From: Lukas Wagner <l.wagner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v2 proxmox 15/42] notify: api: add API for filters
Date: Wed, 24 May 2023 15:56:22 +0200 [thread overview]
Message-ID: <20230524135649.934881-16-l.wagner@proxmox.com> (raw)
In-Reply-To: <20230524135649.934881-1-l.wagner@proxmox.com>
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
proxmox-notify/src/api/filter.rs | 366 +++++++++++++++++++++++++++++
proxmox-notify/src/api/gotify.rs | 7 +
proxmox-notify/src/api/mod.rs | 1 +
proxmox-notify/src/api/sendmail.rs | 5 +
4 files changed, 379 insertions(+)
create mode 100644 proxmox-notify/src/api/filter.rs
diff --git a/proxmox-notify/src/api/filter.rs b/proxmox-notify/src/api/filter.rs
new file mode 100644
index 00000000..3d80778f
--- /dev/null
+++ b/proxmox-notify/src/api/filter.rs
@@ -0,0 +1,366 @@
+use crate::api::ApiError;
+use crate::filter::{DeleteableFilterProperty, FilterConfig, FilterConfigUpdater, FILTER_TYPENAME};
+use crate::Config;
+use std::collections::HashSet;
+
+/// Get a list of all filters
+///
+/// The caller is responsible for any needed permission checks.
+/// Returns a list of all filters or an `ApiError` if the config is erroneous.
+pub fn get_filters(config: &Config) -> Result<Vec<FilterConfig>, ApiError> {
+ config
+ .config
+ .convert_to_typed_array(FILTER_TYPENAME)
+ .map_err(|e| ApiError::internal_server_error("Could not fetch filters", Some(e.into())))
+}
+
+/// Get filter with given `name`
+///
+/// The caller is responsible for any needed permission checks.
+/// Returns the endpoint or an `ApiError` if the filter was not found.
+pub fn get_filter(config: &Config, name: &str) -> Result<FilterConfig, ApiError> {
+ config
+ .config
+ .lookup(FILTER_TYPENAME, name)
+ .map_err(|_| ApiError::not_found(format!("filter '{name}' not found"), None))
+}
+
+/// Add new notification filter.
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if a filter with the same name already exists,
+/// if the filter could not be saved, or if the included sub-filter leads to
+/// a filter recursion.
+pub fn add_filter(config: &mut Config, filter_config: &FilterConfig) -> Result<(), ApiError> {
+ if get_filter(config, &filter_config.name).is_ok() {
+ return Err(ApiError::bad_request(
+ format!("filter '{}' already exists", filter_config.name),
+ None,
+ ));
+ }
+
+ if let Some(sub_filters) = filter_config.sub_filter.as_ref() {
+ let sub_filters = sub_filters
+ .iter()
+ .map(|s| s.as_str())
+ .collect::<Vec<&str>>();
+ check_for_filter_recursion(config, &filter_config.name, &sub_filters)?;
+ }
+
+ config
+ .config
+ .set_data(&filter_config.name, FILTER_TYPENAME, filter_config)
+ .map_err(|e| {
+ ApiError::internal_server_error(
+ format!("could not save filter '{}'", filter_config.name),
+ Some(e.into()),
+ )
+ })?;
+
+ Ok(())
+}
+
+/// Update existing filter
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if the config could not be saved, or if one of
+/// the sub-filters leads to a recursive filter definition.
