From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id ED0DF9AA88 for ; Fri, 17 Nov 2023 16:15:44 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id D0ADD35FA6 for ; Fri, 17 Nov 2023 16:15:44 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 17 Nov 2023 16:15:44 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id EFD5843E6C for ; Fri, 17 Nov 2023 16:15:43 +0100 (CET) Date: Fri, 17 Nov 2023 16:15:42 +0100 From: Wolfgang Bumiller To: Christoph Heiss Cc: pve-devel@lists.proxmox.com Message-ID: References: <20230511094620.667892-1-c.heiss@proxmox.com> <20230511094620.667892-3-c.heiss@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230511094620.667892-3-c.heiss@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.100 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pve-devel] [PATCH manager 2/2] ui: fw: allow selecting network interface for rules using combogrid X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2023 15:15:45 -0000 just some thoughts from my side: On Thu, May 11, 2023 at 11:46:20AM +0200, Christoph Heiss wrote: > For nodes, VMs and CTs we can show the user a list of available network > interfaces (as that information is available) when creating a new > firewall rule, much like it is already done in similar places. > Adds a lot of convenience when creating new firewall rules if they are > interface-specific, as you get a nice summary of the available ones and > can simply select it instead of typing it out each time. > > Nodes can use the new `NetworkInterfaceSelector`, for VMs and CTs a new > component is needed, as the VM/CT config needs to be parsed > appropriately. It's mostly modeled after the `NetworkInterfaceSelector` > component and pretty straight-forward. > For datacenter rules, the simple textbox is kept. > > Signed-off-by: Christoph Heiss > --- > Note: iptables(8) allows two wildcards for the interface, `!` and `+`. > For VMs and CTs this cannot be specified currently anyway, as the API > only allows /^net\d+$/. For nodes, since they accept any arbritrary > string as interface name, this possibility to specify a wildcard for the > interface gets essentially lost. > > I guess we could still allow users to input any strings if they want - > is that something that should be possible (using the GUI)? IOW, do we > want to allow that? > > www/manager6/Makefile | 1 + > .../form/VMNetworkInterfaceSelector.js | 79 +++++++++++++++++++ > www/manager6/grid/FirewallRules.js | 37 ++++++++- > www/manager6/lxc/Config.js | 1 + > www/manager6/qemu/Config.js | 1 + > 5 files changed, 115 insertions(+), 4 deletions(-) > create mode 100644 www/manager6/form/VMNetworkInterfaceSelector.js > > diff --git a/www/manager6/Makefile b/www/manager6/Makefile > index a2f5116c..57ba331b 100644 > --- a/www/manager6/Makefile > +++ b/www/manager6/Makefile > @@ -71,6 +71,7 @@ JSSRC= \ > form/UserSelector.js \ > form/VLanField.js \ > form/VMCPUFlagSelector.js \ > + form/VMNetworkInterfaceSelector.js \ > form/VMSelector.js \ > form/VNCKeyboardSelector.js \ > form/ViewSelector.js \ > diff --git a/www/manager6/form/VMNetworkInterfaceSelector.js b/www/manager6/form/VMNetworkInterfaceSelector.js > new file mode 100644 > index 00000000..fbe631ba > --- /dev/null > +++ b/www/manager6/form/VMNetworkInterfaceSelector.js > @@ -0,0 +1,79 @@ > +Ext.define('PVE.form.VMNetworkInterfaceSelector', { > + extend: 'Proxmox.form.ComboGrid', > + alias: 'widget.PVE.form.VMNetworkInterfaceSelector', > + mixins: ['Proxmox.Mixin.CBind'], > + > + cbindData: (initialConfig) => ({ > + isQemu: initialConfig.pveSelNode.data.type === 'qemu', > + }), > + > + displayField: 'id', > + > + store: { > + fields: ['id', 'name', 'bridge', 'ip'], Not a fan of only including the 'ip' field without also including the 'ip6' field. And not sure about the formatting with both included :-) (They can also be "manual" and "dhcp", and ip6 can additionally be "auto", so it might look weird, but 🤷) In patch 1 the NetworkInterfaceSelector has different fields ('iface', 'active', 'type') > + filterOnLoad: true, > + sorters: { > + property: 'id', > + direction: 'ASC', > + }, > + }, > + > + listConfig: { > + cbind: {}, > + columns: [ > + { > + header: 'ID', > + dataIndex: 'id', > + hideable: false, > + width: 80, > + }, > + { > + header: gettext('Name'), > + dataIndex: 'name', > + flex: 1, > + cbind: { > + hidden: '{isQemu}', > + }, > + }, > + { > + header: gettext('Bridge'), > + dataIndex: 'bridge', > + flex: 1, > + }, > + { > + header: gettext('IP address'), > + dataIndex: 'ip', > + flex: 1, > + cbind: { > + hidden: '{isQemu}', > + }, > + }, > + ], > + }, > + > + initComponent: function() { > + const { node: nodename, type, vmid } = this.pveSelNode.data; > + > + Proxmox.Utils.API2Request({ > + url: `/nodes/${nodename}/${type}/${vmid}/config`, > + method: 'GET', > + success: ({ result: { data } }) => { > + let networks = []; > + for (const [id, value] of Object.entries(data)) { > + if (id.match(/^net\d+/)) { > + const parsed = type === 'lxc' > + ? PVE.Parser.parseLxcNetwork(value) > + : PVE.Parser.parseQemuNetwork(id, value); > + > + networks.push({ ...parsed, id }); > + } > + } > + > + this.store.loadData(networks); > + }, > + }); > + > + this.callParent(); > + }, > +}); > + > diff --git a/www/manager6/grid/FirewallRules.js b/www/manager6/grid/FirewallRules.js > index 5777c7f4..9085bd64 100644 > --- a/www/manager6/grid/FirewallRules.js > +++ b/www/manager6/grid/FirewallRules.js > @@ -153,6 +153,7 @@ Ext.define('PVE.FirewallRulePanel', { > allow_iface: false, > > list_refs_url: undefined, > + pveSelNode: undefined, > > onGetValues: function(values) { > var me = this; > @@ -206,13 +207,35 @@ Ext.define('PVE.FirewallRulePanel', { > ]; > > if (me.allow_iface) { > - me.column1.push({ > - xtype: 'proxmoxtextfield', > + const commonFields = { > name: 'iface', > deleteEmpty: !me.isCreate, > - value: '', > fieldLabel: gettext('Interface'), > - }); > + allowBlank: true, > + autoSelect: false, > + }; > + > + if (me.pveSelNode?.data.type === 'node') { > + me.column1.push({ > + ...commonFields, > + xtype: 'PVE.form.NetworkInterfaceSelector', > + nodename: me.pveSelNode.data.node, > + }); > + } else if (me.pveSelNode?.data.type) { > + // qemu and lxc > + me.column1.push({ > + ...commonFields, > + xtype: 'PVE.form.VMNetworkInterfaceSelector', ^ The store here AFAICT has different fields. Non-VM one has 'iface', 'active', type', the VM one has 'id', 'name', 'bridge', 'ip'. It may just show how little I deal with our extjs code, but that seems like it shouldn't quite fit here 🤷