tftsr-devops_investigation/TICKET-proxmox-reconnect.md

fix(proxmox): Reliable connect/reconnect after app restart

Description

Adding a new Proxmox host reported "connected" immediately, but after closing the app or clicking Disconnect the host could not be reconnected.

Three compounding bugs caused this:

1. authenticate() could never succeed on reconnect — ProxmoxClient::authenticate() called response.json::<AuthResponse>() but the Proxmox API wraps every response in {"data": {...}}. The deserialiser always failed with "missing field ticket", so get_proxmox_client_for_cluster (and the new connect_proxmox_cluster) threw an error on every app-restart reconnect.

2. False "connected" indicator on add — add_proxmox_cluster inserted an unauthenticated client (no ticket) into the in-memory pool. list_proxmox_clusters reported connected: true just because the HashMap key existed, even though any API call would have failed.

3. Double-unwrap of data in 10 commands — handle_response already strips the {"data": ...} envelope before returning to callers, but list_acls, list_users, get_cluster_notes, search_proxmox_resources, get_node_status, get_syslog, list_network_interfaces, get_subscription_status, list_cluster_tasks, and list_proxmox_containers all called .get("data") on the already-unwrapped value, causing them to always return "Invalid response format".

4. VM list always empty — list_vms in vm.rs used POST on cluster/resources (a GET-only endpoint). The Proxmox API ignores the POST body and the function also had the same double-unwrap bug, meaning the resource list always came back empty. Additionally, VMs with no cpu field (e.g. stopped VMs) were silently dropped by filter_map using ? — fixed to unwrap_or(0.0).

5. Double-unwrap in all other proxmox modules — the same .get("data") double-unwrap was present across 18 module files (ceph, ceph_cluster, certificates, acme, firewall, sdn, ha, apt, updates, updates_ext, tasks, migration, metrics, shell, auth_realm, views, backup, vm). All 19 affected functions fixed in a single follow-up commit.

Additional gaps addressed:

• CSRFPreventionToken was never sent on POST/PUT/DELETE, so all mutating operations (VM start/stop, firewall rules, etc.) would fail with "CSRF check failed".
• Disconnect was UI-only with no backend call — the session stayed in the pool.
• reqwest::Client rejected self-signed Proxmox certificates.
• No connect_proxmox_cluster / disconnect_proxmox_cluster backend commands existed; the Connect/Disconnect buttons in the Remotes page were wired to a non-existent ping_proxmox_cluster or nothing at all.

Acceptance Criteria

• Adding a new Proxmox host authenticates immediately; the UI shows "connected" only when a real ticket has been obtained.
• Closing the app and re-opening it allows reconnecting via the Connect button without requiring the host to be removed and re-added.
• Clicking Disconnect removes the session from the backend pool; subsequent API calls fail with "Cluster not found" until Connect is clicked.
• All existing Rust tests (426) and frontend tests (386) continue to pass.
• cargo clippy -- -D warnings and npx eslint . --max-warnings 0 report zero issues.

Work Implemented

File	Change
src-tauri/src/proxmox/client.rs	Added ProxmoxEnvelope<T> wrapper; fixed authenticate() to use &mut self, parse the envelope, and store both ticket and CSRF token; added set_csrf_token(); build_headers() now takes include_csrf flag; POST/PUT/DELETE pass true; danger_accept_invalid_certs(true) on the reqwest client
src-tauri/src/commands/proxmox.rs	add_proxmox_cluster authenticates before inserting into pool; fixed double-unwrap in 10 commands; added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri commands
src-tauri/src/lib.rs	Registered connect_proxmox_cluster and disconnect_proxmox_cluster
src-tauri/src/cli/mod.rs	let mut client — authenticate is now &mut self
src/lib/proxmoxClient.ts	Added connectProxmoxCluster and disconnectProxmoxCluster wrappers
src/pages/Proxmox/RemotesPage.tsx	Added handleConnectRemote / handleDisconnectRemote handlers calling real backend commands; wired them to RemotesList onConnect / onDisconnect props
src-tauri/src/proxmox/vm.rs	list_vms: changed from client.post("cluster/resources", body) to client.get("cluster/resources?type=vm"); removed double-unwrap; cpu uses unwrap_or(0.0). get_vm: removed double-unwrap. list_snapshots: removed double-unwrap.
src-tauri/src/proxmox/{acme,apt,auth_realm,backup,ceph,ceph_cluster,certificates,firewall,ha,metrics,migration,sdn,shell,tasks,updates,updates_ext,views}.rs	Removed .get("data") double-unwrap from all 19 functions across 17 files.

New tests added:

• client.rs — envelope deserialization, no-CSRF path, build_headers GET omits / POST includes CSRF token, set_ticket/set_csrf_token
• commands/proxmox.rs — already-unwrapped array/object/notes response handling, connect_proxmox_cluster not-found error message

Testing Needed

• Add a new Proxmox host with correct credentials → verify "connected" status
• Add a host with wrong password → verify immediate auth error, host not saved
• Restart the app → verify all previously-connected hosts show "disconnected"
• Click Connect on a disconnected host → verify it re-authenticates and shows "connected"
• Click Disconnect → verify status changes to "disconnected" and subsequent API calls fail
• Verify a VM start/stop operation succeeds (exercises CSRF token flow)
• Verify get_node_status, list_acls, get_syslog return real data (exercises double-unwrap fix)
• Verify a Proxmox host with a self-signed certificate connects successfully