Comments (7)
Hi @BenediktBertsch,
I think "debug" mode is lowercasing this. I've double checked I'm using proper headers:
export HTTP_HEADERS="CF-Access-Client-Id,***,CF-Access-Client-Secret,***"
EDIT:
I think I found the culprit: https://pkg.go.dev/net/http#Header.Add:
The key is case insensitive; it is canonicalized by CanonicalHeaderKey.
from proxmox-api-go.
Hey @forthal,
I've created a test branch with the wanted funtionality. Sadly I can not test it myself, so could you try and test it?
https://github.com/BenediktBertsch/proxmox-api-go/tree/add-httpheaders
from proxmox-api-go.
There is an option to use a proxy server for requests, for example mitmproxy.
You can then add your headers to mitmproxy https://docs.mitmproxy.org/stable/addons-examples/
from proxmox-api-go.
Hi @BenediktBertsch,
Tried your changes - no success. Headers are present (I've checked promox-go-api
command with -debug
), but seems like Client/Session is not handling properly Cloudflare (used same token for Nomad and it works in same shell) - getting 401 Unauthorized:
./proxmox-api-go -debug start 100
2022/10/03 20:52:00 >>>>>>>>>> REQUEST:
GET /api2/json/cluster/resources?type=vm HTTP/1.1
Host: proxmox.***.com
User-Agent: Go-http-client/1.1
Accept: application/json
Cf-Access-Client-Id: ***
Cf-Access-Client-Secret: ***
Cookie: PVEAuthCookie=PVE:***@***:***::***
Csrfpreventiontoken: ***:***
Accept-Encoding: gzip
2022/10/03 20:52:03 <<<<<<<<<< RESULT:
HTTP/2.0 401 Unauthorized
Connection: close
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=0
Cf-Cache-Status: DYNAMIC
Cf-Ray: ***
Date: Mon, 03 Oct 2022 18:52:04 GMT
Expires: Mon, 03 Oct 2022 18:52:01 GMT
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma: no-cache
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=***"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Set-Cookie: CF_Authorization=***; Expires=Tue, 04 Oct 2022 18:52:01 GMT; Path=/; Secure; SameSite=none
Maybe it's related to some redirections that occurs on Cloudflare side? Strange that using Nomad provider it's working like a charm. Using same Service Token I'm able to hit to the login page:
curl --request GET \
--url https://proxmox.***.com/ \
--header 'CF-Access-Client-Id: ***' \
--header 'CF-Access-Client-Secret: ***'
response:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
<title>*** - Proxmox Virtual Environment</title>
<link rel="icon" sizes="128x128" href="/pve2/images/logo-128.png" />
<link rel="apple-touch-icon" sizes="128x128" href="/pve2/images/logo-128.png" />
<link rel="stylesheet" type="text/css" href="/pve2/ext6/theme-crisp/resources/theme-crisp-all.css?ver=7.0.0" />
<link rel="stylesheet" type="text/css" href="/pve2/ext6/crisp/resources/charts-all.css?ver=7.0.0" />
<link rel="stylesheet" type="text/css" href="/pve2/fa/css/font-awesome.css" />
<link rel="stylesheet" type="text/css" href="/pve2/css/ext6-pve.css?ver=7.2-7" />
<link rel="stylesheet" type="text/css" href="/pwt/css/ext6-pmx.css?ver=3.5.1" />
<script type='text/javascript'>function gettext(buf) { return buf; }</script>
<script type="text/javascript" src="/pve2/ext6/ext-all.js?ver=7.0.0"></script>
<script type="text/javascript" src="/pve2/ext6/charts.js?ver=7.0.0"></script>
<script type="text/javascript" src="/pve2/js/u2f-api.js"></script>
<script type="text/javascript" src="/qrcode.min.js"></script>
<script type="text/javascript">
Proxmox = {
Setup: { auth_cookie_name: 'PVEAuthCookie' },
defaultLang: 'en',
NodeName: '***',
UserName: '',
CSRFPreventionToken: 'null'
};
</script>
<script type="text/javascript" src="/proxmoxlib.js?ver=3.5.1"></script>
<script type="text/javascript" src="/pve2/js/pvemanagerlib.js?ver=7.2-7"></script>
<script type="text/javascript" src="/pve2/ext6/locale/locale-en.js?ver=7.0.0"></script>
<script type="text/javascript">
if (typeof(PVE) === 'undefined') PVE = {};
Ext.History.fieldid = 'x-history-field';
Ext.onReady(function() { Ext.create('PVE.StdWorkspace');});
</script>
</head>
<body>
<!-- Fields required for history management -->
<form id="history-form" class="x-hidden">
<input type="hidden" id="x-history-field"/>
</form>
</body>
</html>
EDIT: ok, it's related to Cloudflare - I'll try to tinker the setup.
