public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases
@ 2024-11-25 16:12 Stefan Hanreich
  2024-11-25 16:12 ` [pve-devel] [PATCH proxmox-ve-rs 2/2] firewall: alias: document difference between Alias and AliasName Stefan Hanreich
  2024-11-25 16:26 ` [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases Stefan Hanreich
  0 siblings, 2 replies; 4+ messages in thread
From: Stefan Hanreich @ 2024-11-25 16:12 UTC (permalink / raw)
  To: pve-devel

pve-firewall lowercases the names of aliases when reading from the
configuration as well as when comparing source / destination entries
with the entries in the parsed aliases. In order to stay
backwards-compatible we also need to lowercase any parsed alias name.
I decided to this in the constructor and switch all call sites to the
new constructor, so there's only one place where we have to handle
lowercasing the string.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
In order for this to be fixed in proxmox-firewall, it needs to be
built with the new version of proxmox-ve-config of course.

 proxmox-ve-config/src/firewall/types/alias.rs | 44 ++++++++++++++-----
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/proxmox-ve-config/src/firewall/types/alias.rs b/proxmox-ve-config/src/firewall/types/alias.rs
index 5dfaa41..08e4d77 100644
--- a/proxmox-ve-config/src/firewall/types/alias.rs
+++ b/proxmox-ve-config/src/firewall/types/alias.rs
@@ -53,10 +53,7 @@ impl FromStr for AliasName {
 
     fn from_str(s: &str) -> Result<Self, Self::Err> {
         match s.split_once('/') {
-            Some((prefix, name)) if !name.is_empty() => Ok(Self {
-                scope: prefix.parse()?,
-                name: name.to_string(),
-            }),
+            Some((prefix, name)) if !name.is_empty() => Ok(Self::new(prefix.parse()?, name)),
             _ => {
                 bail!("Invalid Alias name!")
             }
@@ -65,10 +62,18 @@ impl FromStr for AliasName {
 }
 
 impl AliasName {
+    /// Creates a new [`AliasName`].
+    ///
+    /// It will convert any ASCII characters contained in the name into lowercase. This is for
+    /// maintaining backwards-compatiblity with pve-firewall, where all aliases are lowercased when
+    /// reading from the config.
     pub fn new(scope: AliasScope, name: impl Into<String>) -> Self {
+        let mut lowercase_name = name.into();
+        lowercase_name.make_ascii_lowercase();
+
         Self {
             scope,
-            name: name.into(),
+            name: lowercase_name,
         }
     }
 
@@ -90,13 +95,21 @@ pub struct Alias {
 }
 
 impl Alias {
+    /// Creates a new [`Alias`].
+    ///
+    /// It will convert any ASCII characters contained in the name into lowercase. This is for
+    /// maintaining backwards-compatiblity with pve-firewall, where all aliases are lowercased when
+    /// reading from the config.
     pub fn new(
         name: impl Into<String>,
         address: impl Into<Cidr>,
         comment: impl Into<Option<String>>,
     ) -> Self {
+        let mut lowercase_name = name.into();
+        lowercase_name.make_ascii_lowercase();
+
         Self {
-            name: name.into(),
+            name: lowercase_name,
             address: address.into(),
             comment: comment.into(),
         }
@@ -135,11 +148,7 @@ impl FromStr for Alias {
             None => None,
         };
 
-        Ok(Alias {
-            name: name.to_string(),
-            address,
-            comment,
-        })
+        Ok(Alias::new(name, address, comment))
     }
 }
 
@@ -159,6 +168,11 @@ mod tests {
         for alias in ["-- 10.0.0.1/32", "0asd 10.0.0.1/32", "__test 10.0.0.0/32"] {
             alias.parse::<Alias>().expect_err("invalid alias");
         }
+
+        let alias = "pRoxMox 10.0.0.0/32 # a comment".parse::<Alias>().expect("valid alias");
+        assert_eq!(alias.name(), "proxmox");
+        assert_eq!(alias.address(), &Cidr::new_v4([10, 0, 0, 0], 32).expect("valid CIDR"));
+        assert_eq!(alias.comment(), Some("a comment"));
     }
 
     #[test]
@@ -171,4 +185,12 @@ mod tests {
             name.parse::<AliasName>().expect_err("invalid alias name");
         }
     }
+
+    #[test]
+    fn test_parse_alias_case() {
+        for name in ["dc/PROxMoX", "guest/PROXMOX"] {
+            let alias_name = name.parse::<AliasName>().expect("valid alias name");
+            assert_eq!(alias_name.name(), "proxmox");
+        }
+    }
 }
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] [PATCH proxmox-ve-rs 2/2] firewall: alias: document difference between Alias and AliasName
  2024-11-25 16:12 [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases Stefan Hanreich
@ 2024-11-25 16:12 ` Stefan Hanreich
  2024-11-25 16:26 ` [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases Stefan Hanreich
  1 sibling, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2024-11-25 16:12 UTC (permalink / raw)
  To: pve-devel

Alias and AliasName represent two different parts inside a firewall
configuration. Document the respective structs better to make the
differences between them clearer.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 proxmox-ve-config/src/firewall/types/alias.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/proxmox-ve-config/src/firewall/types/alias.rs b/proxmox-ve-config/src/firewall/types/alias.rs
index 08e4d77..a7c6c33 100644
--- a/proxmox-ve-config/src/firewall/types/alias.rs
+++ b/proxmox-ve-config/src/firewall/types/alias.rs
@@ -35,6 +35,7 @@ impl Display for AliasScope {
     }
 }
 
+/// Represents the name of an Alias in a firewall rule the firewall configuration.
 #[derive(Debug, Clone, DeserializeFromStr, SerializeDisplay)]
 #[cfg_attr(test, derive(Eq, PartialEq))]
 pub struct AliasName {
@@ -86,6 +87,11 @@ impl AliasName {
     }
 }
 
+/// Represents an Alias stored in the ALIASES section of the firewall configuration.
+///
+/// Since they contain no scope in the firewall configuration itself, this struct also does not
+/// contain a scope. The scope has to be inferred from the Context where this Alias is stored, if
+/// that is necessary.
 #[derive(Debug)]
 #[cfg_attr(test, derive(Eq, PartialEq))]
 pub struct Alias {
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases
  2024-11-25 16:12 [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases Stefan Hanreich
  2024-11-25 16:12 ` [pve-devel] [PATCH proxmox-ve-rs 2/2] firewall: alias: document difference between Alias and AliasName Stefan Hanreich
@ 2024-11-25 16:26 ` Stefan Hanreich
  2024-11-25 17:05   ` Stefan Hanreich
  1 sibling, 1 reply; 4+ messages in thread
From: Stefan Hanreich @ 2024-11-25 16:26 UTC (permalink / raw)
  To: pve-devel

Leo supplied a patch already [1] that changes the handling of names in
the firewall. Might make sense to revisit this patch series in the
future to unify how cases are handled in the firewall. Nevertheless,
this patch acts as a quick fox for users running into issues with the
firewall due to the difference in handling cases in pve-firewall and
proxmox-firewall.

It fixes Bug #5927 [2], would be nice if that could be added to the
commit message if applied.

[1] https://lists.proxmox.com/pipermail/pve-devel/2023-January/055596.html
[2] https://bugzilla.proxmox.com/show_bug.cgi?id=5927


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases
  2024-11-25 16:26 ` [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases Stefan Hanreich
@ 2024-11-25 17:05   ` Stefan Hanreich
  0 siblings, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2024-11-25 17:05 UTC (permalink / raw)
  To: pve-devel

v2 here:
https://lore.proxmox.com/pve-devel/20241125170449.238880-1-s.hanreich@proxmox.com/T/#u



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-11-25 17:06 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-11-25 16:12 [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases Stefan Hanreich
2024-11-25 16:12 ` [pve-devel] [PATCH proxmox-ve-rs 2/2] firewall: alias: document difference between Alias and AliasName Stefan Hanreich
2024-11-25 16:26 ` [pve-devel] [PATCH proxmox-ve-rs 1/2] firewall: alias: lowercase names of aliases Stefan Hanreich
2024-11-25 17:05   ` Stefan Hanreich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal