From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id B00551FF15C for ; Wed, 8 Jan 2025 13:16:23 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 95D3C18EF4; Wed, 8 Jan 2025 13:16:04 +0100 (CET) To: pve-devel@lists.proxmox.com Date: Wed, 8 Jan 2025 13:15:29 +0100 In-Reply-To: <20250108121529.5813-1-lou.lecrivain@wdz.de> References: <20250108121529.5813-1-lou.lecrivain@wdz.de> MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE development discussion List-Post: From: Lou Lecrivain via pve-devel Precedence: list Cc: Lou Lecrivain X-Mailman-Version: 2.1.29 X-BeenThere: pve-devel@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Proxmox VE development discussion List-Help: Subject: [pve-devel] SPAM: [PATCH pve-network v2 7/7] ipam: nautobot: systematically use namespace Content-Type: multipart/mixed; boundary="===============7417081673450975674==" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" --===============7417081673450975674== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-devel@lists.proxmox.com Delivered-To: pve-devel@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 97A6CCB0E3 for ; Wed, 8 Jan 2025 13:16:02 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id EE92C18E71 for ; Wed, 8 Jan 2025 13:16:01 +0100 (CET) Received: from smtp.smtpout.orange.fr (smtp-78.smtpout.orange.fr [80.12.242.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 8 Jan 2025 13:16:00 +0100 (CET) Received: from localhost ([176.139.8.107]) by smtp.orange.fr with ESMTPA id VUybtPxqRJiySVUyetUvRo; Wed, 08 Jan 2025 13:16:00 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.fr; s=t20230301; t=1736338560; bh=jaly9BPjQJePWa3m64+I6MJb8rNvhBrvWC5IWGNBc2E=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=oomLa7Go/xIBhaCAPkWofmhkBmfKK8Ev9kwP4u0vW8GdREgHk4sv+3Nkay8VHPhu2 +fbhpnijO/t3ueyR1jYhq6qcospMEMzVzdaQ656bVxUwMqC/UZsVUT8fjllkf5TnUR u6teZ/axPmm2zrHSzZwlaAsMOF22PxrHkpsIUYdm5uxoQoYEXv2zpZgzOuxPOPlBb3 GRZu3xgO/+qQ4KGTk8r3gAQSvCsaJGs8LmuM6xvPOp3siXlb4FnyGXCiA4Db3+9qtL QKUp6uvo+xX+lOGcDUQZtyuufBeAWSI0i/xY3VQyGiCYKYe62kEkMIBDb/927Dj5b0 QVdckSNBLSahA== X-ME-Helo: localhost X-ME-Auth: bG91LmxlY3JpdmFpbkBvcmFuZ2UuZnI= X-ME-Date: Wed, 08 Jan 2025 13:16:00 +0100 X-ME-IP: 176.139.8.107 From: Lou Lecrivain To: pve-devel@lists.proxmox.com subject: SPAM: [PATCH pve-network v2 7/7] ipam: nautobot: systematically use namespace Date: Wed, 8 Jan 2025 13:15:29 +0100 Message-Id: <20250108121529.5813-8-lou.lecrivain@wdz.de> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250108121529.5813-1-lou.lecrivain@wdz.de> References: <20250108121529.5813-1-lou.lecrivain@wdz.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 4 AWL -0.057 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_REJECT 0.1 DMARC reject policy FREEMAIL_FORGED_FROMDOMAIN 0.001 2nd level domains in From and EnvelopeFrom freemail headers are different FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HEADER_FROM_DIFFERENT_DOMAINS 0.24 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_REJECT 6 DKIM has Failed or SPF has failed on the message and the domain has a DMARC reject policy RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record this is needed in order to not accidentally use another subnet or IP which might be in another namespace. Signed-off-by: lou lecrivain --- src/PVE/Network/SDN/Ipams/NautobotPlugin.pm | 40 +++++++++++++-------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/src/PVE/Network/SDN/Ipams/NautobotPlugin.pm b/src/PVE/Network/SDN/Ipams/NautobotPlugin.pm index 3d60265..f69119e 100644 --- a/src/PVE/Network/SDN/Ipams/NautobotPlugin.pm +++ b/src/PVE/Network/SDN/Ipams/NautobotPlugin.pm @@ -52,7 +52,7 @@ sub add_subnet { my $namespace = $plugin_config->{namespace}; my $headers = default_headers($plugin_config); - my $internalid = get_prefix_id($url, $cidr, $headers, $noerr); + my $internalid = get_prefix_id($plugin_config, $cidr, $noerr); #create subnet if it doesn't already exists if (!$internalid) { @@ -74,7 +74,7 @@ sub del_subnet { my $url = $plugin_config->{url}; my $headers = default_headers($plugin_config); - my $internalid = get_prefix_id($url, $cidr, $headers, $noerr); + my $internalid = get_prefix_id($plugin_config, $cidr, $noerr); return if !