+pub fn update_filter(
+ config: &mut Config,
+ name: &str,
+ filter_updater: &FilterConfigUpdater,
+ delete: Option<&[DeleteableFilterProperty]>,
+ digest: Option<&[u8]>,
+) -> Result<(), ApiError> {
+ super::verify_digest(config, digest)?;
+
+ let mut filter = get_filter(config, name)?;
+
+ if let Some(delete) = delete {
+ for deleteable_property in delete {
+ match deleteable_property {
+ DeleteableFilterProperty::MinSeverity => filter.min_severity = None,
+ DeleteableFilterProperty::SubFilter => filter.sub_filter = None,
+ DeleteableFilterProperty::Mode => filter.mode = None,
+ DeleteableFilterProperty::MatchProperty => filter.match_property = None,
+ DeleteableFilterProperty::InvertMatch => filter.invert_match = None,
+ DeleteableFilterProperty::Comment => filter.comment = None,
+ }
+ }
+ }
+
+ if let Some(min_severity) = filter_updater.min_severity {
+ filter.min_severity = Some(min_severity);
+ }
+
+ if let Some(sub_filter) = &filter_updater.sub_filter {
+ let sub_filters = sub_filter.iter().map(|s| s.as_str()).collect::<Vec<&str>>();
+ check_for_filter_recursion(config, name, &sub_filters)?;
+ filter.sub_filter = Some(sub_filter.iter().map(String::from).collect());
+ }
+
+ if let Some(mode) = filter_updater.mode {
+ filter.mode = Some(mode);
+ }
+
+ if let Some(match_property) = &filter_updater.match_property {
+ filter.match_property = Some(match_property.iter().map(String::from).collect());
+ }
+
+ if let Some(invert_match) = filter_updater.invert_match {
+ filter.invert_match = Some(invert_match);
+ }
+
+ if let Some(comment) = &filter_updater.comment {
+ filter.comment = Some(comment.into());
+ }
+
+ config
+ .config
+ .set_data(name, FILTER_TYPENAME, &filter)
+ .map_err(|e| {
+ ApiError::internal_server_error(
+ format!("could not save filter '{name}'"),
+ Some(e.into()),
+ )
+ })?;
+
+ Ok(())
+}
+
+/// Delete existing filter
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if the filter does not exist.
+pub fn delete_filter(config: &mut Config, name: &str) -> Result<(), ApiError> {
+ // Check if the filter exists
+ let _ = get_filter(config, name)?;
+
+ config.config.sections.remove(name);
+
+ Ok(())
+}
+
+fn check_for_filter_recursion(
+ config: &Config,
+ filter: &str,
+ new_sub_filters: &[&str],
+) -> Result<(), ApiError> {
+ for sub_filter in new_sub_filters {
+ let mut visited = HashSet::new();
+
+ // Add the the filter we're currently adding/updating as a starting point,
+ // since it has not been saved in the configuration
+ visited.insert(filter.to_string());
+ do_check_for_filter_recursion(config, sub_filter, &mut visited)?;
+ }
+
+ Ok(())
+}
+
+fn do_check_for_filter_recursion(
+ config: &Config,
+ filter: &str,
+ visited: &mut HashSet<String>,
+) -> Result<(), ApiError> {
+ if visited.contains(filter) {
+ return Err(ApiError::bad_request(
+ format!("recursion in sub-filter detected: {filter}"),
+ None,
+ ));
+ }
+
+ visited.insert(filter.to_string());
+
+ let filter = get_filter(config, filter)?;
+
+ if let Some(sub_filters) = &filter.sub_filter {
+ for sub_filter in sub_filters {
+ do_check_for_filter_recursion(config, sub_filter, visited)?;
+ }
+ }
+
+ Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+ use crate::filter::FilterModeOperator;
+ use crate::Severity;
+
+ fn empty_config() -> Config {
+ Config::new("", "").unwrap()
+ }
+
+ fn config_with_two_filters() -> Config {
+ Config::new(
+ "
+filter: filter1
+ min-severity info
+
+filter: filter2
+ min-severity warning
+",
+ "",
+ )
+ .unwrap()
+ }
+
+ #[test]
+ fn test_update_not_existing_returns_error() -> Result<(), ApiError> {
+ let mut config = empty_config();
+ assert!(update_filter(&mut config, "test", &Default::default(), None, None).is_err());
+ Ok(())
+ }
+
+ #[test]
+ fn test_update_invalid_digest_returns_error() -> Result<(), ApiError> {
+ let mut config = config_with_two_filters();
+ assert!(update_filter(
+ &mut config,
+ "filter1",
+ &Default::default(),
+ None,
+ Some(&[0u8; 32])
+ )
+ .is_err());
+
+ Ok(())
+ }
+
+ #[test]
+ fn test_filter_update() -> Result<(), ApiError> {
+ let mut config = config_with_two_filters();
+
+ let digest = config.digest;
+
+ update_filter(
+ &mut config,
+ "filter1",
+ &FilterConfigUpdater {
+ min_severity: Some(Severity::Error),
+ sub_filter: Some(vec!["filter2".into()]),
+ mode: Some(FilterModeOperator::Or),
+ match_property: Some(vec!["foo=bar".into()]),
+ invert_match: Some(true),
+ comment: Some("new comment".into()),
+ },
+ None,
+ Some(&digest),
+ )?;
+
+ let filter = get_filter(&config, "filter1")?;
+
+ assert!(matches!(filter.mode, Some(FilterModeOperator::Or)));
+ assert!(matches!(filter.min_severity, Some(Severity::Error)));
+ assert_eq!(filter.match_property, Some(vec!["foo=bar".into()]));
+ assert_eq!(filter.invert_match, Some(true));
+ assert_eq!(filter.sub_filter, Some(vec!["filter2".into()]));
+ assert_eq!(filter.comment, Some("new comment".into()));
+
+ // Test property deletion
+ update_filter(
+ &mut config,
+ "filter1",
+ &Default::default(),
+ Some(&[
+ DeleteableFilterProperty::InvertMatch,
+ DeleteableFilterProperty::SubFilter,
+ DeleteableFilterProperty::Mode,
+ DeleteableFilterProperty::InvertMatch,
+ DeleteableFilterProperty::MinSeverity,
+ DeleteableFilterProperty::MatchProperty,
+ DeleteableFilterProperty::Comment,
+ ]),
+ Some(&digest),
+ )?;
+
+ let filter = get_filter(&config, "filter1")?;
+
+ assert_eq!(filter.invert_match, None);
+ assert_eq!(filter.min_severity, None);
+ assert!(matches!(filter.mode, None));
+ assert_eq!(filter.match_property, None);
+ assert_eq!(filter.sub_filter, None);
+ assert_eq!(filter.comment, None);
+
+ // Adding a non-existing sub-filter must fail
+ assert!(update_filter(
+ &mut config,
+ "filter1",
+ &FilterConfigUpdater {
+ sub_filter: Some(vec!["filter3".into()]),
+ ..Default::default()
+ },
+ None,
+ Some(&digest),
+ )
+ .is_err());
+
+ Ok(())
+ }
+
+ #[test]
+ fn test_filter_delete() -> Result<(), ApiError> {
+ let mut config = config_with_two_filters();
+
+ delete_filter(&mut config, "filter1")?;
+ assert!(delete_filter(&mut config, "filter1").is_err());
+ assert_eq!(get_filters(&config)?.len(), 1);
+
+ Ok(())
+ }
+
+ #[test]
+ fn test_recursive_subfilter_definition() -> Result<(), ApiError> {
+ let mut config = Config::new(
+ "
+filter: filter-a
+ sub-filter filter-b
+
+filter: filter-b
+
+filter: filter-e
+ sub-filter filter-f
+
+filter: filter-f
+ sub-filter filter-e
+ ",
+ "",
+ )
+ .unwrap();
+
+ // Newly created recursion should be detected
+ assert!(update_filter(
+ &mut config,
+ "filter-b",
+ &FilterConfigUpdater {
+ sub_filter: Some(vec!["filter-a".into()]),
+ ..Default::default()
+ },
+ None,
+ None,
+ )
+ .is_err());
+
+ // Existing recursions should also be detected, in case the
+ // configuration file was modified by hand.
+ assert!(update_filter(
+ &mut config,
+ "filter-c",
+ &FilterConfigUpdater {
+ sub_filter: Some(vec!["filter-e".into()]),
+ ..Default::default()
+ },
+ None,
+ None,
+ )
+ .is_err());
+
+ Ok(())
+ }
+}
diff --git a/proxmox-notify/src/api/gotify.rs b/proxmox-notify/src/api/gotify.rs
index fdb9cf53..48051200 100644
--- a/proxmox-notify/src/api/gotify.rs
+++ b/proxmox-notify/src/api/gotify.rs
@@ -112,6 +112,13 @@ pub fn update_endpoint(
endpoint.comment = Some(comment.into());
}
+ if let Some(filter) = &endpoint_config_updater.filter {
+ // Check if filter exists
+ let _ = super::filter::get_filter(config, &filter)?;
+
+ endpoint.filter = Some(filter.into());
+ }
+
config
.config
.set_data(name, GOTIFY_TYPENAME, &endpoint)
diff --git a/proxmox-notify/src/api/mod.rs b/proxmox-notify/src/api/mod.rs
index 1d249024..65dbc97c 100644
--- a/proxmox-notify/src/api/mod.rs
+++ b/proxmox-notify/src/api/mod.rs
@@ -6,6 +6,7 @@ use serde::Serialize;
pub mod channel;
pub mod common;
+pub mod filter;
#[cfg(feature = "gotify")]
pub mod gotify;
#[cfg(feature = "sendmail")]
diff --git a/proxmox-notify/src/api/sendmail.rs b/proxmox-notify/src/api/sendmail.rs
index a5379cd3..85b73a39 100644
--- a/proxmox-notify/src/api/sendmail.rs
+++ b/proxmox-notify/src/api/sendmail.rs
@@ -96,6 +96,11 @@ pub fn update_endpoint(
endpoint.comment = Some(comment.into());
}
+ if let Some(filter) = &updater.filter {
+ let _ = super::filter::get_filter(config, filter)?;
+ endpoint.filter = Some(filter.into());
+ }
+
config
.config
.set_data(name, SENDMAIL_TYPENAME, &endpoint)
--
2.30.2
next prev parent reply other threads:[~2023-05-24 13:58 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-24 13:56 [pve-devel] [PATCH v2 cluster/guest-common/manager/ha-manager/proxmox{, -perl-rs} 00/42] fix #4156: introduce new notification module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 01/42] add `proxmox-human-byte` crate Lukas Wagner
2023-06-26 11:58 ` Wolfgang Bumiller
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 02/42] human-byte: move tests to their own sub-module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 03/42] add proxmox-notify crate Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 04/42] notify: add debian packaging Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 05/42] notify: preparation for the first endpoint plugin Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 06/42] notify: preparation for the API Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 07/42] notify: api: add API for sending notifications/testing endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 08/42] notify: add notification channels Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 09/42] notify: api: add API for channels Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 10/42] notify: add sendmail plugin Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 11/42] notify: api: add API for sendmail endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 12/42] notify: add gotify endpoint Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 13/42] notify: api: add API for gotify endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 14/42] notify: add notification filter mechanism Lukas Wagner
2023-05-24 13:56 ` Lukas Wagner [this message]
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 16/42] notify: add template rendering Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 17/42] notify: add example for " Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 18/42] log: set default log level to 'info', add product specific logging env var Lukas Wagner
2023-06-05 7:27 ` Wolfgang Bumiller
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 19/42] add PVE::RS::Notify module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 20/42] notify: add api for sending notifications/testing endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 21/42] notify: add api for notification channels Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 22/42] notify: add api for sendmail endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 23/42] notify: add api for gotify endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 24/42] notify: add api for notification filters Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-cluster 25/42] cluster files: add notifications.cfg Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-guest-common 26/42] vzdump: add config options for new notification backend Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 27/42] test: fix names of .PHONY targets Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 28/42] add PVE::Notify module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 29/42] vzdump: send notifications via new notification module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 30/42] test: rename mail_test.pl to vzdump_notification_test.pl Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 31/42] api: apt: send notification via new notification module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 32/42] api: replication: send notifications " Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 33/42] ui: backup: allow to select notification channel for notifications Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 34/42] ui: backup: adapt backup job details to new notification params Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 35/42] ui: backup: allow to set notification-{channel, mode} for one-off backups Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 36/42] api: prepare api handler module for notification config Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 37/42] api: add api routes for notification channels Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 38/42] api: add api routes for sendmail endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 39/42] api: add api routes for gotify endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 40/42] api: add api routes for notification filters Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 41/42] ui: backup: disable notification mode selector for now Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-ha-manager 42/42] manager: send notifications via new notification module Lukas Wagner
2023-05-26 8:31 ` [pve-devel] [PATCH v2 cluster/guest-common/manager/ha-manager/proxmox{, -perl-rs} 00/42] fix #4156: introduce " Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230524135649.934881-16-l.wagner@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.