From: Leo Nunner <l.nunner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH firewall 1/4] api: factor out renaming parameters to more descriptive names
Date: Thu, 26 Jan 2023 15:30:16 +0100 [thread overview]
Message-ID: <20230126143020.150338-2-l.nunner@proxmox.com> (raw)
In-Reply-To: <20230126143020.150338-1-l.nunner@proxmox.com>
Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
---
src/PVE/API2/Firewall/Aliases.pm | 20 ++++++------
src/PVE/API2/Firewall/Groups.pm | 53 ++++++++++++++++----------------
src/PVE/API2/Firewall/IPSet.pm | 39 ++++++++++++-----------
3 files changed, 56 insertions(+), 56 deletions(-)
diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm
index 33ac669..88f20a0 100644
--- a/src/PVE/API2/Firewall/Aliases.pm
+++ b/src/PVE/API2/Firewall/Aliases.pm
@@ -234,24 +234,22 @@ sub register_update_alias {
PVE::Tools::assert_if_modified($digest, $param->{digest});
- my $name = lc($param->{name});
+ my $rename_to = lc($param->{rename}) if defined($param->{rename});
+ my $rename_from = lc($param->{name});
- raise_param_exc({ name => "no such alias" }) if !$aliases->{$name};
+ raise_param_exc({ name => "no such alias" }) if !$aliases->{$rename_from};
my $data = { name => $param->{name}, cidr => $param->{cidr} };
$data->{comment} = $param->{comment} if $param->{comment};
- $aliases->{$name} = $data;
-
- my $rename = $param->{rename};
- $rename = lc($rename) if $rename;
+ $aliases->{$rename_from} = $data;
- if ($rename && ($name ne $rename)) {
+ if ($rename_to && ($rename_from ne $rename_to)) {
raise_param_exc({ name => "alias '$param->{rename}' already exists" })
- if defined($aliases->{$rename});
- $aliases->{$name}->{name} = $param->{rename};
- $aliases->{$rename} = $aliases->{$name};
- delete $aliases->{$name};
+ if defined($aliases->{$rename_to});
+ $aliases->{$rename_from}->{name} = $param->{rename};
+ $aliases->{$rename_to} = $aliases->{$rename_from};
+ delete $aliases->{$rename_from};
}
$class->save_aliases($param, $fw_conf, $aliases);
diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index ffdc45c..a0695ce 100644
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -100,37 +100,37 @@ __PACKAGE__->register_method({
code => sub {
my ($param) = @_;
- my $group = $param->{group};
- my $rename = $param->{rename};
+ my $rename_to = $param->{group};
+ my $rename_from = $param->{rename};
my $comment = $param->{comment};
PVE::Firewall::lock_clusterfw_conf(10, sub {
my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
- if ($rename) {
+ if ($rename_from) {
my (undef, $digest) = &$get_security_group_list($cluster_conf);
PVE::Tools::assert_if_modified($digest, $param->{digest});
- raise_param_exc({ group => "Security group '$rename' does not exist" })
- if !$cluster_conf->{groups}->{$rename};
+ raise_param_exc({ group => "Security group '$rename_from' does not exist" })
+ if !$cluster_conf->{groups}->{$rename_from};
# prevent overwriting an existing group
- raise_param_exc({ group => "Security group '$group' does already exist" })
- if $cluster_conf->{groups}->{$group} &&
- $group ne $rename;
+ raise_param_exc({ group => "Security group '$rename_to' does already exist" })
+ if $cluster_conf->{groups}->{$rename_to} &&
+ $rename_to ne $rename_from;
- if ($rename eq $group) {
- $cluster_conf->{group_comments}->{$rename} = $comment if defined($comment);
+ if ($rename_from eq $rename_to) {
+ $cluster_conf->{group_comments}->{$rename_from} = $comment if defined($comment);
PVE::Firewall::save_clusterfw_conf($cluster_conf);
return;
}
# Create an exact copy of the old security group
- $cluster_conf->{groups}->{$group} = $cluster_conf->{groups}->{$rename};
- $cluster_conf->{group_comments}->{$group} = $cluster_conf->{group_comments}->{$rename};
+ $cluster_conf->{groups}->{$rename_to} = $cluster_conf->{groups}->{$rename_from};
+ $cluster_conf->{group_comments}->{$rename_to} = $cluster_conf->{group_comments}->{$rename_from};
# Update comment if provided
- $cluster_conf->{group_comments}->{$group} = $comment if defined($comment);
+ $cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment);
# Write the copy to the cluster config, so that if something fails inbetween, the new firewall
# rules won't be broken when the new name is referenced
@@ -144,8 +144,8 @@ __PACKAGE__->register_method({
my $host_conf = PVE::Firewall::load_hostfw_conf($cluster_conf, $host_conf_path);
if (defined($host_conf)) {
- &$rename_fw_rules($rename,
- $group,
+ &$rename_fw_rules($rename_from,
+ $rename_to,
$host_conf->{rules});
PVE::Firewall::save_hostfw_conf($host_conf, $host_conf_path);
}
@@ -160,8 +160,8 @@ __PACKAGE__->register_method({
