From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
by lore.proxmox.com (Postfix) with ESMTPS id 506D81FF16B
for <inbox@lore.proxmox.com>; Thu, 6 Mar 2025 12:44:13 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 36D97444C;
Thu, 6 Mar 2025 12:43:46 +0100 (CET)
To: pve-devel@lists.proxmox.com
Date: Thu, 6 Mar 2025 12:08:31 +0100
In-Reply-To: <20250306110831.6426-1-lou.lecrivain@orange.fr>
References: <20250306110831.6426-1-lou.lecrivain@orange.fr>
X-Mailman-Approved-At: Thu, 06 Mar 2025 12:43:42 +0100
MIME-Version: 1.0
Message-ID: <mailman.836.1741261422.293.pve-devel@lists.proxmox.com>
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
From: "lou.lecrivain--- via pve-devel" <pve-devel@lists.proxmox.com>
Precedence: list
Cc: lou.lecrivain@orange.fr, jonatan.crystall@gwdg.de
X-Mailman-Version: 2.1.29
X-BeenThere: pve-devel@lists.proxmox.com
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
Subject: [pve-devel] [PATCH pve-network v3 3/3] ipam: nautobot: add checks
for prefix deletion
Content-Type: multipart/mixed; boundary="===============5982392656961373390=="
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
--===============5982392656961373390==
Content-Type: message/rfc822
Content-Disposition: inline
Return-Path: <lou.lecrivain@orange.fr>
X-Original-To: pve-devel@lists.proxmox.com
Delivered-To: pve-devel@lists.proxmox.com
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 4AFC1D3F5E
for <pve-devel@lists.proxmox.com>; Thu, 6 Mar 2025 12:09:46 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 2DA043559
for <pve-devel@lists.proxmox.com>; Thu, 6 Mar 2025 12:09:16 +0100 (CET)
Received: from smtp.smtpout.orange.fr (smtp-78.smtpout.orange.fr [80.12.242.78])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS
for <pve-devel@lists.proxmox.com>; Thu, 6 Mar 2025 12:09:15 +0100 (CET)
Received: from localhost ([176.139.8.107])
by smtp.orange.fr with ESMTPA
id q969t2E2KeZz0q96CtEBC6; Thu, 06 Mar 2025 12:09:09 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.fr;
s=t20230301; t=1741259349;
bh=kEqWwygnhHMuDwvbWjz9gdfNwkDQ/WRy7FV5mUcR1Nw=;
h=From:To:Subject:Date:Message-Id:MIME-Version;
b=LtXrWm+ga3qXVWaQZP4IC8Ah6wSqtoidEgOc/0Kd4wfc5AhX4NgYggl3GIDYBe/qG
lzA/hw7ceecmS9k62gCuqQYERw9jlWmbOHnGvXdYrTOhuNnHVhivXbBtlOyhN2ntnW
kxsXEU8gxutcDvIbg7eSPUDjiyAQZm13jjwBEqnFoLtnzUBLZQGxMeRNgmMpCOPohD
BOrAaht/hTx8IbUozzZWl8ZjJrsVOmwpmNwx41G3HXqpwCpvYs+e1JpY6zPdlhOoHI
Y9BJmwRT50wjSOcEi6ziMmItSfk6nKXgDGSNuEafM80O+A569LT/DBc0f8a3ZzHZLu
MvyBHxSSk/FJg==
X-ME-Helo: localhost
X-ME-Auth: bG91LmxlY3JpdmFpbkBvcmFuZ2UuZnI=
X-ME-Date: Thu, 06 Mar 2025 12:09:09 +0100
X-ME-IP: 176.139.8.107
From: lou.lecrivain@orange.fr
To: pve-devel@lists.proxmox.com
Cc: h.duerr@proxmox.com,
jonatan.crystall@gwdg.de,
Lou Lecrivain <lou.lecrivain@wdz.de>
Subject: [PATCH pve-network v3 3/3] ipam: nautobot: add checks for prefix deletion
Date: Thu, 6 Mar 2025 12:08:31 +0100
Message-Id: <20250306110831.6426-4-lou.lecrivain@orange.fr>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250306110831.6426-1-lou.lecrivain@orange.fr>
References: <20250306110831.6426-1-lou.lecrivain@orange.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.333 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
DMARC_PASS -0.1 DMARC pass policy
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust
RCVD_IN_MSPIKE_H5 0.001 Excellent reputation (+5)
RCVD_IN_MSPIKE_WL 0.001 Mailspike good senders
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
X-Mailman-Approved-At: Thu, 06 Mar 2025 12:43:42 +0100
From: Lou Lecrivain <lou.lecrivain@wdz.de>
check that prefix/subnet is empty (only gateway IPs should remain)
before deletion.
