From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D9627C0135 for ; Wed, 10 Jan 2024 10:32:41 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B8D3331413 for ; Wed, 10 Jan 2024 10:32:11 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 10 Jan 2024 10:32:10 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B8C6C4904D for ; Wed, 10 Jan 2024 10:32:10 +0100 (CET) From: Lukas Wagner To: pve-devel@lists.proxmox.com Date: Wed, 10 Jan 2024 10:31:21 +0100 Message-Id: <20240110093122.87062-1-l.wagner@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.004 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH proxmox v2 1/2] notify: api: allow resetting built-in targets if used by a matcher X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2024 09:32:41 -0000 In the 'delete'-handler targets, we check if a target is still referenced by a matcher - if it is, we return an error. For built-in targets, this is actually not necessary, since 'deleting' a built-in only resets it to its default settings - it will continue to exist after that. The user could easily trigger this if 'mail-to-root', which is referenced by 'default-matcher' is modified and then reset to its defaults: An error is shown, the built-in target is not reset. This commit disables this check if it is a built-in target. Renamed the helper 'ensure_unused' to 'ensure_safe_to_delete' in the process. Also fixed the tests in api::test - they were never executed due to a faulty #[cfg] directive. Signed-off-by: Lukas Wagner --- Changes since v1: - Simplify deserialization of 'origin' in ensure_safe_to_delete (thx @ Wolfgang 🙏) - Reworded commit message slightly proxmox-notify/src/api/gotify.rs | 2 +- proxmox-notify/src/api/mod.rs | 71 ++++++++++++++++++++++-------- proxmox-notify/src/api/sendmail.rs | 2 +- proxmox-notify/src/api/smtp.rs | 2 +- 4 files changed, 55 insertions(+), 22 deletions(-) diff --git a/proxmox-notify/src/api/gotify.rs b/proxmox-notify/src/api/gotify.rs index 98ff255..a93a024 100644 --- a/proxmox-notify/src/api/gotify.rs +++ b/proxmox-notify/src/api/gotify.rs @@ -136,7 +136,7 @@ pub fn update_endpoint( pub fn delete_gotify_endpoint(config: &mut Config, name: &str) -> Result<(), HttpError> { // Check if the endpoint exists let _ = get_endpoint(config, name)?; - super::ensure_unused(config, name)?; + super::ensure_safe_to_delete(config, name)?; remove_private_config_entry(config, name)?; config.config.sections.remove(name); diff --git a/proxmox-notify/src/api/mod.rs b/proxmox-notify/src/api/mod.rs index 762d448..7cc2593 100644 --- a/proxmox-notify/src/api/mod.rs +++ b/proxmox-notify/src/api/mod.rs @@ -1,9 +1,10 @@ -use serde::Serialize; use std::collections::HashSet; +use serde::{Deserialize, Serialize}; + use proxmox_http_error::HttpError; -use crate::Config; +use crate::{Config, Origin}; pub mod common; #[cfg(feature = "gotify")] @@ -111,7 +112,20 @@ fn get_referrers(config: &Config, entity: &str) -> Result, HttpE Ok(referrers) } -fn ensure_unused(config: &Config, entity: &str) -> Result<(), HttpError> { +fn ensure_safe_to_delete(config: &Config, entity: &str) -> Result<(), HttpError> { + if let Some(entity_config) = config.config.sections.get(entity) { + if let Ok(origin) = Origin::deserialize(&entity_config.1["origin"]) { + // Built-ins are never actually removed, only reset to their default + // It is thus safe to do the reset if another entity depends + // on it + if origin == Origin::Builtin || origin == Origin::ModifiedBuiltin { + return Ok(()); + } + } + } else { + http_bail!(NOT_FOUND, "entity '{entity}' does not exist"); + } + let referrers = get_referrers(config, entity)?; if !referrers.is_empty() { @@ -191,31 +205,31 @@ mod test_helpers { } } -#[cfg(all(test, gotify, sendmail))] +#[cfg(all(test, feature = "gotify", feature = "sendmail"))] mod tests { use super::*; use crate::endpoints::gotify::{GotifyConfig, GotifyPrivateConfig}; use crate::endpoints::sendmail::SendmailConfig; - use crate::filter::FilterConfig; - use crate::group::GroupConfig; + use crate::matcher::MatcherConfig; fn prepare_config() -> Result { - let mut config = super::test_helpers::empty_config(); + let mut config = test_helpers::empty_config(); - matcher::add_matcher( + sendmail::add_endpoint( &mut config, - &MatcherConfig { - name: "matcher".to_string(), - target: Some(vec!["sendmail".to_string(), "gotify".to_string()]) - ..Default::default(), + &SendmailConfig { + name: "sendmail".to_string(), + mailto: Some(vec!["foo@example.com".to_string()]), + ..Default::default() }, )?; sendmail::add_endpoint( &mut config, &SendmailConfig { - name: "sendmail".to_string(), + name: "builtin".to_string(), mailto: Some(vec!["foo@example.com".to_string()]), + origin: Some(Origin::Builtin), ..Default::default() }, )?; @@ -233,6 +247,19 @@ mod tests { }, )?; + matcher::add_matcher( + &mut config, + &MatcherConfig { + name: "matcher".to_string(), + target: Some(vec![ + "sendmail".to_string(), + "gotify".to_string(), + "builtin".to_string(), + ]), + ..Default::default() + }, + )?; + Ok(config) } @@ -245,6 +272,7 @@ mod tests { HashSet::from([ "matcher".to_string(), "sendmail".to_string(), + "builtin".to_string(), "gotify".to_string() ]) ); @@ -268,12 +296,17 @@ mod tests { } #[test] - fn test_ensure_unused() { + fn test_ensure_safe_to_delete() { let config = prepare_config().unwrap(); - assert!(ensure_unused(&config, "gotify").is_err()); - assert!(ensure_unused(&config, "sendmail").is_err()); - assert!(ensure_unused(&config, "matcher").is_ok()); + assert!(ensure_safe_to_delete(&config, "gotify").is_err()); + assert!(ensure_safe_to_delete(&config, "sendmail").is_err()); + assert!(ensure_safe_to_delete(&config, "matcher").is_ok()); + + // built-ins are always safe to delete, since there is no way to actually + // delete them... they will only be reset to their default settings and + // will thus continue to exist + assert!(ensure_safe_to_delete(&config, "builtin").is_ok()); } #[test] @@ -281,7 +314,7 @@ mod tests { let config = prepare_config().unwrap(); assert!(ensure_unique(&config, "sendmail").is_err()); - assert!(ensure_unique(&config, "group").is_err()); + assert!(ensure_unique(&config, "matcher").is_err()); assert!(ensure_unique(&config, "new").is_ok()); } @@ -289,6 +322,6 @@ mod tests { fn test_ensure_endpoints_exist() { let config = prepare_config().unwrap(); - assert!(ensure_endpoints_exist(&config, &vec!["sendmail", "gotify"]).is_ok()); + assert!(ensure_endpoints_exist(&config, &["sendmail", "gotify", "builtin"]).is_ok()); } } diff --git a/proxmox-notify/src/api/sendmail.rs b/proxmox-notify/src/api/sendmail.rs index 0f40178..e911505 100644 --- a/proxmox-notify/src/api/sendmail.rs +++ b/proxmox-notify/src/api/sendmail.rs @@ -144,7 +144,7 @@ pub fn update_endpoint( pub fn delete_endpoint(config: &mut Config, name: &str) -> Result<(), HttpError> { // Check if the endpoint exists let _ = get_endpoint(config, name)?; - super::ensure_unused(config, name)?; + super::ensure_safe_to_delete(config, name)?; config.config.sections.remove(name); diff --git a/proxmox-notify/src/api/smtp.rs b/proxmox-notify/src/api/smtp.rs index 14b301c..6bd0c4b 100644 --- a/proxmox-notify/src/api/smtp.rs +++ b/proxmox-notify/src/api/smtp.rs @@ -192,7 +192,7 @@ pub fn update_endpoint( pub fn delete_endpoint(config: &mut Config, name: &str) -> Result<(), HttpError> { // Check if the endpoint exists let _ = get_endpoint(config, name)?; - super::ensure_unused(config, name)?; + super::ensure_safe_to_delete(config, name)?; super::remove_private_config_entry(config, name)?; config.config.sections.remove(name); -- 2.39.2