[pmg-api.git] / src / PMG / API2 / ACMEPlugin.pm

package PMG::API2::ACMEPlugin;

use strict;
use warnings;

use Storable qw(dclone);

use PVE::ACME::Challenge;
use PVE::ACME::DNSChallenge;
use PVE::ACME::StandAlone;
use PVE::INotify;
use PVE::JSONSchema qw(get_standard_option);
use PVE::Tools qw(extract_param);

use base qw(PVE::RESTHandler);

my $inotify_file_id = 'pmg-acme-plugins-config.conf';
my $config_filename = '/etc/pmg/acme/plugins.conf';
my $lockfile = "/var/lock/pmg-acme-plugins-config.lck";

PVE::ACME::DNSChallenge->register();
PVE::ACME::StandAlone->register();
PVE::ACME::Challenge->init();

PVE::JSONSchema::register_standard_option('pmg-acme-pluginid', {
    type => 'string',
    format => 'pve-configid',
    description => 'Unique identifier for ACME plugin instance.',
});

sub read_pmg_acme_challenge_config {
    my ($filename, $fh) = @_;
    my $raw = defined($fh) ? do { local $/ = undef; <$fh> } : '';
    return PVE::ACME::Challenge->parse_config($filename, $raw);
}

sub write_pmg_acme_challenge_config {
    my ($filename, $fh, $cfg) = @_;
    my $raw = PVE::ACME::Challenge->write_config($filename, $cfg);
    PVE::Tools::safe_print($filename, $fh, $raw);
}

PVE::INotify::register_file(
    $inotify_file_id, $config_filename,
    \&read_pmg_acme_challenge_config,
    \&write_pmg_acme_challenge_config,
    undef,
    always_call_parser => 1,
);

sub lock_config {
    my ($code) = @_;
    my $p = PVE::Tools::lock_file($lockfile, undef, $code);
    die $@ if $@;
    return $p;
}

sub load_config {
    # auto-adds the standalone plugin if no config is there for backwards
    # compatibility, so ALWAYS call the cfs registered parser
    return PVE::INotify::read_file($inotify_file_id);
}

sub write_config {
    my ($self) = @_;
    return PVE::INotify::write_file($inotify_file_id, $self);
}

my $plugin_type_enum = PVE::ACME::Challenge->lookup_types();

my $modify_cfg_for_api = sub {
    my ($cfg, $pluginid) = @_;

    die "ACME plugin '$pluginid' not defined\n" if !defined($cfg->{ids}->{$pluginid});

    my $plugin_cfg = dclone($cfg->{ids}->{$pluginid});
    $plugin_cfg->{plugin} = $pluginid;
    $plugin_cfg->{digest} = $cfg->{digest};

    return $plugin_cfg;
};

__PACKAGE__->register_method ({
    name => 'index',
    path => '',
    method => 'GET',
    permissions => { check => [ 'admin' ] },
    description => "ACME plugin index.",
    protected => 1,
    parameters => {
	additionalProperties => 0,
	properties => {
	    type => {
		description => "Only list ACME plugins of a specific type",
		type => 'string',
		enum => $plugin_type_enum,
		optional => 1,
	    },
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {
		plugin => get_standard_option('pmg-acme-pluginid'),
	    },
	},
	links => [ { rel => 'child', href => "{plugin}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $cfg = load_config();

	my $res = [];
	foreach my $pluginid (keys %{$cfg->{ids}}) {
	    my $plugin_cfg = $modify_cfg_for_api->($cfg, $pluginid);
	    next if $param->{type} && $param->{type} ne $plugin_cfg->{type};
	    push @$res, $plugin_cfg;
	}

	return $res;
    }
});

__PACKAGE__->register_method({
    name => 'get_plugin_config',
    path => '{id}',
    method => 'GET',
    description => "Get ACME plugin configuration.",
    permissions => { check => [ 'admin' ] },
    protected => 1,
    parameters => {
	additionalProperties => 0,
	properties => {
	    id => get_standard_option('pmg-acme-pluginid'),
	},
    },
    returns => {
	type => 'object',
    },
    code => sub {
	my ($param) = @_;

	my $cfg = load_config();
	return $modify_cfg_for_api->($cfg, $param->{id});
    }
});

