From: Lukas Wagner <l.wagner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v2 proxmox 15/42] notify: api: add API for filters
Date: Wed, 24 May 2023 15:56:22 +0200 [thread overview]
Message-ID: <20230524135649.934881-16-l.wagner@proxmox.com> (raw)
In-Reply-To: <20230524135649.934881-1-l.wagner@proxmox.com>
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
proxmox-notify/src/api/filter.rs | 366 +++++++++++++++++++++++++++++
proxmox-notify/src/api/gotify.rs | 7 +
proxmox-notify/src/api/mod.rs | 1 +
proxmox-notify/src/api/sendmail.rs | 5 +
4 files changed, 379 insertions(+)
create mode 100644 proxmox-notify/src/api/filter.rs
diff --git a/proxmox-notify/src/api/filter.rs b/proxmox-notify/src/api/filter.rs
new file mode 100644
index 00000000..3d80778f
--- /dev/null
+++ b/proxmox-notify/src/api/filter.rs
@@ -0,0 +1,366 @@
+use crate::api::ApiError;
+use crate::filter::{DeleteableFilterProperty, FilterConfig, FilterConfigUpdater, FILTER_TYPENAME};
+use crate::Config;
+use std::collections::HashSet;
+
+/// Get a list of all filters
+///
+/// The caller is responsible for any needed permission checks.
+/// Returns a list of all filters or an `ApiError` if the config is erroneous.
+pub fn get_filters(config: &Config) -> Result<Vec<FilterConfig>, ApiError> {
+ config
+ .config
+ .convert_to_typed_array(FILTER_TYPENAME)
+ .map_err(|e| ApiError::internal_server_error("Could not fetch filters", Some(e.into())))
+}
+
+/// Get filter with given `name`
+///
+/// The caller is responsible for any needed permission checks.
+/// Returns the endpoint or an `ApiError` if the filter was not found.
+pub fn get_filter(config: &Config, name: &str) -> Result<FilterConfig, ApiError> {
+ config
+ .config
+ .lookup(FILTER_TYPENAME, name)
+ .map_err(|_| ApiError::not_found(format!("filter '{name}' not found"), None))
+}
+
+/// Add new notification filter.
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if a filter with the same name already exists,
+/// if the filter could not be saved, or if the included sub-filter leads to
+/// a filter recursion.
+pub fn add_filter(config: &mut Config, filter_config: &FilterConfig) -> Result<(), ApiError> {
+ if get_filter(config, &filter_config.name).is_ok() {
+ return Err(ApiError::bad_request(
+ format!("filter '{}' already exists", filter_config.name),
+ None,
+ ));
+ }
+
+ if let Some(sub_filters) = filter_config.sub_filter.as_ref() {
+ let sub_filters = sub_filters
+ .iter()
+ .map(|s| s.as_str())
+ .collect::<Vec<&str>>();
+ check_for_filter_recursion(config, &filter_config.name, &sub_filters)?;
+ }
+
+ config
+ .config
+ .set_data(&filter_config.name, FILTER_TYPENAME, filter_config)
+ .map_err(|e| {
+ ApiError::internal_server_error(
+ format!("could not save filter '{}'", filter_config.name),
+ Some(e.into()),
+ )
+ })?;
+
+ Ok(())
+}
+
+/// Update existing filter
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if the config could not be saved, or if one of
+/// the sub-filters leads to a recursive filter definition.
