fog-proxmox 0.13.0 → 0.15.0

data/docs/identity.md

@@ -18,16 +18,32 @@ require 'fog/proxmox'
 
 ## Create identity service
 
+with access ticket:
+
+```ruby
+identity = Fog::Proxmox::Identity.new(
+	proxmox_url: 'https://localhost:8006/api2/json', 
+	proxmox_auth_method: 'access_ticket', 
+	proxmox_username: 'your_user@your_realm', 
+	proxmox_password: 'his_password',
+	connection_options: { ... }
+)      
+```
+
+with API user token:
+
 ```ruby
 identity = Fog::Proxmox::Identity.new(
-        pve_username: PVE_USERNAME, # your user name
-        pve_password: PVE_PASSWORD, # your password
-        pve_url: PVE_URL, # your server url
-		connection_options: {} # connection options
-)
+	proxmox_url: 'https://localhost:8006/api2/json', 
+	proxmox_auth_method: 'user_token', 
+	proxmox_userid: 'your_user@your_realm', 
+	proxmox_tokenid: 'his_tokenid',
+	proxmox_token: 'his_token',
+	connection_options: { ... }
+)      
 ```
 
-[connection_options](connection_parameters.md) are also available.
+[connection_options](connection_parameters.md) are also available and optional.
 
 ## Fog Abstractions
 
@@ -312,6 +328,15 @@ identity.permissions.remove({
     users: 'bobsinclar@pve'
 })
 ```
+
+User permissions:
+
+
+```ruby
+bob = identity.users.get 'bobsinclar@pve'
+bob.permissions
+```
+
 #### Pools management
 
 Proxmox supports pools management of VMs or storages. It eases managing permissions on these.

data/examples/compute.rb

@@ -19,22 +19,22 @@
 
 # There are basically two modes of operation for these specs.
 #
-# 1. ENV[PVE_URL] exists: talk to an actual Proxmox server and record HTTP
+# 1. ENV[PROXMOX_URL] exists: talk to an actual Proxmox server and record HTTP
 #    traffic in VCRs at "spec/debug" (credentials are read from the conventional
-#    environment variables: PVE_URL, PVE_USERNAME, PVE_PASSWORD)
+#    environment variables: PROXMOX_URL, PROXMOX_USERNAME, PROXMOX_PASSWORD)
 # 2. otherwise (Travis, etc): use VCRs at "spec/fixtures/proxmox/#{service}"
 
 require 'fog/proxmox'
 
-pve_url = 'https://172.26.49.146:8006/api2/json'
-pve_username = 'root@pam'
-pve_password = 'proxmox01'
+proxmox_url = 'https://172.26.49.146:8006/api2/json'
+proxmox_username = 'root@pam'
+proxmox_password = 'proxmox01'
 
 # Create service compute
 compute = Fog::Proxmox::Compute.new(
-  pve_url: pve_url,
-  pve_username: pve_username,
-  pve_password: pve_password
+  proxmox_url: proxmox_url,
+  proxmox_username: proxmox_username,
+  proxmox_password: proxmox_password
 )
 
 # Create pools
@@ -62,7 +62,7 @@ pool1.destroy
 # Create servers
 
 # Get node owner
-node_name = 'pve'
+node_name = 'proxmox'
 node = compute.nodes.get node_name
 
 # Get next free vmid
@@ -170,7 +170,7 @@ server.config.disks
 server.destroy
 
 # Create containers
-node_name = 'pve'
+node_name = 'proxmox'
 node = compute.nodes.get node_name
 ostemplate = 'local:vztmpl/alpine-3.7-default_20171211_amd64.tar.xz'
 container_hash = {
@@ -267,7 +267,7 @@ container.destroy
 
 # List 1 task
 filters = { limit: 1 }
-node = compute.nodes.get 'pve'
+node = compute.nodes.get 'proxmox'
 tasks = node.tasks.all(filters)
 # Get task
 upid = tasks[0].upid

data/examples/identity.rb

@@ -20,30 +20,40 @@
 