$internalid; if (!subnet_is_deletable($class, $plugin_config, $subnetid, $subnet, $internalid, $noerr)) { @@ -115,7 +115,7 @@ sub add_ip { if ($@) { if($is_gateway) { - die "error adding subnet ip to ipam: ip $ip already exists: $@" if !$noerr && !is_ip_gateway($url, $ip, $headers, $noerr); + die "error adding subnet ip to ipam: ip $ip already exists: $@" if !$noerr && !is_ip_gateway($plugin_config, $ip, $noerr); } else { die "error adding subnet ip to ipam: ip $ip already exists: $@" if !$noerr; } @@ -131,7 +131,7 @@ sub add_next_freeip { my $namespace = $plugin_config->{namespace}; my $headers = default_headers($plugin_config); - my $internalid = get_prefix_id($url, $cidr, $headers, $noerr); + my $internalid = get_prefix_id($plugin_config, $cidr, $noerr); die "cannot find prefix $cidr in Nautobot" if !$internalid; my $description = "mac:$mac" if $mac; @@ -160,7 +160,7 @@ sub add_range_next_freeip { # ranges are not supported natively in nautobot, hence why we have to get a little hacky. my $minimal_size = NetAddr::IP->new($range->{'start-address'}) - NetAddr::IP->new($cidr); - my $internalid = get_prefix_id($url, $cidr, $headers, $noerr); + my $internalid = get_prefix_id($plugin_config, $cidr, $noerr); my $ip = eval { my $result = PVE::Network::SDN::api_request("GET", "$url/ipam/prefixes/$internalid/available-ips/?limit=$minimal_size", $headers); @@ -201,7 +201,7 @@ sub update_ip { my $params = { address => "$ip/$mask", type => "dhcp", dns_name => $hostname, description => $description, namespace => $namespace, status => default_ip_status()}; - my $ip_id = get_ip_id($url, $ip, $headers, $noerr); + my $ip_id = get_ip_id($plugin_config, $ip, $noerr); die "can't find ip $ip in ipam" if !$noerr && !$ip_id; eval { @@ -221,7 +221,7 @@ sub del_ip { my $url = $plugin_config->{url}; my $headers = default_headers($plugin_config); - my $ip_id = get_ip_id($url, $ip, $headers, $noerr); + my $ip_id = get_ip_id($plugin_config, $ip, $noerr); die "can't find ip $ip in ipam" if !$ip_id && !$noerr; eval { @@ -274,7 +274,7 @@ sub subnet_is_deletable { } elsif ( !(all {$_ == 1} ( map { - is_ip_gateway($url, $_->{host}, $headers, $noerr) + is_ip_gateway($plugin_config, $_->{host}, $noerr) } $response->{results}->@* ))) { # some remaining IPs are not gateway, nok @@ -342,10 +342,14 @@ sub get_ips_within_range { } sub get_ip_id { - my ($url, $ip, $headers, $noerr) = @_; + my ($plugin_config, $ip, $noerr) = @_; + + my $url = $plugin_config->{url}; + my $namespace = $plugin_config->{namespace}; + my $headers = default_headers($plugin_config); my $result = eval { - return PVE::Network::SDN::api_request("GET", "$url/ipam/ip-addresses/?q=$ip", $headers); + return PVE::Network::SDN::api_request("GET", "$url/ipam/ip-addresses/?q=$ip&namespace=$namespace", $headers); }; if ($@) { die "error while querying for ip $ip id: $@" if !$noerr; @@ -357,10 +361,14 @@ sub get_ip_id { } sub get_prefix_id { - my ($url, $cidr, $headers, $noerr) = @_; + my ($plugin_config, $cidr, $noerr) = @_; + + my $url = $plugin_config->{url}; + my $namespace = $plugin_config->{namespace}; + my $headers = default_headers($plugin_config); my $result = eval { - return PVE::Network::SDN::api_request("GET", "$url/ipam/prefixes/?q=$cidr", $headers); + return PVE::Network::SDN::api_request("GET", "$url/ipam/prefixes/?q=$cidr&namespace=$namespace", $headers); }; if ($@) { die "error while querying for cidr $cidr prefix id: $@" if !$noerr; @@ -402,10 +410,14 @@ sub get_status_id { } sub is_ip_gateway { - my ($url, $ip, $headers, $noerr) = @_; + my ($plugin_config, $ip, $noerr) = @_; + + my $url = $plugin_config->{url}; + my $namespace = $plugin_config->{namespace}; + my $headers = default_headers($plugin_config); my $result = eval { - return PVE::Network::SDN::api_request("GET", "$url/ipam/ip-addresses/?q=$ip", $headers); + return PVE::Network::SDN::api_request("GET", "$url/ipam/ip-addresses/?q=$ip&namespace=$namespace", $headers); }; if ($@) { die "error while checking if $ip is a gateway" if !$noerr; -- 2.39.5 --===============7417081673450975674== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel --===============7417081673450975674==--