+pub fn update_filter(
+ config: &mut Config,
+ name: &str,
+ filter_updater: &FilterConfigUpdater,
+ delete: Option<&[DeleteableFilterProperty]>,
+ digest: Option<&[u8]>,
+) -> Result<(), ApiError> {
+ super::verify_digest(config, digest)?;
+
+ let mut filter = get_filter(config, name)?;
+
+ if let Some(delete) = delete {
+ for deleteable_property in delete {
+ match deleteable_property {
+ DeleteableFilterProperty::MinSeverity => filter.min_severity = None,
+ DeleteableFilterProperty::SubFilter => filter.sub_filter = None,
+ DeleteableFilterProperty::Mode => filter.mode = None,
+ DeleteableFilterProperty::MatchProperty => filter.match_property = None,
+ DeleteableFilterProperty::InvertMatch => filter.invert_match = None,
+ DeleteableFilterProperty::Comment => filter.comment = None,
+ }
+ }
+ }
+
+ if let Some(min_severity) = filter_updater.min_severity {
+ filter.min_severity = Some(min_severity);
+ }
+
+ if let Some(sub_filter) = &filter_updater.sub_filter {
+ let sub_filters = sub_filter.iter().map(|s| s.as_str()).collect::<Vec<&str>>();
+ check_for_filter_recursion(config, name, &sub_filters)?;
+ filter.sub_filter = Some(sub_filter.iter().map(String::from).collect());
+ }
+
+ if let Some(mode) = filter_updater.mode {
+ filter.mode = Some(mode);
+ }
+
+ if let Some(match_property) = &filter_updater.match_property {
+ filter.match_property = Some(match_property.iter().map(String::from).collect());
+ }
+
+ if let Some(invert_match) = filter_updater.invert_match {
+ filter.invert_match = Some(invert_match);
+ }
+
+ if let Some(comment) = &filter_updater.comment {
+ filter.comment = Some(comment.into());
+ }
+
+ config
+ .config
+ .set_data(name, FILTER_TYPENAME, &filter)
+ .map_err(|e| {
+ ApiError::internal_server_error(
+ format!("could not save filter '{name}'"),
+ Some(e.into()),
+ )
+ })?;
+
+ Ok(())
+}
+
+/// Delete existing filter
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if the filter does not exist.
+pub fn delete_filter(config: &mut Config, name: &str) -> Result<(), ApiError> {
+ // Check if the filter exists
+ let _ = get_filter(config, name)?;
+
+ config.config.sections.remove(name);
+
+ Ok(())
+}
+
+fn check_for_filter_recursion(
+ config: &Config,
+ filter: &str,
+ new_sub_filters: &[&str],
+) -> Result<(), ApiError> {
+ for sub_filter in new_sub_filters {
+ let mut visited = HashSet::new();
+
+ // Add the the filter we're currently adding/updating as a starting point,
+ // since it has not been saved in the configuration
+ visited.insert(filter.to_string());
+ do_check_for_filter_recursion(config, sub_filter, &mut visited)?;
+ }
+
+ Ok(())
+}
+
+fn do_check_for_filter_recursion(
+ config: &Config,
+ filter: &str,
+ visited: &mut HashSet<String>,
+) -> Result<(), ApiError> {
+ if visited.contains(filter) {
+ return Err(ApiError::bad_request(
+ format!("recursion in sub-filter detected: {filter}"),
+ None,
+ ));
+ }
+
+ visited.insert(filter.to_string());
+
+ let filter = get_filter(config, filter)?;
+
+ if let Some(sub_filters) = &filter.sub_filter {
+ for sub_filter in sub_filters {
+ do_check_for_filter_recursion(config, sub_filter, visited)?;
+ }
+ }
+
+ Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+ use crate::filter::FilterModeOperator;
+ use crate::Severity;
+
+ fn empty_config() -> Config {
+ Config::new("", "").unwrap()
+ }
+
+ fn config_with_two_filters() -> Config {
+ Config::new(