 # There are basically two modes of operation for these specs.
 #
-# 1. ENV[PVE_URL] exists: talk to an actual Proxmox server and record HTTP
+# 1. ENV[PROXMOX_URL] exists: talk to an actual Proxmox server and record HTTP
 #    traffic in VCRs at "spec/debug" (credentials are read from the conventional
-#    environment variables: PVE_URL, PVE_USERNAME, PVE_PASSWORD)
+#    environment variables: PROXMOX_URL, PROXMOX_USERNAME, PROXMOX_PASSWORD)
 # 2. otherwise (Travis, etc): use VCRs at "spec/fixtures/proxmox/#{service}"
 
 require 'fog/proxmox'
 
-pve_url = 'https://172.26.49.146:8006/api2/json'
-pve_username = 'root@pam'
-pve_password = 'proxmox01'
+proxmox_url = 'https://172.26.49.146:8006/api2/json'
+proxmox_username = 'root@pam'
+proxmox_password = 'proxmox01'
 
-# Create service identity
+# Create service identity with access ticket
 identity = Fog::Proxmox::Identity.new(
-  pve_url: pve_url,
-  pve_username: pve_username,
-  pve_password: pve_password
+  proxmox_url: proxmox_url,
+  proxmox_auth_method: 'access_ticket',
+  proxmox_username: proxmox_username,
+  proxmox_password: proxmox_password
 )
 
+# or with a user token
+identity = Fog::Proxmox::Identity.new(
+	proxmox_url: proxmox_url, 
+	proxmox_auth_method: 'user_token', 
+	proxmox_userid: proxmox_username, 
+	proxmox_tokenid: 'root1',
+	proxmox_token: 'ed6402b4-641d-46b1-b20a-33ba9ba12f54'
+)      
+
 # Get proxmox version
 identity.read_version
 
 # Create a new user
 bob_hash = {
-  userid: 'bobsinclar@pve',
+  userid: 'bobsinclar@proxmox',
   password: 'bobsinclar1',
   firstname: 'Bob',
   lastname: 'Sinclar',
@@ -53,7 +63,7 @@ bob_hash = {
 identity.users.create(bob_hash)
 
 # Get a user by id
-bob = identity.users.get 'bobsinclar@pve'
+bob = identity.users.get 'bobsinclar@proxmox'
 
 # List all users
 identity.users.all
@@ -69,6 +79,9 @@ bob.comment = 'novelist'
 bob.groups = %w[group1]
 bob.update
 
+# List user permissions
+bob.permissions
+
 # Delete user
 bob.destroy
 
@@ -117,8 +130,8 @@ end
 role1.destroy
 
 # Create a new domain (authentication server)
-# Three types: PAM, PVE, LDAP and ActiveDirectory
-# PAM and PVE already exist by default
+# Three types: PAM, PROXMOX, LDAP and ActiveDirectory
+# PAM and PROXMOX already exist by default
 # LDAP sample:
 ldap_hash = {
   realm: 'LDAP',
@@ -165,14 +178,14 @@ ldap.destroy
 permission_hash = {
   type: 'user'
   path: '/access',
-  roleid: 'PVEUserAdmin',
+  roleid: 'PROXMOXUserAdmin',
   ugid: bob_hash[:userid]
 }
 # Add a group permission
 # permission_hash = {
 #   type: 'group'
 #   path: '/access',
-#   roleid: 'PVEUserAdmin',
+#   roleid: 'PROXMOXUserAdmin',
 #   ugid: 'group1'
 # }
 permission = identity.permissions.create(permission_hash)

data/fog-proxmox.gemspec

@@ -33,13 +33,12 @@ Gem::Specification.new do |spec|
   spec.license       = 'GPL-3.0'
 
   spec.files         = `git ls-files -z`.split("\x0")
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
   spec.required_ruby_version = '>= 2.5'
-  spec.rubygems_version = '~> 2.6'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
+  spec.add_development_dependency 'bundler-audit', '~> 0.6'
   spec.add_development_dependency 'debase', '~> 0.2.2'
   spec.add_development_dependency 'debride', '~> 1.8'
   spec.add_development_dependency 'fasterer', '~> 0.3'
@@ -48,16 +47,19 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'pry', '~> 0.11'
   spec.add_development_dependency 'rake', '~> 12.3'
   spec.add_development_dependency 'rcodetools', '~> 0.3'
-  spec.add_development_dependency 'reek', '~> 4.7'
+  spec.add_development_dependency 'reek', '~> 6.1'
   spec.add_development_dependency 'rspec', '~> 3.7'
-  spec.add_development_dependency 'rubocop', '~> 0.55'
+  spec.add_development_dependency 'rubocop', '~> 1.39'
+  spec.add_development_dependency 'rubocop-minitest', '~> 0.24'
+  spec.add_development_dependency 'rubocop-rake', '~> 0.6'
+  spec.add_development_dependency 'rubocop-rspec', '~> 2.15'
   spec.add_development_dependency 'ruby-debug-ide', '~> 0.6'
-  spec.add_development_dependency 'simplecov', '0.17'
+  spec.add_development_dependency 'simplecov', '~> 0.21'
   spec.add_development_dependency 'vcr', '~> 4.0'
   spec.add_development_dependency 'webmock', '~> 3.5'
-  spec.add_development_dependency 'bundler-audit', '~> 0.6'
 
   spec.add_dependency 'fog-core',  '~> 2.1'
   spec.add_dependency 'fog-json',  '~> 1.2'
   spec.add_dependency 'ipaddress', '~> 0.8'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 end

data/lib/fog/proxmox/attributes.rb

@@ -24,9 +24,10 @@ module Fog
       def self.set_attr(attr_name, attributes, new_attributes)
         attributes[attr_name.to_sym] = new_attributes[attr_name] unless new_attributes[attr_name].nil?
