[pmg-devel] [PATCH pmg-api v2 03/10] add objectgroup attributes and/invert
Dominik Csapak
d.csapak at proxmox.com
Wed Feb 21 13:24:29 CET 2024
add a new table Objectgroup_Attributes where we can save additional
attributes for objectgroups (like the Attribut tables for objects).
Adds two new attributes for the groups:
* and
* invert
These will modify the match behaviour for object groups
Add the table to cluster sync, backup and factory reset.
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
changes from v1:
* delete attributes on group delete
* add handling to cluster sync, backup and factory reset too
src/PMG/API2/ObjectGroupHelpers.pm | 43 ++++++++-
src/PMG/Backup.pm | 1 +
src/PMG/Cluster.pm | 2 +
src/PMG/DBTools.pm | 16 ++++
src/PMG/RuleDB.pm | 148 ++++++++++++++++++++++-------
5 files changed, 169 insertions(+), 41 deletions(-)
diff --git a/src/PMG/API2/ObjectGroupHelpers.pm b/src/PMG/API2/ObjectGroupHelpers.pm
index 48078fb..a08a6a3 100644
--- a/src/PMG/API2/ObjectGroupHelpers.pm
+++ b/src/PMG/API2/ObjectGroupHelpers.pm
@@ -46,13 +46,29 @@ sub format_object_group {
my $res = [];
foreach my $og (@$ogroups) {
- push @$res, {
- id => $og->{id}, name => $og->{name}, info => $og->{info}
- };
+ my $group = { id => $og->{id}, name => $og->{name}, info => $og->{info} };
+ $group->{and} = $og->{and} if defined($og->{and});
+ $group->{invert} = $og->{invert} if defined($og->{invert});
+ push @$res, $group;
}
return $res;
}
+my $group_attributes = {
+ and => {
+ description => "If set to 1, objects in this group are 'and' combined.",
+ type => 'boolean',
+ default => 0,
+ optional => 1,
+ },
+ invert => {
+ description => "If set to 1, the resulting match is inverted.",
+ type => 'boolean',
+ default => 0,
+ optional => 1,
+ },
+};
+
sub register_group_list_api {
my ($apiclass, $oclass) = @_;
@@ -86,6 +102,11 @@ sub register_group_list_api {
return format_object_group($ogroups);
}});
+ my $additional_parameters = {};
+ if ($oclass =~ /^(?:what|when|who)$/i) {
+ $additional_parameters = { $group_attributes->%* };
+ }
+
$apiclass->register_method({
name => "create_${oclass}_group",
path => $oclass,
@@ -108,6 +129,7 @@ sub register_group_list_api {
maxLength => 255,
optional => 1,
},
+ $additional_parameters->%*,
},
},
returns => { type => 'integer' },
@@ -119,6 +141,10 @@ sub register_group_list_api {
my $og = PMG::RuleDB::Group->new(
$param->{name}, $param->{info} // '', $oclass);
+ for my $prop (qw(and invert)) {
+ $og->{$prop} = $param->{$prop} if defined($param->{$prop});
+ }
+
return $rdb->save_group($og);
}});
}
@@ -199,6 +225,11 @@ sub register_object_group_config_api {
}});
+ my $additional_parameters = {};
+ if ($oclass =~ /^(?:what|when|who)$/i) {
+ $additional_parameters = { $group_attributes->%* };
+ }
+
$apiclass->register_method({
name => 'set_config',
path => $path,
@@ -226,6 +257,7 @@ sub register_object_group_config_api {
maxLength => 255,
optional => 1,
},
+ $additional_parameters->%*,
},
},
returns => { type => "null" },
@@ -243,8 +275,9 @@ sub register_object_group_config_api {
my $og = shift @$list ||
die "$oclass group '$ogroup' not found\n";
- $og->{name} = $param->{name} if defined($param->{name});
- $og->{info} = $param->{info} if defined($param->{info});
+ for my $prop (qw(name info and invert)) {
+ $og->{$prop} = $param->{$prop} if defined($param->{$prop});
+ }
$rdb->save_group($og);
diff --git a/src/PMG/Backup.pm b/src/PMG/Backup.pm
index e41832e..9fc91f8 100644
--- a/src/PMG/Backup.pm
+++ b/src/PMG/Backup.pm
@@ -94,6 +94,7 @@ sub dumpdb {
$dbh->do("SET TRANSACTION ISOLATION LEVEL SERIALIZABLE");
dump_table($dbh, 'attribut', $ofh);
+ dump_table($dbh, 'objectgroup_attributes', $ofh);
dump_table($dbh, 'object', $ofh, 'object_id_seq', 'id');
dump_table($dbh, 'objectgroup', $ofh, 'objectgroup_id_seq', 'id');
dump_table($dbh, 'rule', $ofh, 'rule_id_seq', 'id');
diff --git a/src/PMG/Cluster.pm b/src/PMG/Cluster.pm
index 015e66a..ac50cff 100644
--- a/src/PMG/Cluster.pm
+++ b/src/PMG/Cluster.pm
@@ -532,6 +532,7 @@ sub sync_ruledb_from_master {
$ldb->do("DELETE FROM ObjectGroup");
$ldb->do("DELETE FROM Object");
$ldb->do("DELETE FROM Attribut");
+ $ldb->do("DELETE FROM Objectgroup_Attributes");
eval {
$rdb->begin_work;
@@ -544,6 +545,7 @@ sub sync_ruledb_from_master {
PMG::DBTools::copy_table($ldb, $rdb, "ObjectGroup");
PMG::DBTools::copy_table($ldb, $rdb, "Object", 'value');
PMG::DBTools::copy_table($ldb, $rdb, "Attribut", 'value');
+ PMG::DBTools::copy_table($ldb, $rdb, "Objectgroup_Attributes");
};
$rdb->rollback; # end transaction
diff --git a/src/PMG/DBTools.pm b/src/PMG/DBTools.pm
index 9e133bc..3c8d181 100644
--- a/src/PMG/DBTools.pm
+++ b/src/PMG/DBTools.pm
@@ -295,6 +295,18 @@ my $userprefs_ctablecmd = <<__EOD;
__EOD
+my $object_group_attributes_cmd = <<__EOD;
+ CREATE TABLE Objectgroup_Attributes (
+ Objectgroup_ID INTEGER NOT NULL,
+ Name VARCHAR(20) NOT NULL,
+ Value BYTEA NULL,
+ PRIMARY KEY (Objectgroup_ID, Name)
+ );
+
+ CREATE INDEX Objectgroup_Attributes_Objectgroup_ID_Index ON Objectgroup_Attributes(Objectgroup_ID);
+
+__EOD
+
sub cond_create_dbtable {
my ($dbh, $name, $ctablecmd) = @_;
@@ -439,6 +451,8 @@ sub create_ruledb {
$userprefs_ctablecmd;
$virusinfo_stat_ctablecmd;
+
+ $object_group_attributes_cmd;
EOD
);
@@ -494,6 +508,7 @@ sub upgradedb {
'CStatistic', $cstatistic_ctablecmd,
'ClusterInfo', $clusterinfo_ctablecmd,
'VirusInfo', $virusinfo_stat_ctablecmd,
+ 'Objectgroup_Attributes', $object_group_attributes_cmd,
};
foreach my $table (keys %$tables) {
@@ -605,6 +620,7 @@ sub init_ruledb {
$dbh->do(
"DELETE FROM Rule;"
." DELETE FROM RuleGroup;"
+ ." DELETE FROM Objectgroup_Attributes;"
." DELETE FROM Attribut WHERE Object_ID NOT IN ($glids);"
." DELETE FROM Object WHERE ID NOT IN ($glids);"
." DELETE FROM Objectgroup WHERE class != 'greylist';"
diff --git a/src/PMG/RuleDB.pm b/src/PMG/RuleDB.pm
index a6b0b79..0b112b4 100644
--- a/src/PMG/RuleDB.pm
+++ b/src/PMG/RuleDB.pm
@@ -160,6 +160,30 @@ sub load_groups_by_name {
};
}
+sub update_group_attributes {
+ my ($self, $og) = @_;
+
+ my $attributes = [qw(and invert)];
+
+ for my $attribute ($attributes->@*) {
+ # only save the values if they're set to 1
+ if ($og->{$attribute}) {
+ $self->{dbh}->do(
+ "INSERT INTO Objectgroup_Attributes (Objectgroup_ID, Name, Value) " .
+ "VALUES (?, ?, ?) ".
+ "ON CONFLICT (Objectgroup_ID, Name) DO UPDATE SET Value = ?", undef,
+ $og->{id}, $attribute, $og->{$attribute}, $og->{$attribute},
+ );
+ } else {
+ $self->{dbh}->do(
+ "DELETE FROM Objectgroup_Attributes " .
+ "WHERE Objectgroup_ID = ? AND Name = ?", undef,
+ $og->{id}, $attribute,
+ );
+ }
+ }
+}
+
sub save_group {
my ($self, $og) = @_;
@@ -171,27 +195,51 @@ sub save_group {
die "undefined group attribute - class: ERROR";
if (defined($og->{id})) {
+ $self->{dbh}->begin_work;
+
+ eval {
+ $self->{dbh}->do("UPDATE Objectgroup " .
+ "SET Name = ?, Info = ? " .
+ "WHERE ID = ?", undef,
+ encode('UTF-8', $og->{name}),
+ encode('UTF-8', $og->{info}),
+ $og->{id});
- $self->{dbh}->do("UPDATE Objectgroup " .
- "SET Name = ?, Info = ? " .