+ "
+filter: filter1
+ min-severity info
+
+filter: filter2
+ min-severity warning
+",
+ "",
+ )
+ .unwrap()
+ }
+
+ #[test]
+ fn test_update_not_existing_returns_error() -> Result<(), ApiError> {
+ let mut config = empty_config();
+ assert!(update_filter(&mut config, "test", &Default::default(), None, None).is_err());
+ Ok(())
+ }
+
+ #[test]
+ fn test_update_invalid_digest_returns_error() -> Result<(), ApiError> {
+ let mut config = config_with_two_filters();
+ assert!(update_filter(
+ &mut config,
+ "filter1",
+ &Default::default(),
+ None,
+ Some(&[0u8; 32])
+ )
+ .is_err());
+
+ Ok(())
+ }
+
+ #[test]
+ fn test_filter_update() -> Result<(), ApiError> {
+ let mut config = config_with_two_filters();
+
+ let digest = config.digest;
+
+ update_filter(
+ &mut config,
+ "filter1",
+ &FilterConfigUpdater {
+ min_severity: Some(Severity::Error),
+ sub_filter: Some(vec!["filter2".into()]),
+ mode: Some(FilterModeOperator::Or),
+ match_property: Some(vec!["foo=bar".into()]),
+ invert_match: Some(true),
+ comment: Some("new comment".into()),
+ },
+ None,
+ Some(&digest),
+ )?;
+
+ let filter = get_filter(&config, "filter1")?;
+
+ assert!(matches!(filter.mode, Some(FilterModeOperator::Or)));
+ assert!(matches!(filter.min_severity, Some(Severity::Error)));
+ assert_eq!(filter.match_property, Some(vec!["foo=bar".into()]));
+ assert_eq!(filter.invert_match, Some(true));
+ assert_eq!(filter.sub_filter, Some(vec!["filter2".into()]));
+ assert_eq!(filter.comment, Some("new comment".into()));
+
+ // Test property deletion
+ update_filter(
+ &mut config,
+ "filter1",
+ &Default::default(),
+ Some(&[
+ DeleteableFilterProperty::InvertMatch,
+ DeleteableFilterProperty::SubFilter,
+ DeleteableFilterProperty::Mode,
+ DeleteableFilterProperty::InvertMatch,
+ DeleteableFilterProperty::MinSeverity,
+ DeleteableFilterProperty::MatchProperty,
+ DeleteableFilterProperty::Comment,
+ ]),
+ Some(&digest),
+ )?;
+
+ let filter = get_filter(&config, "filter1")?;
+
+ assert_eq!(filter.invert_match, None);
+ assert_eq!(filter.min_severity, None);
+ assert!(matches!(filter.mode, None));
+ assert_eq!(filter.match_property, None);
+ assert_eq!(filter.sub_filter, None);
+ assert_eq!(filter.comment, None);
+
+ // Adding a non-existing sub-filter must fail
+ assert!(update_filter(
+ &mut config,
+ "filter1",
+ &FilterConfigUpdater {
+ sub_filter: Some(vec!["filter3".into()]),
+ ..Default::default()
+ },
+ None,
+ Some(&digest),
+ )
+ .is_err());
+
+ Ok(())
+ }
+
+ #[test]
+ fn test_filter_delete() -> Result<(), ApiError> {
+ let mut config = config_with_two_filters();
+
+ delete_filter(&mut config, "filter1")?;
+ assert!(delete_filter(&mut config, "filter1").is_err());
+ assert_eq!(get_filters(&config)?.len(), 1);
+
+ Ok(())
+ }
+
+ #[test]
+ fn test_recursive_subfilter_definition() -> Result<(), ApiError> {
+ let mut config = Config::new(
+ "
+filter: filter-a
+ sub-filter filter-b
+
+filter: filter-b
+
+filter: filter-e
+ sub-filter filter-f
+
+filter: filter-f
+ sub-filter filter-e
+ ",
+ "",
+ )
+ .unwrap();
+
+ // Newly created recursion should be detected
+ assert!(update_filter(
+ &mut config,
+ "filter-b",
+ &FilterConfigUpdater {
+ sub_filter: Some(vec!["filter-a".into()]),
+ ..Default::default()
+ },
+ None,
+ None,
+ )
+ .is_err());
+
+ // Existing recursions should also be detected, in case the
+ // configuration file was modified by hand.
+ assert!(update_filter(
+ &mut config,
+ "filter-c",
+ &FilterConfigUpdater {
+ sub_filter: Some(vec!["filter-e".into()]),
+ ..Default::default()
+ },
+ None,
+ None,
+ )
+ .is_err());
+
+ Ok(())
+ }
+}
diff --git a/proxmox-notify/src/api/gotify.rs b/proxmox-notify/src/api/gotify.rs
index fdb9cf53..48051200 100644
--- a/proxmox-notify/src/api/gotify.rs
+++ b/proxmox-notify/src/api/gotify.rs
@@ -112,6 +112,13 @@ pub fn update_endpoint(
endpoint.comment = Some(comment.into());
}
+ if let Some(filter) = &endpoint_config_updater.filter {
+ // Check if filter exists
+ let _ = super::filter::get_filter(config, &filter)?;
+
+ endpoint.filter = Some(filter.into());
+ }
+
config
.config
.set_data(name, GOTIFY_TYPENAME, &endpoint)
diff --git a/proxmox-notify/src/api/mod.rs b/proxmox-notify/src/api/mod.rs
index 1d249024..65dbc97c 100644
--- a/proxmox-notify/src/api/mod.rs
+++ b/proxmox-notify/src/api/mod.rs
@@ -6,6 +6,7 @@ use serde::Serialize;
pub mod channel;
pub mod common;
+pub mod filter;
#[cfg(feature = "gotify")]
pub mod gotify;
#[cfg(feature = "sendmail")]
diff --git a/proxmox-notify/src/api/sendmail.rs b/proxmox-notify/src/api/sendmail.rs
index a5379cd3..85b73a39 100644
--- a/proxmox-notify/src/api/sendmail.rs
+++ b/proxmox-notify/src/api/sendmail.rs
@@ -96,6 +96,11 @@ pub fn update_endpoint(
endpoint.comment = Some(comment.into());
}
+ if let Some(filter) = &updater.filter {
+ let _ = super::filter::get_filter(config, filter)?;
+ endpoint.filter = Some(filter.into());
+ }
+
config
.config
.set_data(name, SENDMAIL_TYPENAME, &endpoint)
--
2.30.2
next prev parent reply other threads:[~2023-05-24 13:58 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-24 13:56 [pve-devel] [PATCH v2 cluster/guest-common/manager/ha-manager/proxmox{, -perl-rs} 00/42] fix #4156: introduce new notification module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 01/42] add `proxmox-human-byte` crate Lukas Wagner
2023-06-26 11:58 ` Wolfgang Bumiller
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 02/42] human-byte: move tests to their own sub-module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 03/42] add proxmox-notify crate Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 04/42] notify: add debian packaging Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 05/42] notify: preparation for the first endpoint plugin Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 06/42] notify: preparation for the API Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 07/42] notify: api: add API for sending notifications/testing endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 08/42] notify: add notification channels Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 09/42] notify: api: add API for channels Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 10/42] notify: add sendmail plugin Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 11/42] notify: api: add API for sendmail endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 12/42] notify: add gotify endpoint Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 13/42] notify: api: add API for gotify endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 14/42] notify: add notification filter mechanism Lukas Wagner
2023-05-24 13:56 ` Lukas Wagner [this message]
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 16/42] notify: add template rendering Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox 17/42] notify: add example for " Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 18/42] log: set default log level to 'info', add product specific logging env var Lukas Wagner
2023-06-05 7:27 ` Wolfgang Bumiller
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 19/42] add PVE::RS::Notify module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 20/42] notify: add api for sending notifications/testing endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 21/42] notify: add api for notification channels Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 22/42] notify: add api for sendmail endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 23/42] notify: add api for gotify endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 proxmox-perl-rs 24/42] notify: add api for notification filters Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-cluster 25/42] cluster files: add notifications.cfg Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-guest-common 26/42] vzdump: add config options for new notification backend Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 27/42] test: fix names of .PHONY targets Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 28/42] add PVE::Notify module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 29/42] vzdump: send notifications via new notification module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 30/42] test: rename mail_test.pl to vzdump_notification_test.pl Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 31/42] api: apt: send notification via new notification module Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 32/42] api: replication: send notifications " Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 33/42] ui: backup: allow to select notification channel for notifications Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 34/42] ui: backup: adapt backup job details to new notification params Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 35/42] ui: backup: allow to set notification-{channel, mode} for one-off backups Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 36/42] api: prepare api handler module for notification config Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 37/42] api: add api routes for notification channels Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 38/42] api: add api routes for sendmail endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 39/42] api: add api routes for gotify endpoints Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 40/42] api: add api routes for notification filters Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-manager 41/42] ui: backup: disable notification mode selector for now Lukas Wagner
2023-05-24 13:56 ` [pve-devel] [PATCH v2 pve-ha-manager 42/42] manager: send notifications via new notification module Lukas Wagner
2023-05-26 8:31 ` [pve-devel] [PATCH v2 cluster/guest-common/manager/ha-manager/proxmox{, -perl-rs} 00/42] fix #4156: introduce " Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230524135649.934881-16-l.wagner@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox