mirror of
https://github.com/bpg/terraform-provider-proxmox.git
synced 2025-07-01 19:12:59 +00:00
eb2f36be21
* feat(provider): add support for pre(external) auth'd session tokens adds provider config inputs: - env vars: PROXMOX_VE_AUTH_PAYLOAD; PROXMOX_VE_AUTH_TICKET with PROXMOX_VE_CSRF_PREVENTION_TOKEN - provider-config: auth_payload; auth_ticket with csrf_prevention_token Signed-off-by: vanillaSprinkles <vanillaSprinkles@users.noreply.github.com> * add //nolint to "todo" comments/questions and lll for build to pass; add flags to terraform-plugin-docs Signed-off-by: vanillaSprinkles <vanillaSprinkles@users.noreply.github.com> * address first iteration of comments: remove auth-payload, improve index.md Signed-off-by: vanillaSprinkles <vanillaSprinkles@users.noreply.github.com> * refactor credentials using struct composition, other minor cleanups Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> * fix linter error Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> * fix make docs, add terraform to handle fmt Signed-off-by: vanillaSprinkles <vanillaSprinkles@users.noreply.github.com> --------- Signed-off-by: vanillaSprinkles <vanillaSprinkles@users.noreply.github.com> Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
66 lines
1.6 KiB
Go
66 lines
1.6 KiB
Go
/*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*/
|
|
|
|
package api
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
type ticketAuthenticator struct {
|
|
authData *AuthenticationResponseData
|
|
}
|
|
|
|
// NewTicketAuthenticator returns a new ticket authenticator.
|
|
func NewTicketAuthenticator(creds TicketCredentials) (Authenticator, error) {
|
|
ard := &AuthenticationResponseData{}
|
|
ard.Ticket = &(creds.AuthTicket)
|
|
ard.CSRFPreventionToken = &(creds.CSRFPreventionToken)
|
|
|
|
authTicketSplits := strings.Split(creds.AuthTicket, ":")
|
|
|
|
if len(authTicketSplits) > 3 {
|
|
ard.Username = strings.Split(creds.AuthTicket, ":")[1]
|
|
} else {
|
|
return nil, errors.New("AuthTicket must include a valid username")
|
|
}
|
|
|
|
if !strings.Contains(ard.Username, "@") {
|
|
return nil, errors.New("username must end with '@pve' or '@pam'")
|
|
}
|
|
|
|
return &ticketAuthenticator{
|
|
authData: ard,
|
|
}, nil
|
|
}
|
|
|
|
func (t *ticketAuthenticator) IsRoot() bool {
|
|
return t.authData != nil && t.authData.Username == rootUsername
|
|
}
|
|
|
|
func (t *ticketAuthenticator) IsRootTicket() bool {
|
|
return t.IsRoot()
|
|
}
|
|
|
|
// AuthenticateRequest adds authentication data to a new request.
|
|
func (t *ticketAuthenticator) AuthenticateRequest(_ context.Context, req *http.Request) error {
|
|
req.AddCookie(&http.Cookie{
|
|
HttpOnly: true,
|
|
Name: "PVEAuthCookie",
|
|
Secure: true,
|
|
Value: *t.authData.Ticket,
|
|
})
|
|
|
|
if req.Method != http.MethodGet {
|
|
req.Header.Add("CSRFPreventionToken", *t.authData.CSRFPreventionToken)
|
|
}
|
|
|
|
return nil
|
|
}
|