From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v10 pve-network 33/35] ipam: verify api access on create/update
Date: Mon, 5 Oct 2020 17:09:10 +0200 [thread overview]
Message-ID: <20201005150912.463000-34-aderumier@odiso.com> (raw)
In-Reply-To: <20201005150912.463000-1-aderumier@odiso.com>
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/API2/Network/SDN/Ipams.pm | 6 ++++++
PVE/Network/SDN/Ipams/NetboxPlugin.pm | 24 +++++++++++++++++++++++-
PVE/Network/SDN/Ipams/PhpIpamPlugin.pm | 24 +++++++++++++++++++++++-
PVE/Network/SDN/Ipams/Plugin.pm | 4 ++++
4 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Network/SDN/Ipams.pm b/PVE/API2/Network/SDN/Ipams.pm
index 0d567c8..6410e8e 100644
--- a/PVE/API2/Network/SDN/Ipams.pm
+++ b/PVE/API2/Network/SDN/Ipams.pm
@@ -150,6 +150,10 @@ __PACKAGE__->register_method ({
$ipam_cfg->{ids}->{$id} = $opts;
+ my $plugin_config = $opts;
+ my $plugin = PVE::Network::SDN::Ipams::Plugin->lookup($plugin_config->{type});
+ $plugin->on_update_hook($plugin_config);
+
PVE::Network::SDN::Ipams::write_config($ipam_cfg);
}, "create sdn ipam object failed");
@@ -190,6 +194,8 @@ __PACKAGE__->register_method ({
$scfg->{$k} = $opts->{$k};
}
+ $plugin->on_update_hook($scfg);
+
PVE::Network::SDN::Ipams::write_config($ipam_cfg);
}, "update sdn ipam object failed");
diff --git a/PVE/Network/SDN/Ipams/NetboxPlugin.pm b/PVE/Network/SDN/Ipams/NetboxPlugin.pm
index 8695b7d..d696b08 100644
--- a/PVE/Network/SDN/Ipams/NetboxPlugin.pm
+++ b/PVE/Network/SDN/Ipams/NetboxPlugin.pm
@@ -138,10 +138,32 @@ sub del_ip {
PVE::Network::SDN::Ipams::Plugin::api_request("DELETE", "$url/ipam/ip-addresses/$ip_id/", $headers);
};
if ($@) {
- die "error delete ip $ip";
+ die "error delete ip $ip : $@";
}
}
+sub verify_api {
+ my ($class, $plugin_config) = @_;
+
+ my $url = $plugin_config->{url};
+ my $token = $plugin_config->{token};
+ my $headers = ['Content-Type' => 'application/json; charset=UTF-8', 'Authorization' => "token $token"];
+
+
+ eval {
+ PVE::Network::SDN::Ipams::Plugin::api_request("GET", "$url/ipam/aggregates/", $headers);
+ };
+ if ($@) {
+ die "Can't connect to netbox api: $@";
+ }
+}
+
+sub on_update_hook {
+ my ($class, $plugin_config) = @_;
+
+ PVE::Network::SDN::Ipams::NetboxPlugin::verify_api($class, $plugin_config);
+}
+
#helpers
sub get_prefix_id {
diff --git a/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm b/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm
index 324f1b2..f89ef29 100644
--- a/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm
+++ b/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm
@@ -162,10 +162,32 @@ sub del_ip {
PVE::Network::SDN::Ipams::Plugin::api_request("DELETE", "$url/addresses/$ip_id", $headers);
};
if ($@) {
- die "error delete ip $ip";
+ die "error delete ip $ip: $@";
}
}
+sub verify_api {
+ my ($class, $plugin_config) = @_;
+
+ my $url = $plugin_config->{url};
+ my $token = $plugin_config->{token};
+ my $sectionid = $plugin_config->{section};
+ my $headers = ['Content-Type' => 'application/json; charset=UTF-8', 'Token' => $token];
+
+ eval {
+ PVE::Network::SDN::Ipams::Plugin::api_request("GET", "$url/sections/$sectionid", $headers);
+ };
+ if ($@) {
+ die "Can't connect to phpipam api: $@";
+ }
+}
+
+sub on_update_hook {
+ my ($class, $plugin_config) = @_;
+
+ PVE::Network::SDN::Ipams::PhpIpamPlugin::verify_api($class, $plugin_config);
+}
+
#helpers
diff --git a/PVE/Network/SDN/Ipams/Plugin.pm b/PVE/Network/SDN/Ipams/Plugin.pm
index a2ade3b..4c68287 100644
--- a/PVE/Network/SDN/Ipams/Plugin.pm
+++ b/PVE/Network/SDN/Ipams/Plugin.pm
@@ -87,6 +87,10 @@ sub del_ip {
my ($class, $plugin_config, $subnetid, $subnet, $ip) = @_;
}
+sub on_update_hook {
+ my ($class, $plugin_config) = @_;
+}
+
#helpers
sub api_request {
--
2.20.1
next prev parent reply other threads:[~2020-10-05 15:10 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-05 15:08 [pve-devel] [PATCH v10 pve-network 00/35] add subnet plugin Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 01/35] " Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 02/35] vnets: add subnets Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 03/35] add subnets verifications hooks Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 04/35] zones: simple|evpn: add gateway ip from subnets to vnet Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 05/35] zone: add vnet_update_hook Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 06/35] vnets: subnets: use cidr Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 07/35] subnet: fix on_delete_hook Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 08/35] api2: subnet create: convert cidr to subnetid Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 09/35] api2: increase version on apply/reload only Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 10/35] add ipams plugins Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 11/35] add pve internal ipam plugin Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 12/35] vnets: find_free_ip : add ipversion detection Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 13/35] vnets: add add_ip Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 14/35] vnets: add del_ip + rework add_ip/find_free_ip Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 15/35] add dns plugin Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 16/35] Fix vnet gateway for routed setup + /32 pointopoint subnet Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 17/35] ipam : pveplugin : fix find_next_free_ip Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 18/35] add vnet to subnets && remove subnetlist from vnet Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 19/35] zones: evpn|simple: add snat iptables rules Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 20/35] subnet: disable route option for now and add dns domain format Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 21/35] dns: fix reverse dns Alexandre Derumier
2020-10-05 15:08 ` [pve-devel] [PATCH v10 pve-network 22/35] subnets: move api to /sdn/vnet/<vnet>/subnets && make vnet option not optionnal Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 23/35] zones: evpn : fix raise exception Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 24/35] subnet: make ipam not optionnal and use pve ipam as default Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 25/35] don't allow subnets on vlanware vnet Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 26/35] generate sdn/.running-config on apply Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 27/35] api: add running/pending zones/vnets/subnets/controllers Alexandre Derumier
2020-10-08 9:04 ` Thomas Lamprecht
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 28/35] small bugfixes Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 29/35] move dns options from subnets to zone Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 30/35] move ipam option from subnet " Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 31/35] subnets/ipam: allow same subnet on different zones Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 32/35] vnets: allow duplicate tags in differents zones Alexandre Derumier
2020-10-05 15:09 ` Alexandre Derumier [this message]
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 34/35] ipam: add hostname/description to ipam db Alexandre Derumier
2020-10-05 15:09 ` [pve-devel] [PATCH v10 pve-network 35/35] update documentation Alexandre Derumier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201005150912.463000-34-aderumier@odiso.com \
--to=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox