From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 73EB496C92 for ; Thu, 26 Jan 2023 15:31:23 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2DD70249AB for ; Thu, 26 Jan 2023 15:30:53 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 26 Jan 2023 15:30:48 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id CB0DB465A6 for ; Thu, 26 Jan 2023 15:30:47 +0100 (CET) From: Leo Nunner To: pve-devel@lists.proxmox.com Date: Thu, 26 Jan 2023 15:30:16 +0100 Message-Id: <20230126143020.150338-2-l.nunner@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230126143020.150338-1-l.nunner@proxmox.com> References: <20230126143020.150338-1-l.nunner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.082 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [aliases.pm, ipset.pm, groups.pm] Subject: [pve-devel] [PATCH firewall 1/4] api: factor out renaming parameters to more descriptive names X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2023 14:31:23 -0000 Signed-off-by: Leo Nunner --- src/PVE/API2/Firewall/Aliases.pm | 20 ++++++------ src/PVE/API2/Firewall/Groups.pm | 53 ++++++++++++++++---------------- src/PVE/API2/Firewall/IPSet.pm | 39 ++++++++++++----------- 3 files changed, 56 insertions(+), 56 deletions(-) diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm index 33ac669..88f20a0 100644 --- a/src/PVE/API2/Firewall/Aliases.pm +++ b/src/PVE/API2/Firewall/Aliases.pm @@ -234,24 +234,22 @@ sub register_update_alias { PVE::Tools::assert_if_modified($digest, $param->{digest}); - my $name = lc($param->{name}); + my $rename_to = lc($param->{rename}) if defined($param->{rename}); + my $rename_from = lc($param->{name}); - raise_param_exc({ name => "no such alias" }) if !$aliases->{$name}; + raise_param_exc({ name => "no such alias" }) if !$aliases->{$rename_from}; my $data = { name => $param->{name}, cidr => $param->{cidr} }; $data->{comment} = $param->{comment} if $param->{comment}; - $aliases->{$name} = $data; - - my $rename = $param->{rename}; - $rename = lc($rename) if $rename; + $aliases->{$rename_from} = $data; - if ($rename && ($name ne $rename)) { + if ($rename_to && ($rename_from ne $rename_to)) { raise_param_exc({ name => "alias '$param->{rename}' already exists" }) - if defined($aliases->{$rename}); - $aliases->{$name}->{name} = $param->{rename}; - $aliases->{$rename} = $aliases->{$name}; - delete $aliases->{$name}; + if defined($aliases->{$rename_to}); + $aliases->{$rename_from}->{name} = $param->{rename}; + $aliases->{$rename_to} = $aliases->{$rename_from}; + delete $aliases->{$rename_from}; } $class->save_aliases($param, $fw_conf, $aliases); diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm index ffdc45c..a0695ce 100644 --- a/src/PVE/API2/Firewall/Groups.pm +++ b/src/PVE/API2/Firewall/Groups.pm @@ -100,37 +100,37 @@ __PACKAGE__->register_method({ code => sub { my ($param) = @_; - my $group = $param->{group}; - my $rename = $param->{rename}; + my $rename_to = $param->{group}; + my $rename_from = $param->{rename}; my $comment = $param->{comment}; PVE::Firewall::lock_clusterfw_conf(10, sub { my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); - if ($rename) { + if ($rename_from) { my (undef, $digest) = &$get_security_group_list($cluster_conf); PVE::Tools::assert_if_modified($digest, $param->{digest}); - raise_param_exc({ group => "Security group '$rename' does not exist" }) - if !$cluster_conf->{groups}->{$rename}; + raise_param_exc({ group => "Security group '$rename_from' does not exist" }) + if !$cluster_conf->{groups}->{$rename_from}; # prevent overwriting an existing group - raise_param_exc({ group => "Security group '$group' does already exist" }) - if $cluster_conf->{groups}->{$group} && - $group ne $rename; + raise_param_exc({ group => "Security group '$rename_to' does already exist" }) + if $cluster_conf->{groups}->{$rename_to} && + $rename_to ne $rename_from; - if ($rename eq $group) { - $cluster_conf->{group_comments}->{$rename} = $comment if defined($comment); + if ($rename_from eq $rename_to) { + $cluster_conf->{group_comments}->{$rename_from} = $comment if defined($comment); PVE::Firewall::save_clusterfw_conf($cluster_conf); return; } # Create an exact copy of the old security group - $cluster_conf->{groups}->{$group} = $cluster_conf->{groups}->{$rename}; - $cluster_conf->{group_comments}->{$group} = $cluster_conf->{group_comments}->{$rename}; + $cluster_conf->{groups}->{$rename_to} = $cluster_conf->{groups}->{$rename_from}; + $cluster_conf->{group_comments}->{$rename_to} = $cluster_conf->{group_comments}->{$rename_from}; # Update comment if provided - $cluster_conf->{group_comments}->{$group} = $comment if defined($comment); + $cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment); # Write the copy to the cluster config, so that if something fails inbetween, the new firewall # rules won't be broken when the new name is referenced @@ -144,8 +144,8 @@ __PACKAGE__->register_method({ my $host_conf = PVE::Firewall::load_hostfw_conf($cluster_conf, $host_conf_path); if (defined($host_conf)) { - &$rename_fw_rules($rename, - $group, + &$rename_fw_rules($rename_from, + $rename_to, $host_conf->{rules}); PVE::Firewall::save_hostfw_conf($host_conf, $host_conf_path); } @@ -160,8 +160,8 @@ __PACKAGE__->register_method({ my $vm_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $vm_type, $vm, "/etc/pve/firewall"); if (defined($vm_conf)) { - &$rename_fw_rules($rename, - $group, + &$rename_fw_rules($rename_from, + $rename_to, $vm_conf->{rules}); PVE::Firewall::save_vmfw_conf($vm, $vm_conf); } @@ -169,21 +169,20 @@ __PACKAGE__->register_method({ } # And also update the cluster itself - &$rename_fw_rules($rename, - $group, + &$rename_fw_rules($rename_from, + $rename_to, $cluster_conf->{rules}); # Now that everything has been updated, the old rule can be deleted - delete $cluster_conf->{groups}->{$rename}; - delete $cluster_conf->{group_comments}->{$rename}; + delete $cluster_conf->{groups}->{$rename_from}; + delete $cluster_conf->{group_comments}->{$rename_from}; } else { - foreach my $name (keys %{$cluster_conf->{groups}}) { - raise_param_exc({ group => "Security group '$name' already exists" }) - if $name eq $group; - } + # In this context, $rename_to is the name for the new group + raise_param_exc({ group => "Security group '$rename_to' already exists" }) + if $cluster_conf->{groups}->{$rename_to}; - $cluster_conf->{groups}->{$group} = []; - $cluster_conf->{group_comments}->{$group} = $comment if defined($comment); + $cluster_conf->{groups}->{$rename_to} = []; + $cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment); } PVE::Firewall::save_clusterfw_conf($cluster_conf); diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm index 14bcfcb..0e6b1d6 100644 --- a/src/PVE/API2/Firewall/IPSet.pm +++ b/src/PVE/API2/Firewall/IPSet.pm @@ -647,32 +647,35 @@ sub register_create { my ($cluster_conf, $fw_conf) = $class->load_config($param); - if ($param->{rename}) { + my $rename_to = $param->{name}; + my $rename_from = $param->{rename}; + my $comment = $param->{comment}; + + if ($rename_from) { my (undef, $digest) = &$get_ipset_list($fw_conf); PVE::Tools::assert_if_modified($digest, $param->{digest}); - raise_param_exc({ name => "IPSet '$param->{rename}' does not exist" }) - if !$fw_conf->{ipset}->{$param->{rename}}; + raise_param_exc({ name => "IPSet '$rename_from' does not exist" }) + if !$fw_conf->{ipset}->{$rename_from}; # prevent overwriting existing ipset - raise_param_exc({ name => "IPSet '$param->{name}' does already exist"}) - if $fw_conf->{ipset}->{$param->{name}} && - $param->{name} ne $param->{rename}; - - my $data = delete $fw_conf->{ipset}->{$param->{rename}}; - $fw_conf->{ipset}->{$param->{name}} = $data; - if (my $comment = delete $fw_conf->{ipset_comments}->{$param->{rename}}) { - $fw_conf->{ipset_comments}->{$param->{name}} = $comment; + raise_param_exc({ name => "IPSet '$rename_to' does already exist"}) + if $fw_conf->{ipset}->{$rename_to} && + $rename_to ne $rename_from; + + my $data = delete $fw_conf->{ipset}->{$rename_from}; + $fw_conf->{ipset}->{$rename_to} = $data; + if (my $comment = delete $fw_conf->{ipset_comments}->{$rename_from}) { + $fw_conf->{ipset_comments}->{$rename_to} = $comment; } - $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment}); + $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment}); } else { - foreach my $name (keys %{$fw_conf->{ipset}}) { - raise_param_exc({ name => "IPSet '$name' already exists" }) - if $name eq $param->{name}; - } + # In this context, $rename_to is the name for the new IPSet + raise_param_exc({ name => "IPSet '$rename_to' already exists" }) + if $fw_conf->{ipset}->{$rename_to}; - $fw_conf->{ipset}->{$param->{name}} = []; - $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment}); + $fw_conf->{ipset}->{$rename_to} = []; + $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment}); } $class->save_config($param, $fw_conf); -- 2.30.2