On October 14, 2019 1:08 pm, Wolfgang Link wrote:
> This function search for credential files.
> The file must end with .cred and named as the API plugin.
> The presumption is that every cluster uses the same DNS API credential file.
> Also, only one credential file exists in the directory.
these are very limiting assumptions, and also remind me very much of the
whole ZFS-over-iSCSI put an SSH key somewhere mess.. see other comments
for potentially better approaches.
> ---
> src/PVE/ACME/ACME_sh.pm | 22 ++++++++++++++++++++++
> 1 file changed, 22 insertions(+)
>
> diff --git a/src/PVE/ACME/ACME_sh.pm b/src/PVE/ACME/ACME_sh.pm
> index 57d4f54..db8af9a 100644
> --- a/src/PVE/ACME/ACME_sh.pm
> +++ b/src/PVE/ACME/ACME_sh.pm
> @@ -8,6 +8,8 @@ use HTTP::Response;
>
> use base qw(PVE::ACME::Challenge);
>
> +my $API_CRED_DIR = '/etc/pve/priv/acme';
> +
> sub type {
> return 'acme_sh';
> }
> @@ -16,6 +18,26 @@ sub supported_challenge_types {
> return 'dns-01';
> }
>
> +my $get_dnsapi_conf = sub {
> +
> + my $api_plugin = undef;
> + opendir(my $dh, $API_CRED_DIR) || die "Can't open $API_CRED_DIR: $!";
> +
> + while (readdir $dh) {
> + my $file = $_;
> +
> + if ($file =~ m/^(.*).cred$/) {
> + $api_plugin = $1;
> + last;
> + }
> + }
> +
> + closedir $dh;
> + die "No credential file found\n" if !defined($api_plugin);
> +
> + return ($api_plugin, "$API_CRED_DIR/$api_plugin.cred");
> +};
> +
> sub validating_url {
> my ($class, $acme, $auth, $auth_url, $node_config) = @_;
>
> --
> 2.20.1
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