__PACKAGE__->register_method({
    name => 'add_plugin',
    path => '',
    method => 'POST',
    description => "Add ACME plugin configuration.",
    permissions => { check => [ 'admin' ] },
    protected => 1,
    parameters => PVE::ACME::Challenge->createSchema(),
    returns => {
	type => "null"
    },
    code => sub {
	my ($param) = @_;

	my $id = extract_param($param, 'id');
	my $type = extract_param($param, 'type');

	lock_config(sub {
	    my $cfg = load_config();
	    die "ACME plugin ID '$id' already exists\n" if defined($cfg->{ids}->{$id});

	    my $plugin = PVE::ACME::Challenge->lookup($type);
	    my $opts = $plugin->check_config($id, $param, 1, 1);

	    $cfg->{ids}->{$id} = $opts;
	    $cfg->{ids}->{$id}->{type} = $type;

	    write_config($cfg);
	});
	die "$@" if $@;

	return undef;
    }
});

__PACKAGE__->register_method({
    name => 'update_plugin',
    path => '{id}',
    method => 'PUT',
    description => "Update ACME plugin configuration.",
    permissions => { check => [ 'admin' ] },
    protected => 1,
    parameters => PVE::ACME::Challenge->updateSchema(),
    returns => {
	type => "null"
    },
    code => sub {
	my ($param) = @_;

	my $id = extract_param($param, 'id');
	my $delete = extract_param($param, 'delete');
	my $digest = extract_param($param, 'digest');

	lock_config(sub {
	    my $cfg = load_config();
	    PVE::Tools::assert_if_modified($cfg->{digest}, $digest);
	    my $plugin_cfg = $cfg->{ids}->{$id};
	    die "ACME plugin ID '$id' does not exist\n" if !$plugin_cfg;

	    my $type = $plugin_cfg->{type};
	    my $plugin = PVE::ACME::Challenge->lookup($type);

	    if (defined($delete)) {
		my $schema = $plugin->private();
		my $options = $schema->{options}->{$type};
		for my $k (PVE::Tools::split_list($delete)) {
		    my $d = $options->{$k} || die "no such option '$k'\n";
		    die "unable to delete required option '$k'\n" if !$d->{optional};

		    delete $cfg->{ids}->{$id}->{$k};
		}
	    }

	    my $opts = $plugin->check_config($id, $param, 0, 1);
	    for my $k (keys %$opts) {
		$plugin_cfg->{$k} = $opts->{$k};
	    }

	    write_config($cfg);
	});
	die "$@" if $@;

	return undef;
    }
});

__PACKAGE__->register_method({
    name => 'delete_plugin',
    path => '{id}',
    method => 'DELETE',
    description => "Delete ACME plugin configuration.",
    permissions => { check => [ 'admin' ] },
    protected => 1,
    parameters => {
	additionalProperties => 0,
	properties => {
	    id => get_standard_option('pmg-acme-pluginid'),
	},
    },
    returns => {
	type => "null"
    },
    code => sub {
	my ($param) = @_;

	my $id = extract_param($param, 'id');

	lock_config(sub {
	    my $cfg = load_config();

	    delete $cfg->{ids}->{$id};

	    write_config($cfg);
	});
	die "$@" if $@;

	return undef;
    }
});