       end
+
       def self.set_attr_and_sym(attr_name, attributes, new_attributes)
-        self.set_attr(attr_name, attributes, new_attributes)
-        self.set_attr(attr_name.to_sym, attributes, new_attributes)
+        set_attr(attr_name, attributes, new_attributes)
+        set_attr(attr_name.to_sym, attributes, new_attributes)
       end
     end
   end

data/lib/fog/proxmox/auth/token/access_ticket.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+# Copyright 2018 Tristan Robert
+
+# This file is part of Fog::Proxmox.
+
+# Fog::Proxmox is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# Fog::Proxmox is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with Fog::Proxmox. If not, see <http://www.gnu.org/licenses/>.
+
+require 'fog/json'
+require 'fog/proxmox/variables'
+require 'fog/proxmox/json'
+
+module Fog
+  module Proxmox
+    # Core module
+    module Auth
+      module Token
+        class AccessTicket
+          include Fog::Proxmox::Auth::Token
+
+          NAME = 'access_ticket'
+
+          attr_reader :csrf_token
+
+          class URIError < RuntimeError; end
+
+          EXPIRATION_DELAY = 2 * 60 * 60
+
+          def auth_method
+            'POST'
+          end
+
+          def auth_path(_params = {})
+            '/access/ticket'
+          end
+
+          def auth_body(params = {})
+            raise URIError, 'URI params is required' if params.nil? || params.empty?
+
+            if params[:proxmox_username].nil? || params[:proxmox_username].empty?
+              raise URIError,
+                    'proxmox_username is required'
+            end
+            if params[:proxmox_password].nil? || params[:proxmox_password].empty?
+              raise URIError,
+                    'proxmox_password is required'
+            end
+
+            URI.encode_www_form(username: params[:proxmox_username], password: params[:proxmox_password])
+          end
+
+          def headers(method = 'GET', _params = {}, additional_headers = {})
+            headers_hash = {}
+            @data ||= {}
+            unless @data.empty?
+              headers_hash.store('Cookie', "PVEAuthCookie=#{@data['ticket']}")
+              if %w[PUT POST DELETE].include? method
+                headers_hash.store('CSRFPreventionToken', @data['CSRFPreventionToken'])
+              end
+            end
+            headers_hash.merge! additional_headers
+            headers_hash
+          end
+
+          def build_credentials(_proxmox_options, data)
+            @token = data['ticket']
+            @expires = Time.now.utc.to_i + EXPIRATION_DELAY
+            @userid = data['username']
+            @csrf_token = data['CSRFPreventionToken']
+          end
+
+          def missing_credentials(options)
+            missing_credentials = []
+            missing_credentials << :proxmox_username unless options[:proxmox_username]
+            missing_credentials << :proxmox_password unless options[:proxmox_password]
+            return if missing_credentials.empty?
+
+            raise ArgumentError,
+                  "Missing required arguments: #{missing_credentials.join(', ')}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/fog/proxmox/auth/token/user_token.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+# Copyright 2018 Tristan Robert
+
+# This file is part of Fog::Proxmox.
+
+# Fog::Proxmox is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# Fog::Proxmox is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with Fog::Proxmox. If not, see <http://www.gnu.org/licenses/>.
+
+require 'fog/json'
+require 'fog/proxmox/variables'
+require 'fog/proxmox/json'
+
+module Fog
+  module Proxmox
+    # Core module
+    module Auth
+      module Token
+        class UserToken
+          include Fog::Proxmox::Auth::Token
+
+          NAME = 'user_token'
+
+          attr_reader :token_id
+
+          class URIError < RuntimeError; end
+
+          def auth_method
+            'GET'
+          end
+
+          def auth_path(params = {})
+            raise URIError, 'URI params are required' if params.nil? || params.empty?
