[pve-devel] [PATCH v10 pve-network 33/35] ipam: verify api access on create/update
Alexandre Derumier
aderumier at odiso.com
Mon Oct 5 17:09:10 CEST 2020
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
PVE/API2/Network/SDN/Ipams.pm | 6 ++++++
PVE/Network/SDN/Ipams/NetboxPlugin.pm | 24 +++++++++++++++++++++++-
PVE/Network/SDN/Ipams/PhpIpamPlugin.pm | 24 +++++++++++++++++++++++-
PVE/Network/SDN/Ipams/Plugin.pm | 4 ++++
4 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Network/SDN/Ipams.pm b/PVE/API2/Network/SDN/Ipams.pm
index 0d567c8..6410e8e 100644
--- a/PVE/API2/Network/SDN/Ipams.pm
+++ b/PVE/API2/Network/SDN/Ipams.pm
@@ -150,6 +150,10 @@ __PACKAGE__->register_method ({
$ipam_cfg->{ids}->{$id} = $opts;
+ my $plugin_config = $opts;
+ my $plugin = PVE::Network::SDN::Ipams::Plugin->lookup($plugin_config->{type});
+ $plugin->on_update_hook($plugin_config);
+
PVE::Network::SDN::Ipams::write_config($ipam_cfg);
}, "create sdn ipam object failed");
@@ -190,6 +194,8 @@ __PACKAGE__->register_method ({
$scfg->{$k} = $opts->{$k};
}
+ $plugin->on_update_hook($scfg);
+
PVE::Network::SDN::Ipams::write_config($ipam_cfg);
}, "update sdn ipam object failed");
diff --git a/PVE/Network/SDN/Ipams/NetboxPlugin.pm b/PVE/Network/SDN/Ipams/NetboxPlugin.pm
index 8695b7d..d696b08 100644
--- a/PVE/Network/SDN/Ipams/NetboxPlugin.pm
+++ b/PVE/Network/SDN/Ipams/NetboxPlugin.pm
@@ -138,10 +138,32 @@ sub del_ip {
PVE::Network::SDN::Ipams::Plugin::api_request("DELETE", "$url/ipam/ip-addresses/$ip_id/", $headers);
};
if ($@) {
- die "error delete ip $ip";
+ die "error delete ip $ip : $@";
}
}
+sub verify_api {
+ my ($class, $plugin_config) = @_;
+
+ my $url = $plugin_config->{url};
+ my $token = $plugin_config->{token};
+ my $headers = ['Content-Type' => 'application/json; charset=UTF-8', 'Authorization' => "token $token"];
+
+
+ eval {
+ PVE::Network::SDN::Ipams::Plugin::api_request("GET", "$url/ipam/aggregates/", $headers);
+ };
+ if ($@) {
+ die "Can't connect to netbox api: $@";
+ }
+}
+
+sub on_update_hook {
+ my ($class, $plugin_config) = @_;
+
+ PVE::Network::SDN::Ipams::NetboxPlugin::verify_api($class, $plugin_config);
+}
+
#helpers
sub get_prefix_id {
diff --git a/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm b/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm
index 324f1b2..f89ef29 100644
--- a/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm
+++ b/PVE/Network/SDN/Ipams/PhpIpamPlugin.pm
@@ -162,10 +162,32 @@ sub del_ip {
PVE::Network::SDN::Ipams::Plugin::api_request("DELETE", "$url/addresses/$ip_id", $headers);
};
if ($@) {
- die "error delete ip $ip";
+ die "error delete ip $ip: $@";
}
}
+sub verify_api {
+ my ($class, $plugin_config) = @_;
+
+ my $url = $plugin_config->{url};
+ my $token = $plugin_config->{token};
+ my $sectionid = $plugin_config->{section};
+ my $headers = ['Content-Type' => 'application/json; charset=UTF-8', 'Token' => $token];
+
+ eval {
+ PVE::Network::SDN::Ipams::Plugin::api_request("GET", "$url/sections/$sectionid", $headers);
+ };
+ if ($@) {
+ die "Can't connect to phpipam api: $@";
+ }
+}
+
+sub on_update_hook {
+ my ($class, $plugin_config) = @_;
+
+ PVE::Network::SDN::Ipams::PhpIpamPlugin::verify_api($class, $plugin_config);
+}
+
#helpers
diff --git a/PVE/Network/SDN/Ipams/Plugin.pm b/PVE/Network/SDN/Ipams/Plugin.pm
index a2ade3b..4c68287 100644
--- a/PVE/Network/SDN/Ipams/Plugin.pm
+++ b/PVE/Network/SDN/Ipams/Plugin.pm
@@ -87,6 +87,10 @@ sub del_ip {
my ($class, $plugin_config, $subnetid, $subnet, $ip) = @_;
}
+sub on_update_hook {
+ my ($class, $plugin_config) = @_;
+}
+
#helpers
sub api_request {
--
2.20.1
More information about the pve-devel
mailing list