From: Leo Nunner <l.nunner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH firewall 1/4] api: factor out renaming parameters to more descriptive names
Date: Thu, 26 Jan 2023 15:30:16 +0100 [thread overview]
Message-ID: <20230126143020.150338-2-l.nunner@proxmox.com> (raw)
In-Reply-To: <20230126143020.150338-1-l.nunner@proxmox.com>
Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
---
src/PVE/API2/Firewall/Aliases.pm | 20 ++++++------
src/PVE/API2/Firewall/Groups.pm | 53 ++++++++++++++++----------------
src/PVE/API2/Firewall/IPSet.pm | 39 ++++++++++++-----------
3 files changed, 56 insertions(+), 56 deletions(-)
diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm
index 33ac669..88f20a0 100644
--- a/src/PVE/API2/Firewall/Aliases.pm
+++ b/src/PVE/API2/Firewall/Aliases.pm
@@ -234,24 +234,22 @@ sub register_update_alias {
PVE::Tools::assert_if_modified($digest, $param->{digest});
- my $name = lc($param->{name});
+ my $rename_to = lc($param->{rename}) if defined($param->{rename});
+ my $rename_from = lc($param->{name});
- raise_param_exc({ name => "no such alias" }) if !$aliases->{$name};
+ raise_param_exc({ name => "no such alias" }) if !$aliases->{$rename_from};
my $data = { name => $param->{name}, cidr => $param->{cidr} };
$data->{comment} = $param->{comment} if $param->{comment};
- $aliases->{$name} = $data;
-
- my $rename = $param->{rename};
- $rename = lc($rename) if $rename;
+ $aliases->{$rename_from} = $data;
- if ($rename && ($name ne $rename)) {
+ if ($rename_to && ($rename_from ne $rename_to)) {
raise_param_exc({ name => "alias '$param->{rename}' already exists" })
- if defined($aliases->{$rename});
- $aliases->{$name}->{name} = $param->{rename};
- $aliases->{$rename} = $aliases->{$name};
- delete $aliases->{$name};
+ if defined($aliases->{$rename_to});
+ $aliases->{$rename_from}->{name} = $param->{rename};
+ $aliases->{$rename_to} = $aliases->{$rename_from};
+ delete $aliases->{$rename_from};
}
$class->save_aliases($param, $fw_conf, $aliases);
diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index ffdc45c..a0695ce 100644
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -100,37 +100,37 @@ __PACKAGE__->register_method({
code => sub {
my ($param) = @_;
- my $group = $param->{group};
- my $rename = $param->{rename};
+ my $rename_to = $param->{group};
+ my $rename_from = $param->{rename};
my $comment = $param->{comment};
PVE::Firewall::lock_clusterfw_conf(10, sub {
my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
- if ($rename) {
+ if ($rename_from) {
my (undef, $digest) = &$get_security_group_list($cluster_conf);
PVE::Tools::assert_if_modified($digest, $param->{digest});
- raise_param_exc({ group => "Security group '$rename' does not exist" })
- if !$cluster_conf->{groups}->{$rename};
+ raise_param_exc({ group => "Security group '$rename_from' does not exist" })
+ if !$cluster_conf->{groups}->{$rename_from};
# prevent overwriting an existing group
- raise_param_exc({ group => "Security group '$group' does already exist" })
- if $cluster_conf->{groups}->{$group} &&
- $group ne $rename;
+ raise_param_exc({ group => "Security group '$rename_to' does already exist" })
+ if $cluster_conf->{groups}->{$rename_to} &&
+ $rename_to ne $rename_from;
- if ($rename eq $group) {
- $cluster_conf->{group_comments}->{$rename} = $comment if defined($comment);
+ if ($rename_from eq $rename_to) {
+ $cluster_conf->{group_comments}->{$rename_from} = $comment if defined($comment);
PVE::Firewall::save_clusterfw_conf($cluster_conf);
return;
}
# Create an exact copy of the old security group
- $cluster_conf->{groups}->{$group} = $cluster_conf->{groups}->{$rename};
- $cluster_conf->{group_comments}->{$group} = $cluster_conf->{group_comments}->{$rename};
+ $cluster_conf->{groups}->{$rename_to} = $cluster_conf->{groups}->{$rename_from};
+ $cluster_conf->{group_comments}->{$rename_to} = $cluster_conf->{group_comments}->{$rename_from};
# Update comment if provided
- $cluster_conf->{group_comments}->{$group} = $comment if defined($comment);
+ $cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment);
# Write the copy to the cluster config, so that if something fails inbetween, the new firewall
# rules won't be broken when the new name is referenced
@@ -144,8 +144,8 @@ __PACKAGE__->register_method({
my $host_conf = PVE::Firewall::load_hostfw_conf($cluster_conf, $host_conf_path);
if (defined($host_conf)) {
- &$rename_fw_rules($rename,
- $group,
+ &$rename_fw_rules($rename_from,
+ $rename_to,
$host_conf->{rules});
PVE::Firewall::save_hostfw_conf($host_conf, $host_conf_path);
}
@@ -160,8 +160,8 @@ __PACKAGE__->register_method({
my $vm_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $vm_type, $vm, "/etc/pve/firewall");
if (defined($vm_conf)) {
- &$rename_fw_rules($rename,
- $group,
+ &$rename_fw_rules($rename_from,
+ $rename_to,
$vm_conf->{rules});
PVE::Firewall::save_vmfw_conf($vm, $vm_conf);
}
@@ -169,21 +169,20 @@ __PACKAGE__->register_method({
}
# And also update the cluster itself
- &$rename_fw_rules($rename,
- $group,
+ &$rename_fw_rules($rename_from,
+ $rename_to,
$cluster_conf->{rules});
# Now that everything has been updated, the old rule can be deleted
- delete $cluster_conf->{groups}->{$rename};
- delete $cluster_conf->{group_comments}->{$rename};
+ delete $cluster_conf->{groups}->{$rename_from};
+ delete $cluster_conf->{group_comments}->{$rename_from};
} else {
- foreach my $name (keys %{$cluster_conf->{groups}}) {
- raise_param_exc({ group => "Security group '$name' already exists" })
- if $name eq $group;
- }
+ # In this context, $rename_to is the name for the new group
+ raise_param_exc({ group => "Security group '$rename_to' already exists" })
+ if $cluster_conf->{groups}->{$rename_to};
- $cluster_conf->{groups}->{$group} = [];
- $cluster_conf->{group_comments}->{$group} = $comment if defined($comment);
+ $cluster_conf->{groups}->{$rename_to} = [];
+ $cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment);
}
PVE::Firewall::save_clusterfw_conf($cluster_conf);
diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index 14bcfcb..0e6b1d6 100644
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -647,32 +647,35 @@ sub register_create {
my ($cluster_conf, $fw_conf) = $class->load_config($param);
- if ($param->{rename}) {
+ my $rename_to = $param->{name};
+ my $rename_from = $param->{rename};
+ my $comment = $param->{comment};
+
+ if ($rename_from) {
my (undef, $digest) = &$get_ipset_list($fw_conf);
PVE::Tools::assert_if_modified($digest, $param->{digest});
- raise_param_exc({ name => "IPSet '$param->{rename}' does not exist" })
- if !$fw_conf->{ipset}->{$param->{rename}};
+ raise_param_exc({ name => "IPSet '$rename_from' does not exist" })
+ if !$fw_conf->{ipset}->{$rename_from};
# prevent overwriting existing ipset
- raise_param_exc({ name => "IPSet '$param->{name}' does already exist"})
- if $fw_conf->{ipset}->{$param->{name}} &&
- $param->{name} ne $param->{rename};
-
- my $data = delete $fw_conf->{ipset}->{$param->{rename}};
- $fw_conf->{ipset}->{$param->{name}} = $data;
- if (my $comment = delete $fw_conf->{ipset_comments}->{$param->{rename}}) {
- $fw_conf->{ipset_comments}->{$param->{name}} = $comment;
+ raise_param_exc({ name => "IPSet '$rename_to' does already exist"})
+ if $fw_conf->{ipset}->{$rename_to} &&
+ $rename_to ne $rename_from;
+
+ my $data = delete $fw_conf->{ipset}->{$rename_from};
+ $fw_conf->{ipset}->{$rename_to} = $data;
+ if (my $comment = delete $fw_conf->{ipset_comments}->{$rename_from}) {
+ $fw_conf->{ipset_comments}->{$rename_to} = $comment;
}
- $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment});
} else {
- foreach my $name (keys %{$fw_conf->{ipset}}) {
- raise_param_exc({ name => "IPSet '$name' already exists" })
- if $name eq $param->{name};
- }
+ # In this context, $rename_to is the name for the new IPSet
+ raise_param_exc({ name => "IPSet '$rename_to' already exists" })
+ if $fw_conf->{ipset}->{$rename_to};
- $fw_conf->{ipset}->{$param->{name}} = [];
- $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ $fw_conf->{ipset}->{$rename_to} = [];
+ $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment});
}
$class->save_config($param, $fw_conf);
--
2.30.2
next prev parent reply other threads:[~2023-01-26 14:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-26 14:30 [pve-devel] [PATCH firewall manager] Make firewall config case-insensitive Leo Nunner
2023-01-26 14:30 ` Leo Nunner [this message]
2023-01-27 10:43 ` [pve-devel] [PATCH firewall 1/4] api: factor out renaming parameters to more descriptive names Wolfgang Bumiller
2023-01-26 14:30 ` [pve-devel] [PATCH firewall 2/4] docs: clarify usage of 'rename' parameters Leo Nunner
2023-01-28 10:39 ` Thomas Lamprecht
2023-01-26 14:30 ` [pve-devel] [PATCH firewall 3/4] config: make groups, IPSets and aliases case-insensitive Leo Nunner
2023-01-26 14:30 ` [pve-devel] [PATCH firewall 4/4] config: combine group/ipset and their comments Leo Nunner
2023-01-27 11:41 ` Wolfgang Bumiller
2023-01-30 9:01 ` Leo Nunner
2023-01-26 14:30 ` [pve-devel] [PATCH manager] ui: the API doesn't pass 'name' for aliases anymore Leo Nunner
2023-01-28 10:43 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230126143020.150338-2-l.nunner@proxmox.com \
--to=l.nunner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.