[pmg-devel] [PATCH pmg-api 2/2] pmg7to8: add check for deprecated default entries in ruledb
Stoiko Ivanov
s.ivanov at proxmox.com
Thu Jan 30 13:33:50 CET 2025
with a new section for future checks of the rule database.
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
src/PMG/CLI/pmg7to8.pm | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/src/PMG/CLI/pmg7to8.pm b/src/PMG/CLI/pmg7to8.pm
index d0a6cbe..4e11b6b 100644
--- a/src/PMG/CLI/pmg7to8.pm
+++ b/src/PMG/CLI/pmg7to8.pm
@@ -13,6 +13,7 @@ use PMG::API2::APT;
use PMG::API2::Certificates;
use PMG::API2::Cluster;
use PMG::RESTEnvironment;
+use PMG::RuleDB;
use PMG::Utils;
use Term::ANSIColor;
@@ -526,6 +527,23 @@ sub check_dkms_modules {
}
}
+sub check_ruledb {
+ log_info("Check the rulesystem...");
+
+ my $rdb = PMG::RuleDB->new();
+ my $ogroups = $rdb->load_objectgroups("who");
+ for my $who ($ogroups->@*) {
+ my $group_name = $who->{name};
+ next if ($group_name ne 'Blacklist' && $group_name ne 'Whitelist');
+ my $objects = $rdb->load_group_objects($who->{id});
+ for my $obj ($objects->@*) {
+ log_warn("deprecated default entry in '$group_name' present: $obj->{address}")
+ if ($obj->{address} =~ m/(?:no)?mail\@fromthisdomain.com/);
+ }
+ }
+ return;
+}
+
sub check_misc {
print_header("MISCELLANEOUS CHECKS");
my $ssh_config = eval { PVE::Tools::file_get_contents('/root/.ssh/config') };
@@ -637,6 +655,7 @@ __PACKAGE__->register_method ({
code => sub {
my ($param) = @_;
+ check_ruledb();
check_pmg_packages();
check_cluster_status();
my $upgraded_db = check_running_postgres();
--
2.39.5
More information about the pmg-devel
mailing list