From: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH proxmox 2/7] notify (smtp): Introduce state module
Date: Fri, 13 Feb 2026 17:04:00 +0100 [thread overview]
Message-ID: <20260213160415.609868-3-a.bied-charreton@proxmox.com> (raw)
In-Reply-To: <20260213160415.609868-1-a.bied-charreton@proxmox.com>
The state module exports a new struct with associated functionality for
loading, updating, and persisting the state for SMTP endpoints with
OAuth2 configured as authentication method.
The path to the state files, as well as their create options, are
retrieved through new Context methods to allow portability between PVE
and PBS.
Signed-off-by: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
---
proxmox-notify/src/context/mod.rs | 6 ++
proxmox-notify/src/context/pbs.rs | 8 +++
proxmox-notify/src/context/pve.rs | 8 +++
proxmox-notify/src/context/test.rs | 8 +++
proxmox-notify/src/endpoints/smtp.rs | 3 +
proxmox-notify/src/endpoints/smtp/state.rs | 67 ++++++++++++++++++++++
6 files changed, 100 insertions(+)
create mode 100644 proxmox-notify/src/endpoints/smtp/state.rs
diff --git a/proxmox-notify/src/context/mod.rs b/proxmox-notify/src/context/mod.rs
index 8b6e2c43..492442f9 100644
--- a/proxmox-notify/src/context/mod.rs
+++ b/proxmox-notify/src/context/mod.rs
@@ -1,6 +1,8 @@
use std::fmt::Debug;
use std::sync::Mutex;
+use proxmox_sys::fs::CreateOptions;
+
use crate::renderer::TemplateSource;
use crate::Error;
@@ -32,6 +34,10 @@ pub trait Context: Send + Sync + Debug {
namespace: Option<&str>,
source: TemplateSource,
) -> Result<Option<String>, Error>;
+ /// Return the path to the state file for this context.
+ fn state_file_path(&self, name: &str) -> String;
+ /// Create options to be used when writing files containing secrets.
+ fn secret_create_options(&self) -> CreateOptions;
}
#[cfg(not(test))]
diff --git a/proxmox-notify/src/context/pbs.rs b/proxmox-notify/src/context/pbs.rs
index 3e5da59c..4f93b45d 100644
--- a/proxmox-notify/src/context/pbs.rs
+++ b/proxmox-notify/src/context/pbs.rs
@@ -125,6 +125,14 @@ impl Context for PBSContext {
.map_err(|err| Error::Generic(format!("could not load template: {err}")))?;
Ok(template_string)
}
+
+ fn state_file_path(&self, name: &str) -> String {
+ format!("/var/lib/proxmox-backup/priv/notifications/{name}.json")
+ }
+
+ fn secret_create_options(&self) -> proxmox_sys::fs::CreateOptions {
+ proxmox_sys::fs::CreateOptions::new().perm(nix::sys::stat::Mode::from_bits_truncate(0o600))
+ }
}
#[cfg(test)]
diff --git a/proxmox-notify/src/context/pve.rs b/proxmox-notify/src/context/pve.rs
index a97cce26..e30f7b49 100644
--- a/proxmox-notify/src/context/pve.rs
+++ b/proxmox-notify/src/context/pve.rs
@@ -74,6 +74,14 @@ impl Context for PVEContext {
.map_err(|err| Error::Generic(format!("could not load template: {err}")))?;
Ok(template_string)
}
+
+ fn state_file_path(&self, name: &str) -> String {
+ format!("/etc/pve/priv/notifications/{name}.json")
+ }
+
+ fn secret_create_options(&self) -> proxmox_sys::fs::CreateOptions {
+ proxmox_sys::fs::CreateOptions::new().perm(nix::sys::stat::Mode::from_bits_truncate(0o600))
+ }
}
pub static PVE_CONTEXT: PVEContext = PVEContext;
diff --git a/proxmox-notify/src/context/test.rs b/proxmox-notify/src/context/test.rs
index 2c236b4c..7e29d36a 100644
--- a/proxmox-notify/src/context/test.rs
+++ b/proxmox-notify/src/context/test.rs
@@ -40,4 +40,12 @@ impl Context for TestContext {
) -> Result<Option<String>, Error> {
Ok(Some(String::new()))
}
+
+ fn state_file_path(&self, name: &str) -> String {
+ format!("/tmp/notifications/{name}.json")
+ }
+
+ fn secret_create_options(&self) -> proxmox_sys::fs::CreateOptions {
+ proxmox_sys::fs::CreateOptions::new().perm(nix::sys::stat::Mode::from_bits_truncate(0o755))
+ }
}
diff --git a/proxmox-notify/src/endpoints/smtp.rs b/proxmox-notify/src/endpoints/smtp.rs
index 277b70f4..699ed1c6 100644
--- a/proxmox-notify/src/endpoints/smtp.rs
+++ b/proxmox-notify/src/endpoints/smtp.rs
@@ -23,8 +23,11 @@ const SMTP_SUBMISSION_STARTTLS_PORT: u16 = 587;
const SMTP_SUBMISSION_TLS_PORT: u16 = 465;
const SMTP_TIMEOUT: u16 = 5;
+mod state;
mod xoauth2;
+pub(crate) use state::State;
+
#[api]
#[derive(Debug, Serialize, Deserialize, Default, Clone, Copy)]
#[serde(rename_all = "kebab-case")]
diff --git a/proxmox-notify/src/endpoints/smtp/state.rs b/proxmox-notify/src/endpoints/smtp/state.rs
new file mode 100644
index 00000000..60bef590
--- /dev/null
+++ b/proxmox-notify/src/endpoints/smtp/state.rs
@@ -0,0 +1,67 @@
+use serde::{Deserialize, Serialize};
+
+use crate::{context::context, Error};
+
+#[derive(Serialize, Deserialize, Clone, Debug, Default)]
+#[serde(rename_all = "kebab-case")]
+pub(crate) struct State {
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub oauth2_refresh_token: Option<String>,
+ pub last_refreshed: i64,
+}
+
+impl State {
+ /// Instantiate a new [`State`].