- "WHERE ID = ?", undef,
- encode('UTF-8', $og->{name}),
- encode('UTF-8', $og->{info}),
- $og->{id});
+ $self->update_group_attributes($og);
- return $og->{id};
+ $self->{dbh}->commit;
+ };
+ if (my $err = $@) {
+ $self->{dbh}->rollback;
+ syslog('err', $err);
+ return undef;
+ }
} else {
- my $sth = $self->{dbh}->prepare(
- "INSERT INTO Objectgroup (Name, Info, Class) " .
- "VALUES (?, ?, ?);");
+ $self->{dbh}->begin_work;
+
+ eval {
+ my $sth = $self->{dbh}->prepare(
+ "INSERT INTO Objectgroup (Name, Info, Class) " .
+ "VALUES (?, ?, ?);");
- $sth->execute(encode('UTF-8', $og->name), encode('UTF-8', $og->info), $og->class);
+ $sth->execute(encode('UTF-8', $og->name), encode('UTF-8', $og->info), $og->class);
- return $og->{id} = PMG::Utils::lastid($self->{dbh}, 'objectgroup_id_seq');
+ $og->{id} = PMG::Utils::lastid($self->{dbh}, 'objectgroup_id_seq');
+
+ $self->update_group_attributes($og);
+
+ $self->{dbh}->commit;
+ };
+
+ if (my $err = $@) {
+ $self->{dbh}->rollback;
+ syslog('err', $err);
+ return undef;
+ }
}
- return undef;
+ return $og->{id};
}
sub delete_group {
@@ -228,6 +276,9 @@ sub delete_group {
$self->{dbh}->do("DELETE FROM RuleGroup " .
"WHERE Objectgroup_ID = ?", undef, $groupid);
+ $self->{dbh}->do("DELETE FROM Objectgroup_Attributes " .
+ "WHERE Objectgroup_ID = ?", undef, $groupid);
+
$sth = $self->{dbh}->prepare("SELECT * FROM Object " .
"where Objectgroup_ID = ?");
$sth->execute($groupid);
@@ -252,6 +303,18 @@ sub delete_group {
return undef;
}
+sub load_group_attributes {
+ my ($self, $og) = @_;
+
+ my $attribute_sth = $self->{dbh}->prepare("SELECT * FROM Objectgroup_Attributes WHERE Objectgroup_ID = ?");
+ $attribute_sth->execute($og->{id});
+
+ while (my $ref = $attribute_sth->fetchrow_hashref()) {
+ $og->{and} = $ref->{value} if $ref->{name} eq 'and';
+ $og->{invert} = $ref->{value} if $ref->{name} eq 'invert';
+ }
+}
+
sub load_objectgroups {
my ($self, $class, $id) = @_;
@@ -259,34 +322,47 @@ sub load_objectgroups {
defined($class) || die "undefined object class";
- if (!(defined($id))) {
- $sth = $self->{dbh}->prepare(
- "SELECT * FROM Objectgroup where Class = ? ORDER BY name");
- $sth->execute($class);
-
- } else {
- $sth = $self->{dbh}->prepare(
- "SELECT * FROM Objectgroup where Class like ? and id = ? " .
- "order by name");
- $sth->execute($class,$id);
- }
+ $self->{dbh}->begin_work;
my $arr_og = ();
- while (my $ref = $sth->fetchrow_hashref()) {
- my $og = PMG::RuleDB::Group->new($ref->{name}, $ref->{info},
- $ref->{class});
- $og->{id} = $ref->{id};
- if ($class eq 'action') {
- my $objects = $self->load_group_objects($og->{id});
- my $obj = @$objects[0];
- defined($obj) || die "undefined action object: ERROR";
- $og->{action} = $obj;
+ eval {
+ if (!(defined($id))) {
+ $sth = $self->{dbh}->prepare(
+ "SELECT * FROM Objectgroup where Class = ? ORDER BY name");
+ $sth->execute($class);
+
+ } else {
+ $sth = $self->{dbh}->prepare(
+ "SELECT * FROM Objectgroup where Class like ? and id = ? " .
+ "order by name");
+ $sth->execute($class,$id);
}
- push @$arr_og, $og;
- }
- $sth->finish();
+ while (my $ref = $sth->fetchrow_hashref()) {
+ my $og = PMG::RuleDB::Group->new($ref->{name}, $ref->{info},
+ $ref->{class});
+ $og->{id} = $ref->{id};
+
+ if ($class eq 'action') {
+ my $objects = $self->load_group_objects($og->{id});
+ my $obj = @$objects[0];
+ defined($obj) || die "undefined action object: ERROR";
+ $og->{action} = $obj;
+ } else {
+ $self->load_group_attributes($og);
+ }
+ push @$arr_og, $og;
+ }
+
+ $sth->finish();
+ };
+
+ my $err = $@;
+
+ $self->{dbh}->rollback; # finish transaction
+
+ die $err if $err;
return $arr_og;
}
--
2.30.2
More information about the pmg-devel
mailing list