From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 891751FF138 for ; Wed, 04 Feb 2026 17:15:41 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BECFF1B103; Wed, 4 Feb 2026 17:15:03 +0100 (CET) From: Arthur Bied-Charreton To: pve-devel@lists.proxmox.com Subject: [PATCH pve-manager 1/5] notifications: Add OAuth2 parameters to schema and add/update endpoints Date: Wed, 4 Feb 2026 17:13:48 +0100 Message-ID: <20260204161354.458814-10-a.bied-charreton@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260204161354.458814-1-a.bied-charreton@proxmox.com> References: <20260204161354.458814-1-a.bied-charreton@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.110 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Message-ID-Hash: ULJ2W7DBVSVY2EDL3FTXCDM7C5PNKKX2 X-Message-ID-Hash: ULJ2W7DBVSVY2EDL3FTXCDM7C5PNKKX2 X-MailFrom: abied-charreton@jett.proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Add auth-method, as well as optional oauth2-{client-id,client-secret,tenant-id,refresh-token} parameters to prepare for OAuth2 support. The auth-method parameter was previously implicit and inferred by proxmox-notify based on the presence of a password. It is now made explicit, however still kept optional and explicitly inferred in the {update,create}_endpoint handlers to avoid breaking the API. Signed-off-by: Arthur Bied-Charreton --- PVE/API2/Cluster/Notifications.pm | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/PVE/API2/Cluster/Notifications.pm b/PVE/API2/Cluster/Notifications.pm index 8b455227..a45a15b2 100644 --- a/PVE/API2/Cluster/Notifications.pm +++ b/PVE/API2/Cluster/Notifications.pm @@ -941,6 +941,13 @@ my $smtp_properties = { default => 'tls', optional => 1, }, + 'auth-method' => { + description => + 'Determine which authentication method shall be used for the connection.', + type => 'string', + enum => [qw(google-oauth2 microsoft-oauth2 plain none)], + optional => 1, + }, username => { description => 'Username for SMTP authentication', type => 'string', @@ -951,6 +958,26 @@ my $smtp_properties = { type => 'string', optional => 1, }, + 'oauth2-client-id' => { + description => 'OAuth2 client ID', + type => 'string', + optional => 1, + }, + 'oauth2-client-secret' => { + description => 'OAuth2 client secret', + type => 'string', + optional => 1, + }, + 'oauth2-tenant-id' => { + description => 'OAuth2 tenant ID', + type => 'string', + optional => 1, + }, + 'oauth2-refresh-token' => { + description => 'OAuth2 refresh token', + type => 'string', + optional => 1, + }, mailto => { type => 'array', items => { @@ -1108,6 +1135,11 @@ __PACKAGE__->register_method({ my $mode = extract_param($param, 'mode'); my $username = extract_param($param, 'username'); my $password = extract_param($param, 'password'); + my $auth_method = extract_param($param, 'auth-method'); + my $oauth2_client_secret = extract_param($param, 'oauth2-client-secret'); + my $oauth2_client_id = extract_param($param, 'oauth2-client-id'); + my $oauth2_tenant_id = extract_param($param, 'oauth2-tenant-id'); + my $oauth2_refresh_token = extract_param($param, 'oauth2-refresh-token'); my $mailto = extract_param($param, 'mailto'); my $mailto_user = extract_param($param, 'mailto-user'); my $from_address = extract_param($param, 'from-address'); @@ -1115,6 +1147,10 @@ __PACKAGE__->register_method({ my $comment = extract_param($param, 'comment'); my $disable = extract_param($param, 'disable'); + if (!defined $auth_method) { + $auth_method = defined($password) ? 'plain' : 'none'; + } + eval { PVE::Notify::lock_config(sub { my $config = PVE::Notify::read_config(); @@ -1126,6 +1162,11 @@ __PACKAGE__->register_method({ $mode, $username, $password, + $auth_method, + $oauth2_client_id, + $oauth2_client_secret, + $oauth2_tenant_id, + $oauth2_refresh_token, $mailto, $mailto_user, $from_address, @@ -1187,6 +1228,11 @@ __PACKAGE__->register_method({ my $mode = extract_param($param, 'mode'); my $username = extract_param($param, 'username'); my $password = extract_param($param, 'password'); + my $auth_method = extract_param($param, 'auth-method'); + my $oauth2_client_secret = extract_param($param, 'oauth2-client-secret'); + my $oauth2_client_id = extract_param($param, 'oauth2-client-id'); + my $oauth2_tenant_id = extract_param($param, 'oauth2-tenant-id'); + my $oauth2_refresh_token = extract_param($param, 'oauth2-refresh-token'); my $mailto = extract_param($param, 'mailto'); my $mailto_user = extract_param($param, 'mailto-user'); my $from_address = extract_param($param, 'from-address'); @@ -1197,6 +1243,10 @@ __PACKAGE__->register_method({ my $delete = extract_param($param, 'delete'); my $digest = extract_param($param, 'digest'); + if (!defined $auth_method) { + $auth_method = defined($password) ? 'plain' : 'none'; + } + eval { PVE::Notify::lock_config(sub { my $config = PVE::Notify::read_config(); @@ -1208,6 +1258,11 @@ __PACKAGE__->register_method({ $mode, $username, $password, + $auth_method, + $oauth2_client_id, + $oauth2_client_secret, + $oauth2_tenant_id, + $oauth2_refresh_token, $mailto, $mailto_user, $from_address, -- 2.47.3