From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <w.bumiller@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id E09389C58D
 for <pve-devel@lists.proxmox.com>; Wed, 22 Nov 2023 12:53:53 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id AC8BC1723D
 for <pve-devel@lists.proxmox.com>; Wed, 22 Nov 2023 12:53:53 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Wed, 22 Nov 2023 12:53:51 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id AB9A4421B6;
 Wed, 22 Nov 2023 12:53:51 +0100 (CET)
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Wed, 22 Nov 2023 12:53:45 +0100
Message-Id: <20231122115350.131255-3-w.bumiller@proxmox.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20231122115350.131255-1-w.bumiller@proxmox.com>
References: <20231122115350.131255-1-w.bumiller@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.049 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 POISEN_SPAM_PILL_3        0.1 random spam to be learned in bayes
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [zones.pm]
Subject: [pve-devel] [PATCH network 2/7] api: take partial configs for PUT
 /cluster/sdn/zones/<id>
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2023 11:53:53 -0000

Zones previously expected a complete config, but the API schema
also contains a 'delete' parameter via the SectionConfig's
updateSchema() helper. This was not handled, and instead failed to
validate as part of the config.

The same is true for vnets and subnets, while ipams, dns and
controller entries followed our usual update procedures (but also
ignored the 'delete' parameter).

Since all of our SectionConfig based API endpoints are supposed to
take changes, rather than complete configs, this changes these
endpoints to not replace the full configuration anymore.

This is a major break for automation tools (the web UI already passed
the full config each time).

Cc: Alexandre Derumier <aderumier@odiso.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 src/PVE/API2/Network/SDN/Zones.pm | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/PVE/API2/Network/SDN/Zones.pm b/src/PVE/API2/Network/SDN/Zones.pm
index 1c3356e..b09c9ad 100644
--- a/src/PVE/API2/Network/SDN/Zones.pm
+++ b/src/PVE/API2/Network/SDN/Zones.pm
@@ -261,6 +261,11 @@ __PACKAGE__->register_method ({
 
 	my $id = extract_param($param, 'zone');
 	my $digest = extract_param($param, 'digest');
+	my $delete = extract_param($param, 'delete');
+
+	if ($delete) {
+	    $delete = [ PVE::Tools::split_list($delete) ];
+	}
 
 	PVE::Network::SDN::lock_sdn_config(sub {
 	    my $zone_cfg = PVE::Network::SDN::Zones::config();
@@ -274,8 +279,17 @@ __PACKAGE__->register_method ({
 	    my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($scfg->{type});
 	    my $opts = $plugin->check_config($id, $param, 0, 1);
 
-	    if ($opts->{ipam} && !$scfg->{ipam} || $opts->{ipam} ne $scfg->{ipam}) {
+	    my $old_ipam = $scfg->{ipam};
+
+	    if ($delete) {
+		my $options = $plugin->private()->{options}->{$scfg->{type}};
+		PVE::SectionConfig::delete_from_config($scfg, $options, $opts, $delete);
+	    }
 
+	    $scfg->{$_} = $opts->{$_} for keys $opts->%*;
+
+	    my $new_ipam = $scfg->{ipam};
+	    if (!$new_ipam != !$old_ipam || (($new_ipam//'') ne ($old_ipam//''))) {
 		# don't allow ipam change if subnet are defined for now, need to implement resync ipam content
 		my $subnets_cfg = PVE::Network::SDN::Subnets::config();
 		for my $subnetid (sort keys %{$subnets_cfg->{ids}}) {
@@ -285,8 +299,6 @@ __PACKAGE__->register_method ({
 		}
 	    }
 
-	    $zone_cfg->{ids}->{$id} = $opts;
-
 	    my $dnsserver = $opts->{dns};
 	    raise_param_exc({ dns => "$dnsserver don't exist"}) if $dnsserver && !$dns_cfg->{ids}->{$dnsserver};
 
-- 
2.39.2