+
+            if params[:proxmox_userid].nil? || params[:proxmox_userid].empty?
+              raise URIError,
+                    'proxmox_userid is required'
+            end
+            if params[:proxmox_tokenid].nil? || params[:proxmox_tokenid].empty?
+              raise URIError,
+                    'proxmox_tokenid is required'
+            end
+
+            "/access/users/#{URI.encode_www_form_component(params[:proxmox_userid])}/token/#{params[:proxmox_tokenid]}"
+          end
+
+          def auth_body(_params = {})
+            ''
+          end
+
+          def no_token?(params)
+            (params.respond_to?(:proxmox_token) || params[:proxmox_token].nil? || params[:proxmox_token].empty?) && (@token.nil? || @token.empty?)
+          end
+
+          def set_credentials(params)
+            token = @token
+            token = params[:proxmox_token] if token.empty?
+            token_id = @token_id
+            token_id = params[:proxmox_tokenid] if token_id.empty?
+            userid = @userid
+            userid = params[:proxmox_userid] if userid.empty?
+            { userid: userid, token_id: token_id, token: token }
+          end
+
+          def headers(_method = 'GET', params = {}, additional_headers = {})
+            raise URIError, 'User token is required' if no_token?(params)
+
+            credentials = set_credentials(params)
+            headers_hash = {}
+            headers_hash.store('Authorization',
+                               "PVEAPIToken=#{credentials[:userid]}!#{credentials[:token_id]}=#{credentials[:token]}")
+            headers_hash.merge! additional_headers
+            headers_hash
+          end
+
+          def build_credentials(proxmox_options, data)
+            @expires = data['expire']
+            @token = proxmox_options[:proxmox_token]
+            @token_id = proxmox_options[:proxmox_tokenid]
+            @userid = proxmox_options[:proxmox_userid]
+          end
+
+          def missing_credentials(options)
+            missing_credentials = []
+            missing_credentials << :proxmox_userid unless options[:proxmox_userid]
+            missing_credentials << :proxmox_tokenid unless options[:proxmox_tokenid]
+            missing_credentials << :proxmox_token unless options[:proxmox_token]
+            return if missing_credentials.empty?
+
+            raise ArgumentError,
+                  "Missing required arguments: #{missing_credentials.join(', ')}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/fog/proxmox/auth/token.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+# Copyright 2018 Tristan Robert
+
+# This file is part of Fog::Proxmox.
+
+# Fog::Proxmox is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# Fog::Proxmox is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with Fog::Proxmox. If not, see <http://www.gnu.org/licenses/>.
+
+require 'fog/json'
+require 'fog/core'
+require 'fog/proxmox/variables'
+require 'fog/proxmox/json'
+
+module Fog
+  module Proxmox
+    # Core module
+    module Auth
+      module Token
+        autoload :AccessTicket, 'fog/proxmox/auth/token/access_ticket'
+        autoload :UserToken, 'fog/proxmox/auth/token/user_token'
+
+        attr_reader :userid, :token, :expires, :data
+
+        class ExpiryError < RuntimeError; end
+        class URLError < RuntimeError; end
+
+        def initialize(proxmox_options, options = {})
+          if proxmox_options[:proxmox_url].nil? || proxmox_options[:proxmox_url].empty?
+            raise URLError,
+                  'No proxmox_url provided'
+          end
+
+          @token ||= ''
+          @token_id ||= ''
+          @userid ||= ''
+          @data = authenticate(proxmox_options, options)
+          build_credentials(proxmox_options, data)
+        end
+
+        def self.build(proxmox_options, options)
+          unless proxmox_options.key? :proxmox_auth_method
+            raise ArgumentError,
+                  'Missing required proxmox_auth_method in options.'
+          end
+
+          auth_method = proxmox_options[:proxmox_auth_method]
+          if auth_method == Fog::Proxmox::Auth::Token::AccessTicket::NAME
+            Fog::Proxmox::Auth::Token::AccessTicket.new(proxmox_options, options)
+          elsif auth_method == Fog::Proxmox::Auth::Token::UserToken::NAME
+            Fog::Proxmox::Auth::Token::UserToken.new(proxmox_options, options)
+          else
+            raise ArgumentError,
+                  "Unkown authentication method: #{auth_method}. Only #{Fog::Proxmox::Auth::Token::AccessTicket::NAME} or #{Fog::Proxmox::Auth::Token::UserToken::NAME} are accepted."
