[pve-devel] [Patch V3 manager 5/8] Adapt acme node config parser and rename the function.

Wolfgang Link Wed, 15 Apr 2020 22:19:25 -0700

Signed-off-by: Wolfgang Link <w.l...@proxmox.com>
---
 PVE/API2/ACME.pm  | 26 ++++++++++----------------
 PVE/NodeConfig.pm | 44 ++++++++++++++++++++++++++++++++++++++------
 2 files changed, 48 insertions(+), 22 deletions(-)


diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm
index 7bb3ab95..d215739b 100644
--- a/PVE/API2/ACME.pm
+++ b/PVE/API2/ACME.pm
@@ -73,9 +73,9 @@ my $get_plugin_type = sub {
 };
 
 my $order_certificate = sub {
-    my ($acme, $domains) = @_;
+    my ($acme, $acme_node_config) = @_;
     print "Placing ACME order\n";
-    my ($order_url, $order) = $acme->new_order($domains);
+    my ($order_url, $order) = $acme->new_order($acme_node_config->{domains});
     print "Order URL: $order_url\n";
     my $index = 0;
     for my $auth_url (@{$order->{authorizations}}) {
@@ -213,11 +213,9 @@ __PACKAGE__->register_method ({
            if !$param->{force} && -e "${cert_prefix}.pem";
 
        my $node_config = PVE::NodeConfig::load_config($node);
-       raise("ACME settings in node configuration are missing!", 400)
-           if !$node_config || !$node_config->{acme};
-       my $acme_node_config = 
PVE::NodeConfig::parse_acme($node_config->{acme});
+       my $acme_node_config = PVE::NodeConfig::get_acme_conf($node_config);
        raise("ACME domain list in node configuration is missing!", 400)
-           if !$acme_node_config;
+           if !$acme_node_config || !$acme_node_config->{domains};
 
        my $rpcenv = PVE::RPCEnvironment::get();
 
@@ -235,7 +233,7 @@ __PACKAGE__->register_method ({
            print "Loading ACME account details\n";
            $acme->load();
 
-           my ($cert, $key) = $order_certificate->($acme, 
$acme_node_config->{domains});
+           my ($cert, $key) = $order_certificate->($acme, $acme_node_config);
 
            my $code = sub {
                print "Setting pveproxy certificate and key\n";
@@ -287,11 +285,9 @@ __PACKAGE__->register_method ({
            if !$expires_soon && !$param->{force};
 
        my $node_config = PVE::NodeConfig::load_config($node);
-       raise("ACME settings in node configuration are missing!", 400)
-           if !$node_config || !$node_config->{acme};
-       my $acme_node_config = 
PVE::NodeConfig::parse_acme($node_config->{acme});
+       my $acme_node_config = PVE::NodeConfig::get_acme_conf($node_config);
        raise("ACME domain list in node configuration is missing!", 400)
-           if !$acme_node_config;
+           if !$acme_node_config || !$acme_node_config->{domains};
 
        my $rpcenv = PVE::RPCEnvironment::get();
 
@@ -311,7 +307,7 @@ __PACKAGE__->register_method ({
            print "Loading ACME account details\n";
            $acme->load();
 
-           my ($cert, $key) = $order_certificate->($acme, 
$acme_node_config->{domains});
+           my ($cert, $key) = $order_certificate->($acme, $acme_node_config);
 
            my $code = sub {
                print "Setting pveproxy certificate and key\n";
@@ -353,11 +349,9 @@ __PACKAGE__->register_method ({
        my $cert_prefix = PVE::CertHelpers::cert_path_prefix($node);
 
        my $node_config = PVE::NodeConfig::load_config($node);
-       raise("ACME settings in node configuration are missing!", 400)
-           if !$node_config || !$node_config->{acme};
-       my $acme_node_config = 
PVE::NodeConfig::parse_acme($node_config->{acme});
+       my $acme_node_config = PVE::NodeConfig::get_acme_conf($node_config);
        raise("ACME domain list in node configuration is missing!", 400)
-           if !$acme_node_config;
+           if !$acme_node_config || !$acme_node_config->{domains};
 
        my $rpcenv = PVE::RPCEnvironment::get();
 
diff --git a/PVE/NodeConfig.pm b/PVE/NodeConfig.pm
index 6ea2dac1..ae2f916c 100644
--- a/PVE/NodeConfig.pm
+++ b/PVE/NodeConfig.pm
@@ -227,18 +227,50 @@ sub write_node_config {
     return $raw;
 }
 
-sub parse_acme {
+sub get_acme_conf {
     my ($data, $noerr) = @_;
 
     $data //= '';
 
-    my $res = eval { PVE::JSONSchema::parse_property_string($acmedesc, $data); 
};
-    if ($@) {
-       return undef if $noerr;
-       die $@;
+    my $res = {};
+
+    if (defined($data->{acme})) {
+       $res->{0} = eval {
+           PVE::JSONSchema::parse_property_string($acmedesc, $data->{acme});
+       };
+       if ($@) {
+           return undef if $noerr;
+           die $@;
+       }
     }
+    $res->{0}->{account} = $res->{0}->{account} // "default";
+    my $domainlist = [];
+
+    for my $index (0..$MAXDOMAINS) {
+       my $domain_rec = $data->{"acme_additional_domain$index"};
+       next if !defined($domain_rec);
+
+       # index = 0 is used by acme see above
+       $res->{($index+1)} = eval {
+           PVE::JSONSchema::parse_property_string(
+               $acme_additional_desc,
+               $domain_rec);
+       };
+       if ($@) {
+           return undef if $noerr;
+           die $@;
+       }
+       push @$domainlist, $res->{($index+1)}->{domain};
+    }
+
+    # If additional domain are used it is not allowed
+    # to have a domain(list) at acme entry
+    my @domains = split(";", $res->{0}->{domains})
+       if $res->{0}->{domains};
+    die "Mutual exclusion of setting domains in acme and additional domains\n"
+       if (0 < @domains && defined(@$domainlist[0]));
 
-    $res->{domains} = [ PVE::Tools::split_list($res->{domains}) ];
+    $res->{"domains"} = @domains ? \@domains : $domainlist;
 
     return $res;
 }
-- 
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [Patch V3 manager 5/8] Adapt acme node config parser and rename the function.

Reply via email to