Proxmox/proxmox
5
0
Fork 1
Code Issues Pull Requests Releases Activity

acme-api: create all directorties inside init

Browse Source
This commit is contained in:
Dietmar Maurer
2024-06-04 12:22:16 +02:00
parent 2270f7bf94
commit 8219565d6a
4 changed files with 28 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
proxmox-acme-api/src/account_config.rs
View File

@ -84,11 +84,6 @@ pub fn account_config_filename(name: &str) -> PathBuf {
acme_account_dir().join(name) acme_account_dir().join(name)
} }
fn make_acme_account_dir() -> nix::Result<()> {
super::config::make_acme_dir()?;
super::config::create_secret_subdir(acme_account_dir())
}
pub(crate) fn foreach_acme_account<F>(mut func: F) -> Result<(), Error> pub(crate) fn foreach_acme_account<F>(mut func: F) -> Result<(), Error>
where where
F: FnMut(AcmeAccountName) -> ControlFlow<Result<(), Error>>, F: FnMut(AcmeAccountName) -> ControlFlow<Result<(), Error>>,
@ -172,8 +167,6 @@ pub(crate) fn create_account_config(
account_name: &AcmeAccountName, account_name: &AcmeAccountName,
account: &AccountData, account: &AccountData,
) -> Result<(), Error> { ) -> Result<(), Error> {
make_acme_account_dir()?;
let account_config_filename = account_config_filename(account_name.as_ref()); let account_config_filename = account_config_filename(account_name.as_ref());
let file = OpenOptions::new() let file = OpenOptions::new()
.write(true) .write(true)
@ -215,8 +208,6 @@ pub(crate) fn save_account_config(
) )
})?; })?;
make_acme_account_dir()?;
replace_file( replace_file(
account_config_filename, account_config_filename,
&data, &data,

25
proxmox-acme-api/src/config.rs
View File

@ -1,13 +1,6 @@
//! ACME API Configuration.
use std::borrow::Cow; use std::borrow::Cow;
use std::path::Path;
use proxmox_sys::error::SysError;
use proxmox_sys::fs::CreateOptions;
use crate::types::KnownAcmeDirectory; use crate::types::KnownAcmeDirectory;
use crate::acme_config_dir;
/// List of known ACME directorties. /// List of known ACME directorties.
pub const KNOWN_ACME_DIRECTORIES: &[KnownAcmeDirectory] = &[ pub const KNOWN_ACME_DIRECTORIES: &[KnownAcmeDirectory] = &[
@ -23,21 +16,3 @@ pub const KNOWN_ACME_DIRECTORIES: &[KnownAcmeDirectory] = &[
/// Default ACME directorties. /// Default ACME directorties.
pub const DEFAULT_ACME_DIRECTORY_ENTRY: &KnownAcmeDirectory = &KNOWN_ACME_DIRECTORIES[0]; pub const DEFAULT_ACME_DIRECTORY_ENTRY: &KnownAcmeDirectory = &KNOWN_ACME_DIRECTORIES[0];
pub(crate) fn create_secret_subdir<P: AsRef<Path>>(dir: P) -> nix::Result<()> {
let root_only = CreateOptions::new()
.owner(nix::unistd::ROOT)
.group(nix::unistd::Gid::from_raw(0))
.perm(nix::sys::stat::Mode::from_bits_truncate(0o700));
match proxmox_sys::fs::create_dir(dir, root_only) {
Ok(()) => Ok(()),
Err(err) if err.already_exists() => Ok(()),
Err(err) => Err(err),
}
}
pub(crate) fn make_acme_dir() -> nix::Result<()> {
create_secret_subdir(acme_config_dir())
}

31
proxmox-acme-api/src/init.rs
View File

@ -1,5 +1,10 @@
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use anyhow::Error;
use proxmox_sys::error::SysError;
use proxmox_sys::fs::CreateOptions;
struct AcmeApiConfig { struct AcmeApiConfig {
acme_config_dir: PathBuf, acme_config_dir: PathBuf,
acme_account_dir: PathBuf, acme_account_dir: PathBuf,
@ -8,7 +13,7 @@ struct AcmeApiConfig {
static mut ACME_ACME_CONFIG: Option<AcmeApiConfig> = None; static mut ACME_ACME_CONFIG: Option<AcmeApiConfig> = None;
/// Initialize the global product configuration. /// Initialize the global product configuration.
pub fn init<P: AsRef<Path>>(acme_config_dir: P) { pub fn init<P: AsRef<Path>>(acme_config_dir: P, create_subdirs: bool) -> Result<(), Error> {
let acme_config_dir = acme_config_dir.as_ref().to_owned(); let acme_config_dir = acme_config_dir.as_ref().to_owned();
unsafe { unsafe {
@ -17,6 +22,13 @@ pub fn init<P: AsRef<Path>>(acme_config_dir: P) {
acme_config_dir, acme_config_dir,
}); });
} }
if create_subdirs {
create_secret_subdir(self::acme_config_dir())?;
create_secret_subdir(acme_account_dir())?;
}
Ok(())
} }
fn acme_api_config() -> &'static AcmeApiConfig { fn acme_api_config() -> &'static AcmeApiConfig {
@ -27,7 +39,7 @@ fn acme_api_config() -> &'static AcmeApiConfig {
} }
} }
pub(crate) fn acme_config_dir() -> &'static Path { fn acme_config_dir() -> &'static Path {
acme_api_config().acme_config_dir.as_path() acme_api_config().acme_config_dir.as_path()
} }
@ -41,4 +53,17 @@ pub(crate) fn plugin_cfg_filename() -> PathBuf {
pub(crate) fn plugin_cfg_lockfile() -> PathBuf { pub(crate) fn plugin_cfg_lockfile() -> PathBuf {
acme_config_dir().join("plugins.lck") acme_config_dir().join("plugins.lck")
} }
fn create_secret_subdir<P: AsRef<Path>>(dir: P) -> nix::Result<()> {
let root_only = CreateOptions::new()
.owner(nix::unistd::ROOT)
.group(nix::unistd::Gid::from_raw(0))
.perm(nix::sys::stat::Mode::from_bits_truncate(0o700));
match proxmox_sys::fs::create_dir(dir, root_only) {
Ok(()) => Ok(()),
Err(err) if err.already_exists() => Ok(()),
Err(err) => Err(err),
}
}

4
proxmox-acme-api/src/plugin_config.rs
View File

@ -54,10 +54,7 @@ fn init() -> SectionConfig {
} }
pub(crate) fn lock_plugin_config() -> Result<ApiLockGuard, Error> { pub(crate) fn lock_plugin_config() -> Result<ApiLockGuard, Error> {
super::config::make_acme_dir()?;
let plugin_cfg_lockfile = crate::plugin_cfg_lockfile(); let plugin_cfg_lockfile = crate::plugin_cfg_lockfile();
open_api_lockfile(plugin_cfg_lockfile, None, true) open_api_lockfile(plugin_cfg_lockfile, None, true)
} }
@ -80,7 +77,6 @@ pub(crate) fn plugin_config() -> Result<(PluginData, ConfigDigest), Error> {
} }
pub(crate) fn save_plugin_config(config: &PluginData) -> Result<(), Error> { pub(crate) fn save_plugin_config(config: &PluginData) -> Result<(), Error> {
super::config::make_acme_dir()?;
let plugin_cfg_filename = crate::plugin_cfg_filename(); let plugin_cfg_filename = crate::plugin_cfg_filename();
let raw = CONFIG.write(&plugin_cfg_filename, &config.data)?; let raw = CONFIG.write(&plugin_cfg_filename, &config.data)?;