+          end
+        end
+
+        def authenticate(proxmox_options, connection_options = {})
+          uri = URI.parse(proxmox_options[:proxmox_url])
+          request = {
+            expects: [200, 201],
+            headers: headers(auth_method, proxmox_options, { Accept: 'application/json' }),
+            body: auth_body(proxmox_options),
+            method: auth_method,
+            path: uri.path + auth_path(proxmox_options)
+          }
+          connection = Fog::Core::Connection.new(
+            uri.to_s,
+            false,
+            connection_options
+          )
+          response = connection.request(request)
+          Json.get_data(response)
+        end
+
+        def expired?
+          raise ExpiryError, 'Missing token expiration data' if @expires.nil? || @expires.empty?
+
+          Time.at(@expires) < Time.now.utc
+        end
+      end
+    end
+  end
+end

data/lib/fog/{compute/proxmox → proxmox/compute}/models/disk.rb

@@ -18,11 +18,13 @@
 # frozen_string_literal: true
 
 require 'fog/proxmox/helpers/disk_helper'
+require 'fog/proxmox/helpers/controller_helper'
 
 module Fog
   module Proxmox
     class Compute
-      # class Disk model
+      # class Disk model: https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}/{qemu|lxc}/{vmid}/config
+      # size is in Gb
       class Disk < Fog::Model
         identity  :id
         attribute :volid
@@ -56,11 +58,23 @@ module Fog
         end
 
         def mount_point?
-          id.match(/(mp)(\d+)/)
+          Fog::Proxmox::DiskHelper.mount_point?(id)
         end
 
         def controller?
-          id.match(/(scsi|ide|sata|virtio)(\d+)/)
+          Fog::Proxmox::DiskHelper.server_disk?(id)
+        end
+
+        def cloud_init?
+          id != 'ide2' && media == 'cdrom'
+        end
+
+        def hard_disk?
+          controller? && !cdrom? && !cloud_init?
+        end
+
+        def template?
+          Fog::Proxmox::DiskHelper.template?(volid)
         end
 
         def flatten
@@ -70,6 +84,10 @@ module Fog
         def to_s
           Fog::Proxmox::Hash.flatten(flatten)
         end
+
+        def has_volume?
+          !volid.empty?
+        end
       end
     end
   end

data/lib/fog/{compute/proxmox → proxmox/compute}/models/disks.rb

@@ -17,7 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with Fog::Proxmox. If not, see <http://www.gnu.org/licenses/>.
 
-require 'fog/compute/proxmox/models/disk'
+require 'fog/proxmox/compute/models/disk'
 
 module Fog
   module Proxmox
@@ -31,7 +31,7 @@ module Fog
         end
 
         def get(id)
-          all.find { |disk| disk.identity === id }
+          all.find { |disk| disk.identity == id }
         end
 
         def next_device(controller)
@@ -45,6 +45,10 @@ module Fog
         def rootfs
           find(&:rootfs?)
         end
+
+        def cloudinit
+          find(&:cloud_init?)
+        end
       end
     end
   end

data/lib/fog/{compute/proxmox → proxmox/compute}/models/interface.rb

@@ -17,7 +17,7 @@
 
 # frozen_string_literal: true
 
-require "fog/proxmox/helpers/nic_helper"
+require 'fog/proxmox/helpers/nic_helper'
 
 module Fog
   module Proxmox
@@ -26,6 +26,7 @@ module Fog
       class Interface < Fog::Model
         identity  :id
         attribute :macaddr
+        attribute :hwaddr
         attribute :model
         attribute :name
         attribute :ip
@@ -38,6 +39,9 @@ module Fog
         attribute :rate
         attribute :queues
         attribute :tag
+        attribute :mtu
+        attribute :trunks
+        attribute :type
 
         def flatten
           Fog::Proxmox::NicHelper.flatten(attributes)

data/lib/fog/{compute/proxmox → proxmox/compute}/models/interfaces.rb

@@ -17,7 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with Fog::Proxmox. If not, see <http://www.gnu.org/licenses/>.
 
-require 'fog/compute/proxmox/models/interface'
+require 'fog/proxmox/compute/models/interface'
 require 'fog/proxmox/helpers/controller_helper'
 
 module Fog
@@ -32,7 +32,7 @@ module Fog
         end
 
         def get(id)
-          all.find { |interface| interface.identity === id }
+          all.find { |interface| interface.identity == id }
         end
 
         def next_nicid