Signed-off-by: lou lecrivain <lou.lecrivain@wdz.de>
---
src/PVE/Network/SDN/Ipams/NautobotPlugin.pm | 73 ++++++++++++++++++++-
1 file changed, 70 insertions(+), 3 deletions(-)
diff --git a/src/PVE/Network/SDN/Ipams/NautobotPlugin.pm b/src/PVE/Network/SDN/Ipams/NautobotPlugin.pm
index 6f2a380..8096687 100644
--- a/src/PVE/Network/SDN/Ipams/NautobotPlugin.pm
+++ b/src/PVE/Network/SDN/Ipams/NautobotPlugin.pm
@@ -5,6 +5,7 @@ use warnings;
use PVE::INotify;
use PVE::Cluster;
use PVE::Tools;
+use List::Util qw(all);
use NetAddr::IP;
use base('PVE::Network::SDN::Ipams::Plugin');
@@ -56,7 +57,7 @@ sub add_subnet {
my $internalid = get_prefix_id($plugin_config, $cidr, $noerr);
- #create subnet
+ #create subnet if it doesn't already exist
if (!$internalid) {
my $params = {
prefix => $cidr, namespace => $namespace,
@@ -83,8 +84,15 @@ sub del_subnet {
my $internalid = get_prefix_id($plugin_config, $cidr, $noerr);
return if !$internalid;
- # TODO check that prefix is empty before deletion
- return;
+ if (!subnet_is_deletable(
+ $plugin_config, $subnetid, $subnet, $internalid, $noerr
+ )) {
+ die "cannot delete prefix $cidr, not empty!";
+ }
+
+ # delete associated IP addresses (normally should only be gateway IPs)
+ $class->empty_subnet(
+ $plugin_config, $subnetid, $subnet, $internalid, $noerr);
eval {
PVE::Network::SDN::api_request(
@@ -268,6 +276,65 @@ sub del_ip {
}
}
+sub empty_subnet {
+ my ($class, $plugin_config, $subnetid, $subnet, $subnetuuid, $noerr) = @_;
+
+ my $url = $plugin_config->{url};
+ my $namespace = $plugin_config->{namespace};
+ my $headers = default_headers($plugin_config);
+
+ my $response = eval {
+ return PVE::Network::SDN::api_request(
+ "GET",
+ "$url/ipam/ip-addresses/?namespace=$namespace&parent=$subnetuuid",
+ $headers)
+ };
+ if ($@) {
+ die "error querying prefix $subnet: $@" if !$noerr;
+ }
+
+ for my $ip (@{$response->{results}}) {
+ del_ip($class, $plugin_config, $subnetid, $subnet, $ip->{host}, $noerr);
+ }
+}
+
+sub subnet_is_deletable {
+ my ($plugin_config, $subnetid, $subnet, $subnetuuid, $noerr) = @_;
+
+ my $url = $plugin_config->{url};
+ my $namespace = $plugin_config->{namespace};
+ my $headers = default_headers($plugin_config);
+
+
+ my $response = eval {
+ return PVE::Network::SDN::api_request(
+ "GET",
+ "$url/ipam/ip-addresses/?namespace=$namespace&parent=$subnetuuid",
+ $headers)
+ };
+ if ($@) {
+ die "error querying prefix $subnet: $@" if !$noerr;
+ }
+ my $n_ips = scalar $response->{results}->@*;
+
+ # least costly check operation 1st
+ if ($n_ips == 0) {
+ # completely empty, delete ok
+ return 1;
+ } elsif (
+ !(all {$_ == 1} (
+ map {
+ is_ip_gateway($plugin_config, $_->{host}, $noerr)
+ } $response->{results}->@*
+ ))) {
+ # some remaining IPs are not gateway, nok
+ return 0;
+ } else {
+ # remaining IPs are all gateway, delete ok
+ return 1;
+ }
+}
+
sub verify_api {
my ($class, $plugin_config) = @_;
--
2.39.5
--===============5982392656961373390==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
--===============5982392656961373390==--