+ pub(crate) fn new(oauth2_refresh_token: Option<String>) -> Self {
+ Self {
+ oauth2_refresh_token,
+ last_refreshed: proxmox_time::epoch_i64(),
+ }
+ }
+
+ /// Load the state for the endpoint identified by `name`, instantiating a default object
+ /// if no state exists.
+ ///
+ /// # Errors
+ /// An [`Error`] is returned if deserialization of the state object fails.
+ pub(crate) fn load(name: &str) -> Result<State, Error> {
+ match proxmox_sys::fs::file_get_optional_contents(context().state_file_path(name))
+ .map_err(|e| Error::ConfigDeserialization(e.into()))?
+ {
+ Some(bytes) => {
+ serde_json::from_slice(&bytes).map_err(|e| Error::ConfigDeserialization(e.into()))
+ }
+ None => Ok(State::default()),
+ }
+ }
+
+ /// Persist the state for the endpoint identified by `name`.
+ ///
+ /// # Errors
+ /// An [`Error`] is returned if serialization of the state object, or the final write, fail.
+ pub(crate) fn store(self, name: &str) -> Result<(), Error> {
+ let path = context().state_file_path(name);
+ let parent = std::path::Path::new(&path).parent().unwrap();
+
+ proxmox_sys::fs::ensure_dir_exists(parent, &context().secret_create_options(), false)
+ .map_err(|e| Error::ConfigSerialization(e.into()))?;
+
+ let s = serde_json::to_string_pretty(&self)
+ .map_err(|e| Error::ConfigSerialization(e.into()))?;
+
+ proxmox_sys::fs::replace_file(path, s.as_bytes(), context().secret_create_options(), true)
+ .map_err(|e| Error::ConfigSerialization(e.into()))
+ }
+
+ /// Set `last_refreshed`.
+ pub(crate) fn set_last_refreshed(mut self, last_refreshed: i64) -> Self {
+ self.last_refreshed = last_refreshed;
+ self
+ }
+
+ /// Set `oauth2_refresh_token`.
+ pub(crate) fn set_oauth2_refresh_token(mut self, oauth2_refresh_token: Option<String>) -> Self {
+ self.oauth2_refresh_token = oauth2_refresh_token;
+ self
+ }
+}
--
2.47.3
next prev parent reply other threads:[~2026-02-13 16:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-13 16:03 [PATCH cluster/docs/manager/proxmox{,-perl-rs,-widget-toolkit} 00/17] fix #7238: Add XOAUTH2 authentication support for SMTP notification targets Arthur Bied-Charreton
2026-02-13 16:03 ` [PATCH proxmox 1/7] notify (smtp): Introduce xoauth2 module Arthur Bied-Charreton
2026-02-13 16:04 ` Arthur Bied-Charreton [this message]
2026-02-13 16:04 ` [PATCH proxmox 3/7] notify (smtp): Factor out transport building logic into own function Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH proxmox 4/7] notify (smtp): Update API with OAuth2 parameters Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH proxmox 5/7] notify (smtp): Add state handling logic Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH proxmox 6/7] notify (smtp): Add XOAUTH2 authentication support Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH proxmox 7/7] notify (smtp): Add logging and state-related error types Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH proxmox-perl-rs 1/1] notify (smtp): add oauth2 parameters to bindings Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH proxmox-widget-toolkit 1/2] utils: Add OAuth2 flow handlers Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH proxmox-widget-toolkit 2/2] notifications: Add opt-in OAuth2 support for SMTP targets Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH pve-manager 1/5] notifications: Add OAuth2 parameters to schema and add/update endpoints Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH pve-manager 2/5] notifications: Add trigger-state-refresh endpoint Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH pve-manager 3/5] notifications: Trigger notification target refresh in pveupdate Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH pve-manager 4/5] notifications: Handle OAuth2 callback in login handler Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH pve-manager 5/5] notifications: Opt into OAuth2 authentication Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH pve-cluster 1/1] notifications: Add refresh_targets subroutine to PVE::Notify Arthur Bied-Charreton
2026-02-13 16:04 ` [PATCH pve-docs 1/1] notifications: Add section about OAuth2 to SMTP targets docs Arthur Bied-Charreton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260213160415.609868-3-a.bied-charreton@proxmox.com \
--to=a.bied-charreton@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox