Re: [pve-devel] [manager 3/6] refactor validating_url

Fabian Grünbichler Fri, 18 Oct 2019 02:25:43 -0700

On October 14, 2019 1:08 pm, Wolfgang Link wrote:
> The validating have to be done in the Plugin to be generic.


NAK - this was already designed with plugins in mind?

1.) call plugin->setup()
2.) request validation by ACME server
3.) check validation status
4.) repeat 3 until OK or error
5.) call plugin->teardown()

1/5 are plugin specific
2-4 are the same for all validation methods.

possibly we need to look at what setup() returns (post-setup delay? 
inter-check delay? better name for value that is used for requesting the 
validation?), or what teardown get's passed (probably the full return 
value of ->setup(), so that the plugin can determine what it needs for 
teardown) if we now integrate actual other plugins.

but moving the whole setup->validation->teardown sequence into each 
plugin is the wrong direction to go for sure..

> ---
>  PVE/API2/ACME.pm | 27 +--------------------------
>  1 file changed, 1 insertion(+), 26 deletions(-)
> 
> diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm
> index 2c05db9b..db94586d 100644
> --- a/PVE/API2/ACME.pm
> +++ b/PVE/API2/ACME.pm
> @@ -59,32 +59,7 @@ my $order_certificate = sub {
>           print "... already validated!\n";
>       } else {
>           print "... pending!\n";
> -         print "Setting up webserver\n";
> -         my $validation = eval { PVE::ACME::StandAlone->setup($acme, $auth) 
> };
> -         die "failed setting up webserver - $@\n" if $@;
> -
> -         print "Triggering validation\n";
> -         eval {
> -             $acme->request_challenge_validation($validation->{url}, 
> $validation->{key_auth});
> -             print "Sleeping for 5 seconds\n";
> -             sleep 5;
> -             while (1) {
> -                 $auth = $acme->get_authorization($auth_url);
> -                 if ($auth->{status} eq 'pending') {
> -                     print "Status is still 'pending', trying again in 30 
> seconds\n";
> -                     sleep 30;
> -                     next;
> -                 } elsif ($auth->{status} eq 'valid') {
> -                     print "Status is 'valid'!\n";
> -                     last;
> -                 }
> -                 die "validating challenge '$auth_url' failed\n";
> -             }
> -         };
> -         my $err = $@;
> -         eval { $validation->teardown() };
> -         warn "$@\n" if $@;
> -         die $err if $err;
> +         PVE::ACME::validating_url($acme, $auth, $auth_url, $node_config);
>       }
>      }
>      print "\nAll domains validated!\n";
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 

_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [manager 3/6] refactor validating_url

Reply via email to