From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 34C651FF13B for ; Wed, 11 Mar 2026 13:50:51 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 66EBD19BDE; Wed, 11 Mar 2026 13:50:46 +0100 (CET) From: Daniel Kral To: pve-devel@lists.proxmox.com Subject: [PATCH ha-manager 2/2] api: rules: check for non-empty nodes and resources properties Date: Wed, 11 Mar 2026 13:49:36 +0100 Message-ID: <20260311125008.271334-3-d.kral@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260311125008.271334-1-d.kral@proxmox.com> References: <20260311125008.271334-1-d.kral@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1773233377094 X-SPAM-LEVEL: Spam detection results: 0 AWL -1.025 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.408 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.819 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.903 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: OXLL652BSAN5X2FHWRWLNBMOVN5B3F2A X-Message-ID-Hash: OXLL652BSAN5X2FHWRWLNBMOVN5B3F2A X-MailFrom: d.kral@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The 'resources' property is required (i.e., not optional) for all rule types and the 'nodes' property is required for node affinity rules. Though setting these as required does not prevent users from setting them to an empty string as non-optional properties are only checked for definedness in PVE::JSONSchema at the moment. This allows users to write invalid rule sections to the rules config as subsequent config reads will complain about the missing required options not being set as PVE::SectionConfig::write_config(...) will drop these if their values evaluate to empty strings. Therefore, add an additional check to prevent users from being able to pass empty nodes and/or resource lists when creating or modifying existing HA rules. Fixes: https://bugzilla.proxmox.com/show_bug.cgi?id=7399 Signed-off-by: Daniel Kral --- src/PVE/API2/HA/Rules.pm | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/PVE/API2/HA/Rules.pm b/src/PVE/API2/HA/Rules.pm index 046a4a9b..f09ab362 100644 --- a/src/PVE/API2/HA/Rules.pm +++ b/src/PVE/API2/HA/Rules.pm @@ -42,9 +42,11 @@ my $get_api_ha_rule = sub { return $cfg; }; -my $assert_resources_are_configured = sub { +my $assert_valid_resources_param = sub { my ($resources) = @_; + die "no resources were specified\n" if !%$resources; + my $unconfigured_resources = []; for my $resource (sort keys %$resources) { @@ -56,9 +58,11 @@ my $assert_resources_are_configured = sub { if @$unconfigured_resources; }; -my $assert_nodes_do_exist = sub { +my $assert_valid_nodes_param = sub { my ($nodes) = @_; + die "no nodes were specified\n" if !%$nodes; + my $nonexistent_nodes = []; my $localnode = PVE::INotify::nodename(); @@ -281,8 +285,8 @@ __PACKAGE__->register_method({ die "HA rule '$ruleid' already defined\n" if $rules->{ids}->{$ruleid}; - $assert_resources_are_configured->($opts->{resources}); - $assert_nodes_do_exist->($opts->{nodes}) if $opts->{nodes}; + $assert_valid_resources_param->($opts->{resources}); + $assert_valid_nodes_param->($opts->{nodes}) if $opts->{nodes}; $rules->{order}->{$ruleid} = PVE::HA::Rules::get_next_ordinal($rules); $rules->{ids}->{$ruleid} = $opts; @@ -339,8 +343,8 @@ __PACKAGE__->register_method({ my $plugin = PVE::HA::Rules->lookup($type); my $opts = $plugin->check_config($ruleid, $param, 0, 1); - $assert_resources_are_configured->($opts->{resources}); - $assert_nodes_do_exist->($opts->{nodes}) if $opts->{nodes}; + $assert_valid_resources_param->($opts->{resources}); + $assert_valid_nodes_param->($opts->{nodes}) if $opts->{nodes}; my $options = $plugin->private()->{options}->{$type}; PVE::SectionConfig::delete_from_config($rule, $options, $opts, $delete); -- 2.47.3