[pve-devel] [PATCH pve-network 32/38] ipam: verify api access on create/update

Alexandre Derumier aderumier at odiso.com
Sun Nov 8 15:19:34 CET 2020


---
 PVE/API2/Network/SDN/Ipams.pm          |  6 ++++++
 PVE/Network/SDN/Ipams/NetboxPlugin.pm  | 24 +++++++++++++++++++++++-
 PVE/Network/SDN/Ipams/PhpIpamPlugin.pm | 24 +++++++++++++++++++++++-
 PVE/Network/SDN/Ipams/Plugin.pm        |  4 ++++
 4 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/PVE/API2/Network/SDN/Ipams.pm b/PVE/API2/Network/SDN/Ipams.pm
index 0d567c8..6410e8e 100644
--- a/PVE/API2/Network/SDN/Ipams.pm
+++ b/PVE/API2/Network/SDN/Ipams.pm
@@ -150,6 +150,10 @@ __PACKAGE__->register_method ({
 
 		$ipam_cfg->{ids}->{$id} = $opts;
 
+		my $plugin_config = $opts;
+		my $plugin = PVE::Network::SDN::Ipams::Plugin->lookup($plugin_config->{type});
+		$plugin->on_update_hook($plugin_config);
+
 		PVE::Network::SDN::Ipams::write_config($ipam_cfg);
 
 	    }, "create sdn ipam object failed");
@@ -190,6 +194,8 @@ __PACKAGE__->register_method ({
 		$scfg->{$k} = $opts->{$k};
 	    }
 
+            $plugin->on_update_hook($scfg);
+
 	    PVE::Network::SDN::Ipams::write_config($ipam_cfg);
 
 	    }, "update sdn ipam object failed");
diff --git a/PVE/Network/SDN/Ipams/NetboxPlugin.pm b/PVE/Network/SDN/Ipams/NetboxPlugin.pm
index 8695b7d..d696b08 100644
--- a/PVE/Network/SDN/Ipams/NetboxPlugin.pm
+++ b/PVE/Network/SDN/Ipams/NetboxPlugin.pm
@@ -138,10 +138,32 @@ sub del_ip {
 	PVE::Network::SDN::Ipams::Plugin::api_request("DELETE", "$url/ipam/ip-addresses/$ip_id/", $headers);
     };
     if ($@) {
-	die "error delete ip $ip";
+	die "error delete ip $ip : $@";
     }
 }
 
+sub verify_api {
+    my ($class, $plugin_config) = @_;
+
+    my $url = $plugin_config->{url};
+    my $token = $plugin_config->{token};
+    my $headers = ['Content-Type' => 'application/json; charset=UTF-8', 'Authorization' => "token $token"];
+
+
+    eval {
+	PVE::Network::SDN::Ipams::Plugin::api_request("GET", "$url/ipam/aggregates/", $headers);
+    };
+    if ($@) {
+	die "Can't connect to netbox api: $@";
+    }
+}
+
+sub on_update_hook {
+    my ($class, $plugin_config) = @_;
+
+    PVE::Network::SDN::Ipams::NetboxPlugin::verify_api($class, $plugin_config);
+}
+
 #helpers
 
 sub get_prefix_id {
diff --git a/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm b/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm
index 324f1b2..f89ef29 100644
--- a/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm
+++ b/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm
@@ -162,10 +162,32 @@ sub del_ip {
 	PVE::Network::SDN::Ipams::Plugin::api_request("DELETE", "$url/addresses/$ip_id", $headers);
     };
     if ($@) {
-	die "error delete ip $ip";
+	die "error delete ip $ip: $@";
     }
 }
 
+sub verify_api {
+    my ($class, $plugin_config) = @_;
+
+    my $url = $plugin_config->{url};
+    my $token = $plugin_config->{token};
+    my $sectionid = $plugin_config->{section};
+    my $headers = ['Content-Type' => 'application/json; charset=UTF-8', 'Token' => $token];
+
+    eval {
+	PVE::Network::SDN::Ipams::Plugin::api_request("GET", "$url/sections/$sectionid", $headers);
+    };
+    if ($@) {
+	die "Can't connect to phpipam api: $@";
+    }
+}
+
+sub on_update_hook {
+    my ($class, $plugin_config) = @_;
+
+    PVE::Network::SDN::Ipams::PhpIpamPlugin::verify_api($class, $plugin_config);
+}
+
 
 #helpers
 
diff --git a/PVE/Network/SDN/Ipams/Plugin.pm b/PVE/Network/SDN/Ipams/Plugin.pm
index a2ade3b..4c68287 100644
--- a/PVE/Network/SDN/Ipams/Plugin.pm
+++ b/PVE/Network/SDN/Ipams/Plugin.pm
@@ -87,6 +87,10 @@ sub del_ip {
     my ($class, $plugin_config, $subnetid, $subnet, $ip) = @_;
 }
 
+sub on_update_hook {
+    my ($class, $plugin_config)  = @_;
+}
+
 
 #helpers
 sub api_request {
-- 
2.20.1





More information about the pve-devel mailing list