From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7ECD59B59C for ; Mon, 20 Nov 2023 17:28:39 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 622A11CD35 for ; Mon, 20 Nov 2023 17:28:39 +0100 (CET) Received: from lana.proxmox.com (unknown [94.136.29.99]) by firstgate.proxmox.com (Proxmox) with ESMTP for ; Mon, 20 Nov 2023 17:28:38 +0100 (CET) Received: by lana.proxmox.com (Postfix, from userid 10043) id 2EF3A2C2B3A; Mon, 20 Nov 2023 17:28:38 +0100 (CET) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Mon, 20 Nov 2023 17:28:32 +0100 Message-Id: <20231120162833.431139-2-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231120162833.431139-1-s.hanreich@proxmox.com> References: <20231120162833.431139-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.614 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH pve-network 1/2] api: refactor URL structure for Ipam X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2023 16:28:39 -0000 The initial URL structure was less than optimal due to Ipam as well as Ipams being endpoints in the API, which are too similar and might be confusing to users. Move the listing of PVE IPAM to /ipams/pve/status Move the create / update / delete endpoints to /vnets/{vnetid}/ips Signed-off-by: Stefan Hanreich --- src/PVE/API2/Network/SDN.pm | 6 -- src/PVE/API2/Network/SDN/Ipams.pm | 83 +++++++++++++++++ src/PVE/API2/Network/SDN/{Ipam.pm => Ips.pm} | 97 ++------------------ src/PVE/API2/Network/SDN/Makefile | 2 +- src/PVE/API2/Network/SDN/Vnets.pm | 6 ++ 5 files changed, 100 insertions(+), 94 deletions(-) rename src/PVE/API2/Network/SDN/{Ipam.pm => Ips.pm} (58%) diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm index 551afcf..d216e48 100644 --- a/src/PVE/API2/Network/SDN.pm +++ b/src/PVE/API2/Network/SDN.pm @@ -15,7 +15,6 @@ use PVE::Network::SDN; use PVE::API2::Network::SDN::Controllers; use PVE::API2::Network::SDN::Vnets; use PVE::API2::Network::SDN::Zones; -use PVE::API2::Network::SDN::Ipam; use PVE::API2::Network::SDN::Ipams; use PVE::API2::Network::SDN::Dns; @@ -36,11 +35,6 @@ __PACKAGE__->register_method ({ path => 'controllers', }); -__PACKAGE__->register_method ({ - subclass => "PVE::API2::Network::SDN::Ipam", - path => 'ipam', -}); - __PACKAGE__->register_method ({ subclass => "PVE::API2::Network::SDN::Ipams", path => 'ipams', diff --git a/src/PVE/API2/Network/SDN/Ipams.pm b/src/PVE/API2/Network/SDN/Ipams.pm index 6410e8e..d6e0bc8 100644 --- a/src/PVE/API2/Network/SDN/Ipams.pm +++ b/src/PVE/API2/Network/SDN/Ipams.pm @@ -12,6 +12,9 @@ use PVE::Network::SDN::Ipams::Plugin; use PVE::Network::SDN::Ipams::PVEPlugin; use PVE::Network::SDN::Ipams::PhpIpamPlugin; use PVE::Network::SDN::Ipams::NetboxPlugin; +use PVE::Network::SDN::Dhcp; +use PVE::Network::SDN::Vnets; +use PVE::Network::SDN::Zones; use Storable qw(dclone); use PVE::JSONSchema qw(get_standard_option); @@ -245,4 +248,84 @@ __PACKAGE__->register_method ({ return undef; }}); +__PACKAGE__->register_method ({ + name => 'ipamindex', + path => '{ipam}/status', + method => 'GET', + description => 'List PVE IPAM Entries', + protected => 1, + permissions => { + description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/sdn/zones//'", + user => 'all', + }, + parameters => { + additionalProperties => 0, + properties => { + ipam => get_standard_option('pve-sdn-ipam-id', { + completion => \&PVE::Network::SDN::Ipams::complete_sdn_ipams, + }), + }, + }, + returns => { + type => 'array', + }, + code => sub { + my ($param) = @_; + + my $id = extract_param($param, 'ipam'); + die "Currently only PVE IPAM is supported!" if $id ne 'pve'; + + my $rpcenv = PVE::RPCEnvironment::get(); + my $authuser = $rpcenv->get_user(); + my $privs = [ 'SDN.Audit', 'SDN.Allocate' ]; + + my $ipam_plugin = PVE::Network::SDN::Ipams::Plugin->lookup('pve'); + my $ipam_db = $ipam_plugin->read_db(); + + my $result = []; + + for my $zone_id (keys %{$ipam_db->{zones}}) { + my $zone_config = PVE::Network::SDN::Zones::get_zone($zone_id, 1); + next if !$zone_config || $zone_config->{ipam} ne 'pve' || !$zone_config->{dhcp}; + + my $zone = $ipam_db->{zones}->{$zone_id}; + + my $vnets = PVE::Network::SDN::Zones::get_vnets($zone_id, 1); + + for my $subnet_cidr (keys %{$zone->{subnets}}) { + my $subnet = $zone->{subnets}->{$subnet_cidr}; + my $ip = new NetAddr::IP($subnet_cidr) or die 'Found invalid CIDR in IPAM'; + + my $vnet = undef; + for my $vnet_id (keys %$vnets) { + eval { + my ($zone, $subnetid, $subnet_cfg, $ip) = PVE::Network::SDN::Vnets::get_subnet_from_vnet_ip( + $vnet_id, + $ip->addr, + ); + + $vnet = $subnet_cfg->{vnet}; + }; + + last if $vnet; + } + + next if !$vnet || !$rpcenv->check_any($authuser, "/sdn/zones/$zone_id/$vnet", $privs, 1); + + for my $ip (keys %{$subnet->{ips}}) { + my $entry = $subnet->{ips}->{$ip}; + $entry->{zone} = $zone_id; + $entry->{subnet} = $subnet_cidr; + $entry->{ip} = $ip; + $entry->{vnet} = $vnet; + + push @$result, $entry; + } + } + } + + return $result; + }, +}); + 1; diff --git a/src/PVE/API2/Network/SDN/Ipam.pm b/src/PVE/API2/Network/SDN/Ips.pm similarity index 58% rename from src/PVE/API2/Network/SDN/Ipam.pm rename to src/PVE/API2/Network/SDN/Ips.pm index e71ca7d..31dec04 100644 --- a/src/PVE/API2/Network/SDN/Ipam.pm +++ b/src/PVE/API2/Network/SDN/Ips.pm @@ -1,100 +1,23 @@ -package PVE::API2::Network::SDN::Ipam; +package PVE::API2::Network::SDN::Ips; use strict; use warnings; use PVE::Tools qw(extract_param); -use PVE::Cluster qw(cfs_read_file cfs_write_file); -use PVE::Network::SDN; -use PVE::Network::SDN::Dhcp; use PVE::Network::SDN::Vnets; -use PVE::Network::SDN::Ipams::Plugin; +use PVE::Network::SDN::Dhcp; use PVE::JSONSchema qw(get_standard_option); -use PVE::RPCEnvironment; - use PVE::RESTHandler; use base qw(PVE::RESTHandler); __PACKAGE__->register_method ({ - name => 'ipamindex', + name => 'ipdelete', path => '', - method => 'GET', - description => 'List PVE IPAM Entries', - protected => 1, - permissions => { - description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/sdn/zones//'", - user => 'all', - }, - parameters => { - additionalProperties => 0, - }, - returns => { - type => 'array', - }, - code => sub { - my ($param) = @_; - - my $rpcenv = PVE::RPCEnvironment::get(); - my $authuser = $rpcenv->get_user(); - my $privs = [ 'SDN.Audit', 'SDN.Allocate' ]; - - my $ipam_plugin = PVE::Network::SDN::Ipams::Plugin->lookup('pve'); - my $ipam_db = $ipam_plugin->read_db(); - - my $result = []; - - for my $zone_id (keys %{$ipam_db->{zones}}) { - my $zone_config = PVE::Network::SDN::Zones::get_zone($zone_id, 1); - next if !$zone_config || $zone_config->{ipam} ne 'pve' || !$zone_config->{dhcp}; - - my $zone = $ipam_db->{zones}->{$zone_id}; - - my $vnets = PVE::Network::SDN::Zones::get_vnets($zone_id, 1); - - for my $subnet_cidr (keys %{$zone->{subnets}}) { - my $subnet = $zone->{subnets}->{$subnet_cidr}; - my $ip = new NetAddr::IP($subnet_cidr) or die 'Found invalid CIDR in IPAM'; - - my $vnet = undef; - for my $vnet_id (keys %$vnets) { - eval { - my ($zone, $subnetid, $subnet_cfg, $ip) = PVE::Network::SDN::Vnets::get_subnet_from_vnet_ip( - $vnet_id, - $ip->addr, - ); - - $vnet = $subnet_cfg->{vnet}; - }; - - last if $vnet; - } - - next if !$vnet || !$rpcenv->check_any($authuser, "/sdn/zones/$zone_id/$vnet", $privs, 1); - - for my $ip (keys %{$subnet->{ips}}) { - my $entry = $subnet->{ips}->{$ip}; - $entry->{zone} = $zone_id; - $entry->{subnet} = $subnet_cidr; - $entry->{ip} = $ip; - $entry->{vnet} = $vnet; - - push @$result, $entry; - } - } - } - - return $result; - }, -}); - -__PACKAGE__->register_method ({ - name => 'dhcpdelete', - path => '{zone}/{vnet}/{mac}', method => 'DELETE', - description => 'Delete DHCP Mappings in a VNet for a MAC address', + description => 'Delete IP Mappings in a VNet', protected => 1, permissions => { check => ['perm', '/sdn/zones/{zone}/{vnet}', [ 'SDN.Allocate' ]], @@ -129,10 +52,10 @@ __PACKAGE__->register_method ({ }); __PACKAGE__->register_method ({ - name => 'dhcpcreate', - path => '{zone}/{vnet}/{mac}', + name => 'ipcreate', + path => '', method => 'POST', - description => 'Create DHCP Mapping', + description => 'Create IP Mapping in a VNet', protected => 1, permissions => { check => ['perm', '/sdn/zones/{zone}/{vnet}', [ 'SDN.Allocate' ]], @@ -165,10 +88,10 @@ __PACKAGE__->register_method ({ }, }); __PACKAGE__->register_method ({ - name => 'dhcpupdate', - path => '{zone}/{vnet}/{mac}', + name => 'ipupdate', + path => '', method => 'PUT', - description => 'Update DHCP Mapping', + description => 'Update IP Mapping in a VNet', protected => 1, permissions => { check => ['perm', '/sdn/zones/{zone}/{vnet}', [ 'SDN.Allocate' ]], diff --git a/src/PVE/API2/Network/SDN/Makefile b/src/PVE/API2/Network/SDN/Makefile index 2480c09..abd1bfa 100644 --- a/src/PVE/API2/Network/SDN/Makefile +++ b/src/PVE/API2/Network/SDN/Makefile @@ -1,4 +1,4 @@ -SOURCES=Vnets.pm Zones.pm Controllers.pm Subnets.pm Ipams.pm Ipam.pm Dns.pm +SOURCES=Vnets.pm Zones.pm Controllers.pm Subnets.pm Ipams.pm Dns.pm Ips.pm PERL5DIR=${DESTDIR}/usr/share/perl5 diff --git a/src/PVE/API2/Network/SDN/Vnets.pm b/src/PVE/API2/Network/SDN/Vnets.pm index 864dc4a..a32df8c 100644 --- a/src/PVE/API2/Network/SDN/Vnets.pm +++ b/src/PVE/API2/Network/SDN/Vnets.pm @@ -13,6 +13,7 @@ use PVE::Network::SDN::Vnets; use PVE::Network::SDN::VnetPlugin; use PVE::Network::SDN::Subnets; use PVE::API2::Network::SDN::Subnets; +use PVE::API2::Network::SDN::Ips; use Storable qw(dclone); use PVE::JSONSchema qw(get_standard_option); @@ -28,6 +29,11 @@ __PACKAGE__->register_method ({ path => '{vnet}/subnets', }); +__PACKAGE__->register_method ({ + subclass => "PVE::API2::Network::SDN::Ips", + path => '{vnet}/ips', +}); + my $api_sdn_vnets_config = sub { my ($cfg, $id) = @_; -- 2.39.2