From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <l.nunner@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 73EB496C92
for <pve-devel@lists.proxmox.com>; Thu, 26 Jan 2023 15:31:23 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 2DD70249AB
for <pve-devel@lists.proxmox.com>; Thu, 26 Jan 2023 15:30:53 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[94.136.29.106])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS
for <pve-devel@lists.proxmox.com>; Thu, 26 Jan 2023 15:30:48 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id CB0DB465A6
for <pve-devel@lists.proxmox.com>; Thu, 26 Jan 2023 15:30:47 +0100 (CET)
From: Leo Nunner <l.nunner@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 26 Jan 2023 15:30:16 +0100
Message-Id: <20230126143020.150338-2-l.nunner@proxmox.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20230126143020.150338-1-l.nunner@proxmox.com>
References: <20230126143020.150338-1-l.nunner@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
AWL -0.082 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
RCVD_IN_DNSWL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to DNSWL was
blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information. [aliases.pm, ipset.pm, groups.pm]
Subject: [pve-devel] [PATCH firewall 1/4] api: factor out renaming
parameters to more descriptive names
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2023 14:31:23 -0000
Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
---
src/PVE/API2/Firewall/Aliases.pm | 20 ++++++------
src/PVE/API2/Firewall/Groups.pm | 53 ++++++++++++++++----------------
src/PVE/API2/Firewall/IPSet.pm | 39 ++++++++++++-----------
3 files changed, 56 insertions(+), 56 deletions(-)
diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm
index 33ac669..88f20a0 100644
--- a/src/PVE/API2/Firewall/Aliases.pm
+++ b/src/PVE/API2/Firewall/Aliases.pm
@@ -234,24 +234,22 @@ sub register_update_alias {
PVE::Tools::assert_if_modified($digest, $param->{digest});
- my $name = lc($param->{name});
+ my $rename_to = lc($param->{rename}) if defined($param->{rename});
+ my $rename_from = lc($param->{name});
- raise_param_exc({ name => "no such alias" }) if !$aliases->{$name};
+ raise_param_exc({ name => "no such alias" }) if !$aliases->{$rename_from};
my $data = { name => $param->{name}, cidr => $param->{cidr} };
$data->{comment} = $param->{comment} if $param->{comment};
- $aliases->{$name} = $data;
-
- my $rename = $param->{rename};
- $rename = lc($rename) if $rename;
+ $aliases->{$rename_from} = $data;
- if ($rename && ($name ne $rename)) {
+ if ($rename_to && ($rename_from ne $rename_to)) {
raise_param_exc({ name => "alias '$param->{rename}' already exists" })
- if defined($aliases->{$rename});
- $aliases->{$name}->{name} = $param->{rename};
- $aliases->{$rename} = $aliases->{$name};
- delete $aliases->{$name};
+ if defined($aliases->{$rename_to});
+ $aliases->{$rename_from}->{name} = $param->{rename};
+ $aliases->{$rename_to} = $aliases->{$rename_from};
+ delete $aliases->{$rename_from};
}
$class->save_aliases($param, $fw_conf, $aliases);
diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index ffdc45c..a0695ce 100644
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -100,37 +100,37 @@ __PACKAGE__->register_method({
code => sub {
my ($param) = @_;
- my $group = $param->{group};
- my $rename = $param->{rename};
+ my $rename_to = $param->{group};
+ my $rename_from = $param->{rename};
my $comment = $param->{comment};
PVE::Firewall::lock_clusterfw_conf(10, sub {
my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
- if ($rename) {
+ if ($rename_from) {
my (undef, $digest) = &$get_security_group_list($cluster_conf);
PVE::Tools::assert_if_modified($digest, $param->{digest});
- raise_param_exc({ group => "Security group '$rename' does not exist" })
- if !$cluster_conf->{groups}->{$rename};
+ raise_param_exc({ group => "Security group '$rename_from' does not exist" })
+ if !$cluster_conf->{groups}->{$rename_from};
# prevent overwriting an existing group
- raise_param_exc({ group => "Security group '$group' does already exist" })
- if $cluster_conf->{groups}->{$group} &&
- $group ne $rename;
+ raise_param_exc({ group => "Security group '$rename_to' does already exist" })
+ if $cluster_conf->{groups}->{$rename_to} &&
+ $rename_to ne $rename_from;
- if ($rename eq $group) {
- $cluster_conf->{group_comments}->{$rename} = $comment if defined($comment);
+ if ($rename_from eq $rename_to) {
+ $cluster_conf->{group_comments}->{$rename_from} = $comment if defined($comment);
PVE::Firewall::save_clusterfw_conf($cluster_conf);
return;
}
# Create an exact copy of the old security group
- $cluster_conf->{groups}->{$group} = $cluster_conf->{groups}->{$rename};
- $cluster_conf->{group_comments}->{$group} = $cluster_conf->{group_comments}->{$rename};
+ $cluster_conf->{groups}->{$rename_to} = $cluster_conf->{groups}->{$rename_from};
+ $cluster_conf->{group_comments}->{$rename_to} = $cluster_conf->{group_comments}->{$rename_from};
# Update comment if provided
- $cluster_conf->{group_comments}->{$group} = $comment if defined($comment);
+ $cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment);
# Write the copy to the cluster config, so that if something fails inbetween, the new firewall
# rules won't be broken when the new name is referenced
@@ -144,8 +144,8 @@ __PACKAGE__->register_method({
my $host_conf = PVE::Firewall::load_hostfw_conf($cluster_conf, $host_conf_path);
if (defined($host_conf)) {
- &$rename_fw_rules($rename,
- $group,
+ &$rename_fw_rules($rename_from,
+ $rename_to,
$host_conf->{rules});
PVE::Firewall::save_hostfw_conf($host_conf, $host_conf_path);
}
@@ -160,8 +160,8 @@ __PACKAGE__->register_method({
my $vm_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $vm_type, $vm, "/etc/pve/firewall");
if (defined($vm_conf)) {
- &$rename_fw_rules($rename,
- $group,
+ &$rename_fw_rules($rename_from,
+ $rename_to,
$vm_conf->{rules});
PVE::Firewall::save_vmfw_conf($vm, $vm_conf);
}
@@ -169,21 +169,20 @@ __PACKAGE__->register_method({
}
# And also update the cluster itself
- &$rename_fw_rules($rename,
- $group,
+ &$rename_fw_rules($rename_from,
+ $rename_to,
$cluster_conf->{rules});
# Now that everything has been updated, the old rule can be deleted
- delete $cluster_conf->{groups}->{$rename};
- delete $cluster_conf->{group_comments}->{$rename};
+ delete $cluster_conf->{groups}->{$rename_from};
+ delete $cluster_conf->{group_comments}->{$rename_from};
} else {
- foreach my $name (keys %{$cluster_conf->{groups}}) {
- raise_param_exc({ group => "Security group '$name' already exists" })
- if $name eq $group;
- }
+ # In this context, $rename_to is the name for the new group
+ raise_param_exc({ group => "Security group '$rename_to' already exists" })
+ if $cluster_conf->{groups}->{$rename_to};
- $cluster_conf->{groups}->{$group} = [];
- $cluster_conf->{group_comments}->{$group} = $comment if defined($comment);
+ $cluster_conf->{groups}->{$rename_to} = [];
+ $cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment);
}
PVE::Firewall::save_clusterfw_conf($cluster_conf);
diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index 14bcfcb..0e6b1d6 100644
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -647,32 +647,35 @@ sub register_create {
my ($cluster_conf, $fw_conf) = $class->load_config($param);
- if ($param->{rename}) {
+ my $rename_to = $param->{name};
+ my $rename_from = $param->{rename};
+ my $comment = $param->{comment};
+
+ if ($rename_from) {
my (undef, $digest) = &$get_ipset_list($fw_conf);
PVE::Tools::assert_if_modified($digest, $param->{digest});
- raise_param_exc({ name => "IPSet '$param->{rename}' does not exist" })
- if !$fw_conf->{ipset}->{$param->{rename}};
+ raise_param_exc({ name => "IPSet '$rename_from' does not exist" })
+ if !$fw_conf->{ipset}->{$rename_from};
# prevent overwriting existing ipset
- raise_param_exc({ name => "IPSet '$param->{name}' does already exist"})
- if $fw_conf->{ipset}->{$param->{name}} &&
- $param->{name} ne $param->{rename};
-
- my $data = delete $fw_conf->{ipset}->{$param->{rename}};
- $fw_conf->{ipset}->{$param->{name}} = $data;
- if (my $comment = delete $fw_conf->{ipset_comments}->{$param->{rename}}) {
- $fw_conf->{ipset_comments}->{$param->{name}} = $comment;
+ raise_param_exc({ name => "IPSet '$rename_to' does already exist"})
+ if $fw_conf->{ipset}->{$rename_to} &&
+ $rename_to ne $rename_from;
+
+ my $data = delete $fw_conf->{ipset}->{$rename_from};
+ $fw_conf->{ipset}->{$rename_to} = $data;
+ if (my $comment = delete $fw_conf->{ipset_comments}->{$rename_from}) {
+ $fw_conf->{ipset_comments}->{$rename_to} = $comment;
}
- $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment});
} else {
- foreach my $name (keys %{$fw_conf->{ipset}}) {
- raise_param_exc({ name => "IPSet '$name' already exists" })
- if $name eq $param->{name};
- }
+ # In this context, $rename_to is the name for the new IPSet
+ raise_param_exc({ name => "IPSet '$rename_to' already exists" })
+ if $fw_conf->{ipset}->{$rename_to};
- $fw_conf->{ipset}->{$param->{name}} = [];
- $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ $fw_conf->{ipset}->{$rename_to} = [];
+ $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment});
}
$class->save_config($param, $fw_conf);
--
2.30.2