From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <l.nunner@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id A1C039EC1B
 for <pve-devel@lists.proxmox.com>; Wed,  7 Jun 2023 12:18:30 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 878633F831
 for <pve-devel@lists.proxmox.com>; Wed,  7 Jun 2023 12:18:00 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Wed,  7 Jun 2023 12:17:59 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 37CCC41E46
 for <pve-devel@lists.proxmox.com>; Wed,  7 Jun 2023 12:17:59 +0200 (CEST)
From: Leo Nunner <l.nunner@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Wed,  7 Jun 2023 12:17:47 +0200
Message-Id: <20230607101751.87616-1-l.nunner@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.107 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: [pve-devel] [PATCH firewall/manager] firewall: introduce scoping
 for ipsets/aliases
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2023 10:18:30 -0000

This patch introduces scoping mechanisms for IPsets and aliases, since
its possible to have two of them with the same name on different layers
(i.e. one on the cluster layer, and one on the VM layer). Datacenter
entries are now prefixed with "dc/", and VM entries are prefixed with
"ct/".

The first two patches:

  fix #4556: introduce 'dc' and 'vm' prefix for IPSets
  fix #4556: introduce 'dc' and 'vm' prefix for aliases

should retain backwards compatibility with existing setups. All older
configs will continue to work as previously, since unscoped values
retain the previous behaviour.

  fix #4556: api: return scoped IPSets and aliases
  firewall: add scope field to IPRefSelector

introduce new return values to the API endpoints for /refs, leading to
all new entries that are being added via the GUI being scoped by
default. This will break compatibility with older systems, since the
scoped values cannot be parsed.

firewall:

Leo Nunner (3):
  fix #4556: introduce 'dc' and 'vm' prefix for IPSets
  fix #4556: introduce 'dc' and 'vm' prefix for aliases
  fix #4556: api: return scoped IPSets and aliases

 src/PVE/API2/Firewall/Cluster.pm | 34 ++-------------
 src/PVE/API2/Firewall/IPSet.pm   |  9 ++--
 src/PVE/API2/Firewall/VM.pm      | 47 +++++----------------
 src/PVE/Firewall.pm              | 71 +++++++++++++++++++++-----------
 src/PVE/Firewall/Helpers.pm      | 43 +++++++++++++++++++
 5 files changed, 110 insertions(+), 94 deletions(-)

manager:

Leo Nunner (1):
  firewall: add scope field to IPRefSelector

 www/manager6/form/IPRefSelector.js | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

-- 
2.30.2