1;
Commit	Line	Data
5000937e WB	1	package PMG::API2::ACMEPlugin;
	2
	3	use strict;
	4	use warnings;
	5
	6	use Storable qw(dclone);
	7
	8	use PVE::ACME::Challenge;
	9	use PVE::ACME::DNSChallenge;
	10	use PVE::ACME::StandAlone;
	11	use PVE::INotify;
	12	use PVE::JSONSchema qw(get_standard_option);
	13	use PVE::Tools qw(extract_param);
	14
	15	use base qw(PVE::RESTHandler);
	16
	17	my $inotify_file_id = 'pmg-acme-plugins-config.conf';
abbb3940	18	my $config_filename = '/etc/pmg/acme/plugins.conf';
5000937e WB	19	my $lockfile = "/var/lock/pmg-acme-plugins-config.lck";
	20
	21	PVE::ACME::DNSChallenge->register();
	22	PVE::ACME::StandAlone->register();
	23	PVE::ACME::Challenge->init();
	24
	25	PVE::JSONSchema::register_standard_option('pmg-acme-pluginid', {
	26	type => 'string',
	27	format => 'pve-configid',
	28	description => 'Unique identifier for ACME plugin instance.',
	29	});
	30
	31	sub read_pmg_acme_challenge_config {
	32	my ($filename, $fh) = @_;
181ef3f1	33	my $raw = defined($fh) ? do { local $/ = undef; <$fh> } : '';
5000937e WB	34	return PVE::ACME::Challenge->parse_config($filename, $raw);
	35	}
	36
	37	sub write_pmg_acme_challenge_config {
	38	my ($filename, $fh, $cfg) = @_;
	39	my $raw = PVE::ACME::Challenge->write_config($filename, $cfg);
	40	PVE::Tools::safe_print($filename, $fh, $raw);
	41	}
	42
f68516f0 TL	43	PVE::INotify::register_file(
	44	$inotify_file_id, $config_filename,
	45	\&read_pmg_acme_challenge_config,
	46	\&write_pmg_acme_challenge_config,
	47	undef,
	48	always_call_parser => 1,
	49	);
5000937e WB	50
	51	sub lock_config {
	52	my ($code) = @_;
	53	my $p = PVE::Tools::lock_file($lockfile, undef, $code);
	54	die $@ if $@;
	55	return $p;
	56	}
	57
	58	sub load_config {
	59	# auto-adds the standalone plugin if no config is there for backwards
	60	# compatibility, so ALWAYS call the cfs registered parser
	61	return PVE::INotify::read_file($inotify_file_id);
	62	}
	63
	64	sub write_config {
	65	my ($self) = @_;
	66	return PVE::INotify::write_file($inotify_file_id, $self);
	67	}
	68
	69	my $plugin_type_enum = PVE::ACME::Challenge->lookup_types();
	70
	71	my $modify_cfg_for_api = sub {
	72	my ($cfg, $pluginid) = @_;
	73
	74	die "ACME plugin '$pluginid' not defined\n" if !defined($cfg->{ids}->{$pluginid});
	75
	76	my $plugin_cfg = dclone($cfg->{ids}->{$pluginid});
	77	$plugin_cfg->{plugin} = $pluginid;
	78	$plugin_cfg->{digest} = $cfg->{digest};
	79
	80	return $plugin_cfg;
	81	};
	82
	83	__PACKAGE__->register_method ({
	84	name => 'index',
	85	path => '',
	86	method => 'GET',
	87	permissions => { check => [ 'admin' ] },
	88	description => "ACME plugin index.",
	89	protected => 1,
	90	parameters => {
	91	additionalProperties => 0,
	92	properties => {
	93	type => {
	94	description => "Only list ACME plugins of a specific type",
	95	type => 'string',
	96	enum => $plugin_type_enum,
	97	optional => 1,
	98	},
	99	},
	100	},
	101	returns => {
	102	type => 'array',
	103	items => {
	104	type => "object",
	105	properties => {
	106	plugin => get_standard_option('pmg-acme-pluginid'),
	107	},
	108	},
	109	links => [ { rel => 'child', href => "{plugin}" } ],
	110	},
	111	code => sub {
	112	my ($param) = @_;
	113
114	my $cfg = load_config();
115
116	my $res = [];
117	foreach my $pluginid (keys %{$cfg->{ids}}) {
118	my $plugin_cfg = $modify_cfg_for_api->($cfg, $pluginid);
119	next if $param->{type} && $param->{type} ne $plugin_cfg->{type};
120	push @$res, $plugin_cfg;
121	}
122
123	return $res;
124	}
125	});
126
127	__PACKAGE__->register_method({
