From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pmg-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id CE1DE1FF15C
	for <inbox@lore.proxmox.com>; Wed, 19 Feb 2025 19:18:53 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 0BDCC16EC;
	Wed, 19 Feb 2025 19:18:49 +0100 (CET)
Date: Wed, 19 Feb 2025 19:18:13 +0100
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: Markus Frank <m.frank@proxmox.com>
Message-ID: <Z7YgZdFt3ttDxXaW@rosa.proxmox.com>
References: <20250218161905.17224-1-m.frank@proxmox.com>
 <20250218161905.17224-2-m.frank@proxmox.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20250218161905.17224-2-m.frank@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.066 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [syscall.pm, restenvironment.pm, proxmox.com, safesyslog.pm,
 auth.pm, plugin.pm, sysfstools.pm, sectionconfig.pm, resthandler.pm]
Subject: Re: [pmg-devel] [PATCH pve-common v5 1/10] add Schema package with
 auth module that contains realm sync options
X-BeenThere: pmg-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Mail Gateway development discussion
 <pmg-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pmg-devel>, 
 <mailto:pmg-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pmg-devel/>
List-Post: <mailto:pmg-devel@lists.proxmox.com>
List-Help: <mailto:pmg-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel>, 
 <mailto:pmg-devel-request@lists.proxmox.com?subject=subscribe>
Cc: pmg-devel@lists.proxmox.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pmg-devel-bounces@lists.proxmox.com
Sender: "pmg-devel" <pmg-devel-bounces@lists.proxmox.com>

On Tue, Feb 18, 2025 at 05:18:56PM +0100, Markus Frank wrote:
> This is because these standard options & formats are used by both PVE
> and PMG.
I'd add the source of the data to the commit messages, as part of the
information is based on the implementation in PVE (it helps if you need to
understand why certain things are implemented as they are

e.g. for this patch

schema-definitions are based on pve-access-control/src/PVE/Auth/Plugin.pm

> 
> Signed-off-by: Markus Frank <m.frank@proxmox.com>
> ---
>  src/Makefile           |  2 ++
>  src/PVE/Schema/Auth.pm | 82 ++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 84 insertions(+)
>  create mode 100644 src/PVE/Schema/Auth.pm
> 
> diff --git a/src/Makefile b/src/Makefile
> index 2d8bdc4..833bbc1 100644
> --- a/src/Makefile
> +++ b/src/Makefile
> @@ -29,6 +29,7 @@ LIB_SOURCES = \
>  	RESTEnvironment.pm \
>  	RESTHandler.pm \
>  	SafeSyslog.pm \
> +	Schema/Auth.pm \
>  	SectionConfig.pm \
>  	SysFSTools.pm \
>  	Syscall.pm \
> @@ -41,6 +42,7 @@ all:
>  install: $(addprefix PVE/,${LIB_SOURCES})
>  	install -d -m 0755 ${DESTDIR}${PERLDIR}/PVE
>  	install -d -m 0755 ${DESTDIR}${PERLDIR}/PVE/Job
> +	install -d -m 0755 ${DESTDIR}${PERLDIR}/PVE/Schema
>  	for i in ${LIB_SOURCES}; do install -D -m 0644 PVE/$$i ${DESTDIR}${PERLDIR}/PVE/$$i; done
>  
>  
> diff --git a/src/PVE/Schema/Auth.pm b/src/PVE/Schema/Auth.pm
> new file mode 100644
> index 0000000..1f7f586
> --- /dev/null
> +++ b/src/PVE/Schema/Auth.pm
> @@ -0,0 +1,82 @@
> +package PVE::Schema::Auth;
> +
> +use strict;
> +use warnings;
> +
> +use PVE::JSONSchema qw(get_standard_option parse_property_string);
> +
> +my $remove_options = "(?:acl|properties|entry)";
> +
> +PVE::JSONSchema::register_standard_option('sync-scope', {
> +    description => "Select what to sync.",
> +    type => 'string',
> +    enum => [qw(users groups both)],
> +    optional => '1',
> +});
> +
> +PVE::JSONSchema::register_standard_option('sync-remove-vanished', {
> +    description => "A semicolon-seperated list of things to remove when they or the user"
> +    ." vanishes during a sync. The following values are possible: 'entry' removes the"
> +    ." user/group when not returned from the sync. 'properties' removes the set"
> +    ." properties on existing user/group that do not appear in the source (even custom ones)."
> +    ." 'acl' removes acls when the user/group is not returned from the sync."
> +    ." Instead of a list it also can be 'none' (the default).",
> +    type => 'string',
> +    default => 'none',
> +    typetext => "([acl];[properties];[entry])|none",
> +    pattern => "(?:(?:$remove_options\;)*$remove_options)|none",
> +    optional => '1',
> +});
> +
> +my $realm_sync_options_desc = {
> +    scope => get_standard_option('sync-scope'),
> +    'remove-vanished' => get_standard_option('sync-remove-vanished'),
> +    'enable-new' => {
> +	description => "Enable newly synced users immediately.",
> +	type => 'boolean',
> +	default => '1',
> +	optional => '1',
> +    },
> +};
> +PVE::JSONSchema::register_standard_option('realm-sync-options', $realm_sync_options_desc);
> +PVE::JSONSchema::register_format('realm-sync-options', $realm_sync_options_desc);
> +
> +my $tfa_format = {
> +    type => {
> +	description => "The type of 2nd factor authentication.",
> +	format_description => 'TFATYPE',
> +	type => 'string',
> +	enum => [qw(oath)],
> +    },
> +    digits => {
> +	description => "TOTP digits.",
> +	format_description => 'COUNT',
> +	type => 'integer',
> +	minimum => 6, maximum => 8,
> +	default => 6,
> +	optional => 1,
> +    },
> +    step => {
> +	description => "TOTP time period.",
> +	format_description => 'SECONDS',
> +	type => 'integer',
> +	minimum => 10,
> +	default => 30,
> +	optional => 1,
> +    },
> +};
> +
> +PVE::JSONSchema::register_format('pve-tfa-config', $tfa_format);
> +
> +PVE::JSONSchema::register_standard_option('tfa', {
> +    description => "Use Two-factor authentication.",
> +    type => 'string', format => 'pve-tfa-config',
> +    optional => 1,
> +    maxLength => 128,
> +});
> +
> +sub parse_tfa_config {
> +    my ($data) = @_;
> +
> +    return parse_property_string($tfa_format, $data);
> +}
> -- 
> 2.39.5
> 
> 
> 
> _______________________________________________
> pmg-devel mailing list
> pmg-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
> 
> 


_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel