From 1793dd629f8101016ca5c2ee02d657a29f13bf16 Mon Sep 17 00:00:00 2001 From: yusing Date: Sat, 24 Jan 2026 21:25:52 +0800 Subject: [PATCH] Requires authenticated Proxmox session with username/password configured. refactor(proxmox): support for PAM authentication - Added support for username and password authentication alongside existing token-based authentication. - Updated validation rules to require either token or username/password for authentication. - Modified the Init function to handle session creation based on the selected authentication method. - Increased timeout duration for context in the Init function. --- internal/proxmox/config.go | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/internal/proxmox/config.go b/internal/proxmox/config.go index 4972b5ac..6743f415 100644 --- a/internal/proxmox/config.go +++ b/internal/proxmox/config.go @@ -17,8 +17,12 @@ import ( type Config struct { URL string `json:"url" validate:"required,url"` - TokenID string `json:"token_id" validate:"required"` - Secret strutils.Redacted `json:"secret" validate:"required"` + Username string `json:"username" validate:"required_without=TokenID Secret"` + Password strutils.Redacted `json:"password" validate:"required_without=TokenID Secret"` + Realm string `json:"realm" validate:"required_without=TokenID Secret"` + + TokenID string `json:"token_id" validate:"required_without=Username Password"` + Secret strutils.Redacted `json:"secret" validate:"required_without=Username Password"` NoTLSVerify bool `json:"no_tls_verify" yaml:"no_tls_verify,omitempty"` @@ -49,16 +53,33 @@ func (c *Config) Init(ctx context.Context) gperr.Error { } opts := []proxmox.Option{ - proxmox.WithAPIToken(c.TokenID, c.Secret.String()), proxmox.WithHTTPClient(&http.Client{ Transport: tr, }), } + useCredentials := false + if c.Username != "" && c.Password != "" { + opts = append(opts, proxmox.WithCredentials(&proxmox.Credentials{ + Username: c.Username, + Password: c.Password.String(), + Realm: c.Realm, + })) + useCredentials = true + } else { + opts = append(opts, proxmox.WithAPIToken(c.TokenID, c.Secret.String())) + } c.client = NewClient(c.URL, opts...) - ctx, cancel := context.WithTimeout(ctx, 3*time.Second) + ctx, cancel := context.WithTimeout(ctx, 5*time.Second) defer cancel() + if useCredentials { + err := c.client.CreateSession(ctx) + if err != nil { + return gperr.New("failed to create session").With(err) + } + } + if err := c.client.UpdateClusterInfo(ctx); err != nil { if errors.Is(err, context.DeadlineExceeded) { return gperr.New("timeout fetching proxmox cluster info")