128	name => 'get_plugin_config',
129	path => '{id}',
130	method => 'GET',
131	description => "Get ACME plugin configuration.",
132	permissions => { check => [ 'admin' ] },
133	protected => 1,
134	parameters => {
135	additionalProperties => 0,
136	properties => {
137	id => get_standard_option('pmg-acme-pluginid'),
138	},
139	},
140	returns => {
141	type => 'object',
142	},
143	code => sub {
144	my ($param) = @_;
145
146	my $cfg = load_config();
147	return $modify_cfg_for_api->($cfg, $param->{id});
148	}
149	});
150
151	__PACKAGE__->register_method({
152	name => 'add_plugin',
153	path => '',
154	method => 'POST',
155	description => "Add ACME plugin configuration.",
156	permissions => { check => [ 'admin' ] },
157	protected => 1,
158	parameters => PVE::ACME::Challenge->createSchema(),
159	returns => {
160	type => "null"
161	},
162	code => sub {
163	my ($param) = @_;
164
165	my $id = extract_param($param, 'id');
166	my $type = extract_param($param, 'type');
167
168	lock_config(sub {
169	my $cfg = load_config();
170	die "ACME plugin ID '$id' already exists\n" if defined($cfg->{ids}->{$id});
171
172	my $plugin = PVE::ACME::Challenge->lookup($type);
173	my $opts = $plugin->check_config($id, $param, 1, 1);
174
175	$cfg->{ids}->{$id} = $opts;
176	$cfg->{ids}->{$id}->{type} = $type;
177
178	write_config($cfg);
179	});
180	die "$@" if $@;
181
182	return undef;
183	}
184	});
185
186	__PACKAGE__->register_method({
187	name => 'update_plugin',
188	path => '{id}',
189	method => 'PUT',
190	description => "Update ACME plugin configuration.",
191	permissions => { check => [ 'admin' ] },
192	protected => 1,
193	parameters => PVE::ACME::Challenge->updateSchema(),
194	returns => {
195	type => "null"
196	},
197	code => sub {
198	my ($param) = @_;
199
200	my $id = extract_param($param, 'id');
201	my $delete = extract_param($param, 'delete');
202	my $digest = extract_param($param, 'digest');
203
204	lock_config(sub {
205	my $cfg = load_config();
206	PVE::Tools::assert_if_modified($cfg->{digest}, $digest);
207	my $plugin_cfg = $cfg->{ids}->{$id};
208	die "ACME plugin ID '$id' does not exist\n" if !$plugin_cfg;
209
210	my $type = $plugin_cfg->{type};
211	my $plugin = PVE::ACME::Challenge->lookup($type);
212
213	if (defined($delete)) {
214	my $schema = $plugin->private();
215	my $options = $schema->{options}->{$type};
216	for my $k (PVE::Tools::split_list($delete)) {
217	my $d = $options->{$k} \|\| die "no such option '$k'\n";
218	die "unable to delete required option '$k'\n" if !$d->{optional};
219
220	delete $cfg->{ids}->{$id}->{$k};
221	}
222	}
223
224	my $opts = $plugin->check_config($id, $param, 0, 1);
225	for my $k (keys %$opts) {
226	$plugin_cfg->{$k} = $opts->{$k};
227	}
228
229	write_config($cfg);
230	});
231	die "$@" if $@;
232
233	return undef;
234	}
235	});
236
237	__PACKAGE__->register_method({
238	name => 'delete_plugin',
239	path => '{id}',
240	method => 'DELETE',
241	description => "Delete ACME plugin configuration.",
242	permissions => { check => [ 'admin' ] },
243	protected => 1,
244	parameters => {
245	additionalProperties => 0,
246	properties => {
247	id => get_standard_option('pmg-acme-pluginid'),
248	},
249	},
250	returns => {
251	type => "null"
252	},
253	code => sub {
254	my ($param) = @_;
255
256	my $id = extract_param($param, 'id');
257
258	lock_config(sub {
259	my $cfg = load_config();
260
261	delete $cfg->{ids}->{$id};
262
263	write_config($cfg);
264	});
265	die "$@" if $@;
266
267	return undef;
268	}
269	});
270
271	1;