Class: Knife::Proxmox::Client

Inherits:

Object

Object
Knife::Proxmox::Client

show all

Defined in:: lib/knife-proxmox-ve/client.rb

Overview

Thin net/http wrapper over the Proxmox VE REST API. Pure transport: it knows nothing about VMs, tasks or knife. It signs every request with a PVEAPIToken, unwraps the Proxmox “data” envelope, maps non-2xx responses onto the error tree and scrubs secrets out of anything that reaches an exception.

Constant Summary collapse

BASE_PATH =

"/api2/json"

TRANSPORT_ERRORS = Transport-level exceptions that mean “we never got a valid HTTP reply”.

[
  SocketError,
  OpenSSL::SSL::SSLError,
  Errno::ECONNREFUSED,
  Net::OpenTimeout,
  Net::ReadTimeout,
].freeze

SECRET_KEYS = Response keys whose VALUES carry secrets and must be redacted before any body or task log is surfaced in an exception. Proxmox echoes submitted params in error bodies and task logs. (The token secret is redacted separately, by literal-value substitution in #scrub, since it never appears under a key name in a body.)

%w{cipassword password sshkeys}.freeze

FILTERED =

"[FILTERED]"

Class Method Summary collapse

.encode_segment(value) ⇒ Object

URL-encode a single path segment so reserved characters survive intact when the caller assembles a path (“:” -> %3A, “/” -> %2F).

Instance Method Summary collapse

#get(path, query = {}) ⇒ Object

GET path with non-secret query params appended to the URL query string.
#initialize(host:, token_id:, token_secret:, port: 8006, verify_ssl: true) ⇒ Client constructor

A new instance of Client.
#post(path, body = {}) ⇒ Object

POST path with a form-encoded body (application/x-www-form-urlencoded).
#scrub_text(str) ⇒ Object

Redact secret-bearing values from arbitrary text (e.g. a Proxmox task log, which is returned with HTTP 200 and so does not pass through the error-body scrub path).

Constructor Details

#initialize(host:, token_id:, token_secret:, port: 8006, verify_ssl: true) ⇒ `Client`

Returns a new instance of Client.

# File 'lib/knife-proxmox-ve/client.rb', line 45

def initialize(host:, token_id:, token_secret:, port: 8006, verify_ssl: true)
  @host = host
  @port = port
  @token_id = token_id
  @token_secret = token_secret
  @verify_ssl = verify_ssl
end

Class Method Details

.encode_segment(value) ⇒ `Object`

URL-encode a single path segment so reserved characters survive intact when the caller assembles a path (“:” -> %3A, “/” -> %2F). Proxmox VMIDs, UPIDs and node names land in path segments, and UPIDs contain colons.



41
42
43

# File 'lib/knife-proxmox-ve/client.rb', line 41

def self.encode_segment(value)
  ERB::Util.url_encode(value.to_s)
end

Instance Method Details

#get(path, query = {}) ⇒ `Object`

GET path with non-secret query params appended to the URL query string.

# File 'lib/knife-proxmox-ve/client.rb', line 54

def get(path, query = {})
  uri = build_uri(path)
  uri.query = URI.encode_www_form(query) unless query.empty?
  request(Net::HTTP::Get.new(uri))
end

#post(path, body = {}) ⇒ `Object`

POST path with a form-encoded body (application/x-www-form-urlencoded).



61
62
63

# File 'lib/knife-proxmox-ve/client.rb', line 61

def post(path, body = {})
  send_with_body(Net::HTTP::Post, path, body)
end

#scrub_text(str) ⇒ `Object`

Redact secret-bearing values from arbitrary text (e.g. a Proxmox task log, which is returned with HTTP 200 and so does not pass through the error-body scrub path).



67
68
69

# File 'lib/knife-proxmox-ve/client.rb', line 67

def scrub_text(str)
  scrub(str)
end