From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 3A0B966D6E for ; Sun, 8 Nov 2020 15:20:20 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 14261EC7F for ; Sun, 8 Nov 2020 15:20:06 +0100 (CET) Received: from kvmformation1.odiso.net (globalOdiso.M6Lille.odiso.net [89.248.211.242]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6D8FEE8F0 for ; Sun, 8 Nov 2020 15:19:48 +0100 (CET) Received: by kvmformation1.odiso.net (Postfix, from userid 0) id 92967717457; Sun, 8 Nov 2020 15:19:42 +0100 (CET) From: Alexandre Derumier To: pve-devel@lists.proxmox.com Date: Sun, 8 Nov 2020 15:19:34 +0100 Message-Id: <20201108141940.1028443-33-aderumier@odiso.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201108141940.1028443-1-aderumier@odiso.com> References: <20201108141940.1028443-1-aderumier@odiso.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 1 AWL -0.210 Adjusted score from AWL reputation of From: address HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods KHOP_HELO_FCRDNS 0.276 Relay HELO differs from its IP's reverse DNS NO_DNS_FOR_FROM 0.379 Envelope sender has no MX or A DNS records SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [netboxplugin.pm, phpipamplugin.pm, ipams.pm, plugin.pm] Subject: [pve-devel] [PATCH pve-network 32/38] ipam: verify api access on create/update X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Nov 2020 14:20:20 -0000 --- PVE/API2/Network/SDN/Ipams.pm | 6 ++++++ PVE/Network/SDN/Ipams/NetboxPlugin.pm | 24 +++++++++++++++++++++++- PVE/Network/SDN/Ipams/PhpIpamPlugin.pm | 24 +++++++++++++++++++++++- PVE/Network/SDN/Ipams/Plugin.pm | 4 ++++ 4 files changed, 56 insertions(+), 2 deletions(-) diff --git a/PVE/API2/Network/SDN/Ipams.pm b/PVE/API2/Network/SDN/Ipams.pm index 0d567c8..6410e8e 100644 --- a/PVE/API2/Network/SDN/Ipams.pm +++ b/PVE/API2/Network/SDN/Ipams.pm @@ -150,6 +150,10 @@ __PACKAGE__->register_method ({ $ipam_cfg->{ids}->{$id} = $opts; + my $plugin_config = $opts; + my $plugin = PVE::Network::SDN::Ipams::Plugin->lookup($plugin_config->{type}); + $plugin->on_update_hook($plugin_config); + PVE::Network::SDN::Ipams::write_config($ipam_cfg); }, "create sdn ipam object failed"); @@ -190,6 +194,8 @@ __PACKAGE__->register_method ({ $scfg->{$k} = $opts->{$k}; } + $plugin->on_update_hook($scfg); + PVE::Network::SDN::Ipams::write_config($ipam_cfg); }, "update sdn ipam object failed"); diff --git a/PVE/Network/SDN/Ipams/NetboxPlugin.pm b/PVE/Network/SDN/Ipams/NetboxPlugin.pm index 8695b7d..d696b08 100644 --- a/PVE/Network/SDN/Ipams/NetboxPlugin.pm +++ b/PVE/Network/SDN/Ipams/NetboxPlugin.pm @@ -138,10 +138,32 @@ sub del_ip { PVE::Network::SDN::Ipams::Plugin::api_request("DELETE", "$url/ipam/ip-addresses/$ip_id/", $headers); }; if ($@) { - die "error delete ip $ip"; + die "error delete ip $ip : $@"; } } +sub verify_api { + my ($class, $plugin_config) = @_; + + my $url = $plugin_config->{url}; + my $token = $plugin_config->{token}; + my $headers = ['Content-Type' => 'application/json; charset=UTF-8', 'Authorization' => "token $token"]; + + + eval { + PVE::Network::SDN::Ipams::Plugin::api_request("GET", "$url/ipam/aggregates/", $headers); + }; + if ($@) { + die "Can't connect to netbox api: $@"; + } +} + +sub on_update_hook { + my ($class, $plugin_config) = @_; + + PVE::Network::SDN::Ipams::NetboxPlugin::verify_api($class, $plugin_config); +} + #helpers sub get_prefix_id { diff --git a/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm b/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm index 324f1b2..f89ef29 100644 --- a/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm +++ b/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm @@ -162,10 +162,32 @@ sub del_ip { PVE::Network::SDN::Ipams::Plugin::api_request("DELETE", "$url/addresses/$ip_id", $headers); }; if ($@) { - die "error delete ip $ip"; + die "error delete ip $ip: $@"; } } +sub verify_api { + my ($class, $plugin_config) = @_; + + my $url = $plugin_config->{url}; + my $token = $plugin_config->{token}; + my $sectionid = $plugin_config->{section}; + my $headers = ['Content-Type' => 'application/json; charset=UTF-8', 'Token' => $token]; + + eval { + PVE::Network::SDN::Ipams::Plugin::api_request("GET", "$url/sections/$sectionid", $headers); + }; + if ($@) { + die "Can't connect to phpipam api: $@"; + } +} + +sub on_update_hook { + my ($class, $plugin_config) = @_; + + PVE::Network::SDN::Ipams::PhpIpamPlugin::verify_api($class, $plugin_config); +} + #helpers diff --git a/PVE/Network/SDN/Ipams/Plugin.pm b/PVE/Network/SDN/Ipams/Plugin.pm index a2ade3b..4c68287 100644 --- a/PVE/Network/SDN/Ipams/Plugin.pm +++ b/PVE/Network/SDN/Ipams/Plugin.pm @@ -87,6 +87,10 @@ sub del_ip { my ($class, $plugin_config, $subnetid, $subnet, $ip) = @_; } +sub on_update_hook { + my ($class, $plugin_config) = @_; +} + #helpers sub api_request { -- 2.20.1