my $vm_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $vm_type, $vm, "/etc/pve/firewall");
if (defined($vm_conf)) {
- &$rename_fw_rules($rename,
- $group,
+ &$rename_fw_rules($rename_from,
+ $rename_to,
$vm_conf->{rules});
PVE::Firewall::save_vmfw_conf($vm, $vm_conf);
}
@@ -169,21 +169,20 @@ __PACKAGE__->register_method({
}
# And also update the cluster itself
- &$rename_fw_rules($rename,
- $group,
+ &$rename_fw_rules($rename_from,
+ $rename_to,
$cluster_conf->{rules});
# Now that everything has been updated, the old rule can be deleted
- delete $cluster_conf->{groups}->{$rename};
- delete $cluster_conf->{group_comments}->{$rename};
+ delete $cluster_conf->{groups}->{$rename_from};
+ delete $cluster_conf->{group_comments}->{$rename_from};
} else {
- foreach my $name (keys %{$cluster_conf->{groups}}) {
- raise_param_exc({ group => "Security group '$name' already exists" })
- if $name eq $group;
- }
+ # In this context, $rename_to is the name for the new group
+ raise_param_exc({ group => "Security group '$rename_to' already exists" })
+ if $cluster_conf->{groups}->{$rename_to};
- $cluster_conf->{groups}->{$group} = [];
- $cluster_conf->{group_comments}->{$group} = $comment if defined($comment);
+ $cluster_conf->{groups}->{$rename_to} = [];
+ $cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment);
}
PVE::Firewall::save_clusterfw_conf($cluster_conf);
diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index 14bcfcb..0e6b1d6 100644
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -647,32 +647,35 @@ sub register_create {
my ($cluster_conf, $fw_conf) = $class->load_config($param);
- if ($param->{rename}) {
+ my $rename_to = $param->{name};
+ my $rename_from = $param->{rename};
+ my $comment = $param->{comment};
+
+ if ($rename_from) {
my (undef, $digest) = &$get_ipset_list($fw_conf);
PVE::Tools::assert_if_modified($digest, $param->{digest});
- raise_param_exc({ name => "IPSet '$param->{rename}' does not exist" })
- if !$fw_conf->{ipset}->{$param->{rename}};
+ raise_param_exc({ name => "IPSet '$rename_from' does not exist" })
+ if !$fw_conf->{ipset}->{$rename_from};
# prevent overwriting existing ipset
- raise_param_exc({ name => "IPSet '$param->{name}' does already exist"})
- if $fw_conf->{ipset}->{$param->{name}} &&
- $param->{name} ne $param->{rename};
-
- my $data = delete $fw_conf->{ipset}->{$param->{rename}};
- $fw_conf->{ipset}->{$param->{name}} = $data;
- if (my $comment = delete $fw_conf->{ipset_comments}->{$param->{rename}}) {
- $fw_conf->{ipset_comments}->{$param->{name}} = $comment;
+ raise_param_exc({ name => "IPSet '$rename_to' does already exist"})
+ if $fw_conf->{ipset}->{$rename_to} &&
+ $rename_to ne $rename_from;
+
+ my $data = delete $fw_conf->{ipset}->{$rename_from};
+ $fw_conf->{ipset}->{$rename_to} = $data;
+ if (my $comment = delete $fw_conf->{ipset_comments}->{$rename_from}) {
+ $fw_conf->{ipset_comments}->{$rename_to} = $comment;
}
- $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment});
} else {
- foreach my $name (keys %{$fw_conf->{ipset}}) {
- raise_param_exc({ name => "IPSet '$name' already exists" })
- if $name eq $param->{name};
- }
+ # In this context, $rename_to is the name for the new IPSet
+ raise_param_exc({ name => "IPSet '$rename_to' already exists" })
+ if $fw_conf->{ipset}->{$rename_to};
- $fw_conf->{ipset}->{$param->{name}} = [];
- $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ $fw_conf->{ipset}->{$rename_to} = [];
+ $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment});
}
$class->save_config($param, $fw_conf);
--
2.30.2
next prev parent reply other threads:[~2023-01-26 14:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-26 14:30 [pve-devel] [PATCH firewall manager] Make firewall config case-insensitive Leo Nunner
2023-01-26 14:30 ` Leo Nunner [this message]
2023-01-27 10:43 ` [pve-devel] [PATCH firewall 1/4] api: factor out renaming parameters to more descriptive names Wolfgang Bumiller
2023-01-26 14:30 ` [pve-devel] [PATCH firewall 2/4] docs: clarify usage of 'rename' parameters Leo Nunner
2023-01-28 10:39 ` Thomas Lamprecht
2023-01-26 14:30 ` [pve-devel] [PATCH firewall 3/4] config: make groups, IPSets and aliases case-insensitive Leo Nunner
2023-01-26 14:30 ` [pve-devel] [PATCH firewall 4/4] config: combine group/ipset and their comments Leo Nunner
2023-01-27 11:41 ` Wolfgang Bumiller
2023-01-30 9:01 ` Leo Nunner
2023-01-26 14:30 ` [pve-devel] [PATCH manager] ui: the API doesn't pass 'name' for aliases anymore Leo Nunner
2023-01-28 10:43 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230126143020.150338-2-l.nunner@proxmox.com \
--to=l.nunner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox