[pve-devel] [PATCH manager 3/5] fix #4497: api/acme: deprecate tos endpoint in favor of meta

Mon, 23 Oct 2023 06:19:33 -0700 

The ToS endpoint ignored data that is needed to detect if EAB needs to
be used. Instead of adding a new endpoint that does the same request,
the tos endpoint is deprecated and replaced by the meta endpoint,
that returns all information returned by the directory.

Signed-off-by: Folke Gleumes <f.gleu...@proxmox.com>
---
 PVE/API2/ACMEAccount.pm | 46 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/PVE/API2/ACMEAccount.pm b/PVE/API2/ACMEAccount.pm
index daae18d8..bfe76734 100644
--- a/PVE/API2/ACMEAccount.pm
+++ b/PVE/API2/ACMEAccount.pm
@@ -62,6 +62,7 @@ __PACKAGE__->register_method ({
        return [
            { name => 'account' },
            { name => 'tos' },
+           { name => 'meta' },
            { name => 'directories' },
            { name => 'plugins' },
            { name => 'challenge-schema' },
@@ -333,11 +334,12 @@ __PACKAGE__->register_method ({
        return $update_account->($param, 'deactivate', status => 'deactivated');
     }});
 
+# TODO: deprecated, remove with pve 9
 __PACKAGE__->register_method ({
     name => 'get_tos',
     path => 'tos',
     method => 'GET',
-    description => "Retrieve ACME TermsOfService URL from CA.",
+    description => "Retrieve ACME TermsOfService URL from CA. Deprecated, 
please use /cluster/acme/meta.",
     permissions => { user => 'all' },
     parameters => {
        additionalProperties => 0,
@@ -364,6 +366,48 @@ __PACKAGE__->register_method ({
        return $meta ? $meta->{termsOfService} : undef;
     }});
 
+__PACKAGE__->register_method ({
+    name => 'get_meta',
+    path => 'meta',
+    method => 'GET',
+    description => "Retrieve ACME Directory Meta Information",
+    permissions => { user => 'all' },
+    parameters => {
+       additionalProperties => 0,
+       properties => {
+           directory => get_standard_option('pve-acme-directory-url', {
+               default => $acme_default_directory_url,
+               optional => 1,
+           }),
+       },
+    },
+    returns => {
+       type => 'object',
+       additionalProperties => 0,
+       properties => {
+           termsOfService => {
+               type => 'string',
+               optional => 1,
+               description => 'ACME TermsOfService URL.',
+           },
+           externalAccountRequired => {
+               type => 'boolean',
+               optional => 1,
+               description => 'EAB Required'
+           },
+       },
+    },
+    code => sub {
+       my ($param) = @_;
+
+       my $directory = extract_param($param, 'directory') // 
$acme_default_directory_url;
+
+       my $acme = PVE::ACME->new(undef, $directory);
+       my $meta = $acme->get_meta();
+
+       return $meta;
+    }});
+
 __PACKAGE__->register_method ({
     name => 'get_directories',
     path => 'directories',
-- 
2.39.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to