Using:
curl --request POST \
--url https://proxmox.***.com/api2/json/access/ticket \
--header 'CF-Access-Client-Id: ***' \
--header 'CF-Access-Client-Secret: ***' \
-d 'username=***@pam' \
--data-urlencode 'password=***'
response:
{
"data": {
"ticket": "PVE:***@pam:***::***",
"CSRFPreventionToken": "***:***",
"cap": {
"storage": {
"Datastore.Allocate": 1,
"Datastore.AllocateSpace": 1,
"Datastore.Audit": 1,
"Datastore.AllocateTemplate": 1,
"Permissions.Modify": 1
},
"vms": {
"Permissions.Modify": 1,
"VM.Config.Memory": 1,
"VM.Snapshot": 1,
"VM.Config.CDROM": 1,
"VM.Audit": 1,
"VM.Snapshot.Rollback": 1,
"VM.Config.Network": 1,
"VM.Config.HWType": 1,
"VM.Config.Options": 1,
"VM.Config.CPU": 1,
"VM.Clone": 1,
"VM.Backup": 1,
"VM.Allocate": 1,
"VM.Config.Cloudinit": 1,
"VM.Console": 1,
"VM.PowerMgmt": 1,
"VM.Config.Disk": 1,
"VM.Migrate": 1,
"VM.Monitor": 1
},
"sdn": {
"SDN.Allocate": 1,
"Permissions.Modify": 1,
"SDN.Audit": 1
},
"access": {
"User.Modify": 1,
"Group.Allocate": 1,
"Permissions.Modify": 1
},
"nodes": {
"Sys.Audit": 1,
"Sys.Modify": 1,
"Sys.Console": 1,
"Sys.Syslog": 1,
"Sys.PowerMgmt": 1,
"Permissions.Modify": 1
},
"dc": {
"SDN.Audit": 1,
"SDN.Allocate": 1,
"Sys.Audit": 1
}
},
"username": "***@pam"
}
}
Hi @mleone87,
mitmproxy adds much more complexity - you need to deploy it somewhere (you have no access to Terraform Cloud runner, you could use some "hax" with local provisioners, etc., but to be honest - adding and handling headers is much more simpler) .
from proxmox-api-go.
Hey @forthal,
just read your good debug, whats about this:
Cf-Access-Client-Id: ***
Cf-Access-Client-Secret: ***
Is it just a debugging thing that the f in CF is lowercase? I think its important to be uppercase.
from proxmox-api-go.
Hey @forthal,
pushed a fix for the case-sensitivity for headers. Pls check it out and test it once again.
from proxmox-api-go.
Hi @BenediktBertsch,
I've applied same fix locally, but having:
2022/10/03 23:18:15 invalid character '<' looking for beginning of value
after building and running.
Setting up a debugger would help a lot :D
EDIT: I think I've solved it. Check out PR created to your fork.
from proxmox-api-go.
Related Issues (20)
- mapToStruct not setting "machine" from api HOT 1
- Refactor: mapping disks to API
- Feature: Disk size in Kibibyte
- Bug: error 400 when setting pool on a Qemu Guest
- Feature: Dynamic permission checking.
- Feature: Cache proxmox version in `Client`
- Remove: old disk code.
- Feature: Optional HA settings
- Overhaul: QemuCpu HOT 1
- Feature: Optional Protection property for Qemu VMs
- BUG: Unable to disable `qemu-guest-agent`.
- Crash: interface conversion: interface {} is string, not float64
- Re-implement: agent interface information
- Unable to Delete guest with `protection` set to `true` HOT 1
- Overhaul: Guest tags
- Bug: Duplicate mac address on two interfaces
- Overhaul: LXC
- bug: tags can't have `-` HOT 1
- Overhaul: Qemu Network interfaces. HOT 2
- Bug: setting `CloudInit.UpgradePackages` gives error on older PVE
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from proxmox-api-go.