0,0 +1,82 @@
+package PVE::Schema::Auth;
+
+use strict;
+use warnings;
+
+use PVE::JSONSchema qw(get_standard_option parse_property_string);
+
+my $remove_options = "(?:acl|properties|entry)";
+
+PVE::JSONSchema::register_standard_option('sync-scope', {
+ description => "Select what to sync.",
+ type => 'string',
+ enum => [qw(users groups both)],
+ optional => '1',
+});
+
+PVE::JSONSchema::register_standard_option('sync-remove-vanished', {
+ description => "A semicolon-seperated list of things to remove when they or the user"
+ ." vanishes during a sync. The following values are possible: 'entry' removes the"
+ ." user/group when not returned from the sync. 'properties' removes the set"
+ ." properties on existing user/group that do not appear in the source (even custom ones)."
+ ." 'acl' removes acls when the user/group is not returned from the sync."
+ ." Instead of a list it also can be 'none' (the default).",
+ type => 'string',
+ default => 'none',
+ typetext => "([acl];[properties];[entry])|none",
+ pattern => "(?:(?:$remove_options\;)*$remove_options)|none",
+ optional => '1',
+});
+
+my $realm_sync_options_desc = {
+ scope => get_standard_option('sync-scope'),
+ 'remove-vanished' => get_standard_option('sync-remove-vanished'),
+ 'enable-new' => {
+ description => "Enable newly synced users immediately.",
+ type => 'boolean',
+ default => '1',
+ optional => '1',
+ },
+};
+PVE::JSONSchema::register_standard_option('realm-sync-options', $realm_sync_options_desc);
+PVE::JSONSchema::register_format('realm-sync-options', $realm_sync_options_desc);
+
+my $tfa_format = {
+ type => {
+ description => "The type of 2nd factor authentication.",
+ format_description => 'TFATYPE',
+ type => 'string',
+ enum => [qw(oath)],
+ },
+ digits => {
+ description => "TOTP digits.",
+ format_description => 'COUNT',
+ type => 'integer',
+ minimum => 6, maximum => 8,
+ default => 6,
+ optional => 1,
+ },
+ step => {
+ description => "TOTP time period.",
+ format_description => 'SECONDS',
+ type => 'integer',
+ minimum => 10,
+ default => 30,
+ optional => 1,
+ },
+};
+
+PVE::JSONSchema::register_format('pve-tfa-config', $tfa_format);
+
+PVE::JSONSchema::register_standard_option('tfa', {
+ description => "Use Two-factor authentication.",
+ type => 'string', format => 'pve-tfa-config',
+ optional => 1,
+ maxLength => 128,
+});
+
+sub parse_tfa_config {
+ my ($data) = @_;
+
+ return parse_property_string($tfa_format, $data);
+}
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
next prev parent reply other threads:[~2024-06-24 9:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-24 9:08 [pmg-devel] [PATCH pve-common/proxmox-perl-rs/pmg-api/pmg-gui v3 0/8] fix #3892: OpenID Markus Frank
2024-06-24 9:08 ` Markus Frank [this message]
2024-06-24 9:08 ` [pmg-devel] [PATCH proxmox-perl-rs v3 2/8] move openid code from pve-rs to common Markus Frank
2024-10-09 11:30 ` Christoph Heiss
2024-06-24 9:08 ` [pmg-devel] [PATCH proxmox-perl-rs v3 3/8] remove empty PMG::RS::OpenId package to avoid confusion Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-api v3 4/8] config: add plugin system for realms & add openid type realms Markus Frank
2024-10-10 8:46 ` Christoph Heiss
2024-10-18 12:07 ` Christoph Heiss
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-api v3 5/8] api: add/update/remove realms like in PVE Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-api v3 6/8] api: openid login similar to PVE Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-gui v3 7/8] login: add OpenID realms Markus Frank
2024-06-24 9:08 ` [pmg-devel] [PATCH pmg-gui v3 8/8] add panel for realms to User Management Markus Frank
2024-10-09 11:30 ` [pmg-devel] [PATCH pve-common/proxmox-perl-rs/pmg-api/pmg-gui v3 0/8] fix #3892: OpenID Christoph Heiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240624090850.4683-2-m.frank@proxmox.com \
--to=m.frank@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox