From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id C6DE01FF13F for ; Thu, 12 Mar 2026 11:36:58 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7EFB0FBF0; Thu, 12 Mar 2026 11:36:53 +0100 (CET) Date: Thu, 12 Mar 2026 11:36:18 +0100 From: Wolfgang Bumiller To: Dietmar Maurer Subject: Re: [RFC proxmox 09/22] firewall-api-types: add FirewallRef type Message-ID: References: <20260216104401.3959270-1-dietmar@proxmox.com> <20260216104401.3959270-10-dietmar@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260216104401.3959270-10-dietmar@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1773311743094 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.983 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_MSPIKE_H2 0.001 Average reputation (+2) RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.408 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.819 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.903 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: JPBG52DNIPGN2UI3TSHZY22OWNTCBWJX X-Message-ID-Hash: JPBG52DNIPGN2UI3TSHZY22OWNTCBWJX X-MailFrom: w.bumiller@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: pve-devel@lists.proxmox.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Mon, Feb 16, 2026 at 11:43:47AM +0100, Dietmar Maurer wrote: > Introduce FirewallRef struct and FirewallRefType enum for representing > firewall address references (aliases and ipsets) with their metadata > (name, reference string, scope, and optional comment). > > The FirewallRefType enum includes an UnknownEnumValue variant behind > the "enum-fallback" feature flag for forward compatibility with > unknown variants. > > Extracted from Perl API. > > Signed-off-by: Dietmar Maurer > --- > .../src/firewall_ref.rs | 62 +++++++++++++++++++ > proxmox-firewall-api-types/src/lib.rs | 3 + > 2 files changed, 65 insertions(+) > create mode 100644 proxmox-firewall-api-types/src/firewall_ref.rs > > diff --git a/proxmox-firewall-api-types/src/firewall_ref.rs b/proxmox-firewall-api-types/src/firewall_ref.rs > new file mode 100644 > index 00000000..483e57ce > --- /dev/null > +++ b/proxmox-firewall-api-types/src/firewall_ref.rs > @@ -0,0 +1,62 @@ > +use serde::{Deserialize, Serialize}; > + > +#[cfg(feature = "enum-fallback")] > +use proxmox_fixed_string::FixedString; > +use proxmox_schema::api; > + > +#[api] > +/// Firewall address reference type (ipset or alias). > +#[derive(Clone, Copy, Debug, PartialEq, Deserialize, Serialize)] > +pub enum FirewallRefType { > + #[serde(rename = "alias")] > + /// alias. > + Alias, > + #[serde(rename = "ipset")] > + /// ipset. > + Ipset, > + /// Unknown variants for forward compatibility. > + #[cfg(feature = "enum-fallback")] > + #[serde(untagged)] > + UnknownEnumValue(FixedString), > +} > + > +#[api( > + properties: { > + comment: { > + optional: true, > + type: String, > + description: "Descriptive comment", > + }, > + name: { > + type: String, > + description: "The name of the alias or ipset.", > + }, > + "ref": { > + type: String, > + description: "The reference string used in firewall rules.", > + }, > + scope: { > + type: String, > + description: "The scope of the reference (e.g., SDN).", > + }, > + type: { > + type: FirewallRefType, > + }, > + }, > +)] > +/// Firewall address reference information. > +#[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize)] > +pub struct FirewallRef { > + #[serde(default, skip_serializing_if = "Option::is_none")] > + pub comment: Option, > + > + pub name: String, > + > + #[serde(rename = "ref")] > + pub r#ref: String, While I'm not strictly against this - wouldn't it be "simpler" to just rename this to `reference` in the rust type, since we already need the `serde(rename)` anyway? Having a user of this type use `foo.r#ref` in the code feels a bit awkward. > + > + pub scope: String, > + > + #[serde(rename = "type")] > + pub ty: FirewallRefType, > +} > diff --git a/proxmox-firewall-api-types/src/lib.rs b/proxmox-firewall-api-types/src/lib.rs > index ef672bfe..993115d8 100644 > --- a/proxmox-firewall-api-types/src/lib.rs > +++ b/proxmox-firewall-api-types/src/lib.rs > @@ -17,3 +17,6 @@ pub use guest_options::FirewallGuestOptions; > > mod node_options; > pub use node_options::FirewallNodeOptions; > + > +mod firewall_ref; > +pub use firewall_ref::{FirewallRef, FirewallRefType}; > -- > 2.47.3