[pve-devel] [PATCH firewall 1/4] api: factor out renaming parameters to more descriptive names

Leo Nunner l.nunner at proxmox.com
Thu Jan 26 15:30:16 CET 2023 

Signed-off-by: Leo Nunner <l.nunner at proxmox.com>
---
 src/PVE/API2/Firewall/Aliases.pm | 20 ++++++------
 src/PVE/API2/Firewall/Groups.pm  | 53 ++++++++++++++++----------------
 src/PVE/API2/Firewall/IPSet.pm   | 39 ++++++++++++-----------
 3 files changed, 56 insertions(+), 56 deletions(-)

diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm
index 33ac669..88f20a0 100644
--- a/src/PVE/API2/Firewall/Aliases.pm
+++ b/src/PVE/API2/Firewall/Aliases.pm
@@ -234,24 +234,22 @@ sub register_update_alias {
 
 		PVE::Tools::assert_if_modified($digest, $param->{digest});
 
-		my $name = lc($param->{name});
+		my $rename_to = lc($param->{rename}) if defined($param->{rename});
+		my $rename_from = lc($param->{name});
 
-		raise_param_exc({ name => "no such alias" }) if !$aliases->{$name};
+		raise_param_exc({ name => "no such alias" }) if !$aliases->{$rename_from};
 
 		my $data = { name => $param->{name}, cidr => $param->{cidr} };
 		$data->{comment} = $param->{comment} if $param->{comment};
 
-		$aliases->{$name} = $data;
-
-		my $rename = $param->{rename};
-		$rename = lc($rename) if $rename;
+		$aliases->{$rename_from} = $data;
 
-		if ($rename && ($name ne $rename)) {
+		if ($rename_to && ($rename_from ne $rename_to)) {
 		    raise_param_exc({ name => "alias '$param->{rename}' already exists" })
-			if defined($aliases->{$rename});
-		    $aliases->{$name}->{name} = $param->{rename};
-		    $aliases->{$rename} = $aliases->{$name};
-		    delete $aliases->{$name};
+			if defined($aliases->{$rename_to});
+		    $aliases->{$rename_from}->{name} = $param->{rename};
+		    $aliases->{$rename_to} = $aliases->{$rename_from};
+		    delete $aliases->{$rename_from};
 		}
 
 		$class->save_aliases($param, $fw_conf, $aliases);
diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index ffdc45c..a0695ce 100644
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -100,37 +100,37 @@ __PACKAGE__->register_method({
     code => sub {
 	my ($param) = @_;
 
-	my $group = $param->{group};
-	my $rename = $param->{rename};
+	my $rename_to = $param->{group};
+	my $rename_from = $param->{rename};
 	my $comment = $param->{comment};
 
 	PVE::Firewall::lock_clusterfw_conf(10, sub {
 	    my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
 
-	    if ($rename) {
+	    if ($rename_from) {
 		my (undef, $digest) = &$get_security_group_list($cluster_conf);
 		PVE::Tools::assert_if_modified($digest, $param->{digest});
 
-		raise_param_exc({ group => "Security group '$rename' does not exist" })
-		    if !$cluster_conf->{groups}->{$rename};
+		raise_param_exc({ group => "Security group '$rename_from' does not exist" })
+		    if !$cluster_conf->{groups}->{$rename_from};
 
 		# prevent overwriting an existing group
-		raise_param_exc({ group => "Security group '$group' does already exist" })
-		    if $cluster_conf->{groups}->{$group} &&
-		    $group ne $rename;
+		raise_param_exc({ group => "Security group '$rename_to' does already exist" })
+		    if $cluster_conf->{groups}->{$rename_to} &&
+		    $rename_to ne $rename_from;
 
-		if ($rename eq $group) {
-		    $cluster_conf->{group_comments}->{$rename} = $comment if defined($comment);
+		if ($rename_from eq $rename_to) {
+		    $cluster_conf->{group_comments}->{$rename_from} = $comment if defined($comment);
 		    PVE::Firewall::save_clusterfw_conf($cluster_conf);
 		    return;
 		}
 
 		# Create an exact copy of the old security group
-		$cluster_conf->{groups}->{$group} = $cluster_conf->{groups}->{$rename};
-		$cluster_conf->{group_comments}->{$group} = $cluster_conf->{group_comments}->{$rename};
+		$cluster_conf->{groups}->{$rename_to} = $cluster_conf->{groups}->{$rename_from};
+		$cluster_conf->{group_comments}->{$rename_to} = $cluster_conf->{group_comments}->{$rename_from};
 
 		# Update comment if provided
-		$cluster_conf->{group_comments}->{$group} = $comment if defined($comment);
+		$cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment);
 
 		# Write the copy to the cluster config, so that if something fails inbetween, the new firewall
 		# rules won't be broken when the new name is referenced
@@ -144,8 +144,8 @@ __PACKAGE__->register_method({
 		        my $host_conf = PVE::Firewall::load_hostfw_conf($cluster_conf, $host_conf_path);
 
 			if (defined($host_conf)) {
-			    &$rename_fw_rules($rename,
-			        $group,
+			    &$rename_fw_rules($rename_from,
+			        $rename_to,
 			        $host_conf->{rules});
 			    PVE::Firewall::save_hostfw_conf($host_conf, $host_conf_path);
 		        }
@@ -160,8 +160,8 @@ __PACKAGE__->register_method({
 		        my $vm_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $vm_type, $vm, "/etc/pve/firewall");
 
 			if (defined($vm_conf)) {
-			    &$rename_fw_rules($rename,
-			        $group,
+			    &$rename_fw_rules($rename_from,
+			        $rename_to,
 			        $vm_conf->{rules});
 			    PVE::Firewall::save_vmfw_conf($vm, $vm_conf);
 			}
@@ -169,21 +169,20 @@ __PACKAGE__->register_method({
 		}
 
 		# And also update the cluster itself
-		&$rename_fw_rules($rename,
-		    $group,
+		&$rename_fw_rules($rename_from,
+		    $rename_to,
 		    $cluster_conf->{rules});
 
 		# Now that everything has been updated, the old rule can be deleted
-		delete $cluster_conf->{groups}->{$rename};
-		delete $cluster_conf->{group_comments}->{$rename};
+		delete $cluster_conf->{groups}->{$rename_from};
+		delete $cluster_conf->{group_comments}->{$rename_from};
 	    } else {
-		foreach my $name (keys %{$cluster_conf->{groups}}) {
-		    raise_param_exc({ group => "Security group '$name' already exists" })
-			if $name eq $group;
-		}
+		# In this context, $rename_to is the name for the new group
+		raise_param_exc({ group => "Security group '$rename_to' already exists" })
+		    if $cluster_conf->{groups}->{$rename_to};
 
-		$cluster_conf->{groups}->{$group} = [];
-		$cluster_conf->{group_comments}->{$group} = $comment if defined($comment);
+		$cluster_conf->{groups}->{$rename_to} = [];
+		$cluster_conf->{group_comments}->{$rename_to} = $comment if defined($comment);
 	    }
 
 	    PVE::Firewall::save_clusterfw_conf($cluster_conf);
diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index 14bcfcb..0e6b1d6 100644
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -647,32 +647,35 @@ sub register_create {
 
 		my ($cluster_conf, $fw_conf) = $class->load_config($param);
 
-		if ($param->{rename}) {
+		my $rename_to = $param->{name};
+		my $rename_from = $param->{rename};
+		my $comment = $param->{comment};
+
+		if ($rename_from) {
 		    my (undef, $digest) = &$get_ipset_list($fw_conf);
 		    PVE::Tools::assert_if_modified($digest, $param->{digest});
 
-		    raise_param_exc({ name => "IPSet '$param->{rename}' does not exist" })
-			if !$fw_conf->{ipset}->{$param->{rename}};
+		    raise_param_exc({ name => "IPSet '$rename_from' does not exist" })
+			if !$fw_conf->{ipset}->{$rename_from};
 
 		    # prevent overwriting existing ipset
-		    raise_param_exc({ name => "IPSet '$param->{name}' does already exist"})
-			if $fw_conf->{ipset}->{$param->{name}} &&
-			$param->{name} ne $param->{rename};
-
-		    my $data = delete $fw_conf->{ipset}->{$param->{rename}};
-		    $fw_conf->{ipset}->{$param->{name}} = $data;
-		    if (my $comment = delete $fw_conf->{ipset_comments}->{$param->{rename}}) {
-			$fw_conf->{ipset_comments}->{$param->{name}} = $comment;
+		    raise_param_exc({ name => "IPSet '$rename_to' does already exist"})
+			if $fw_conf->{ipset}->{$rename_to} &&
+			$rename_to ne $rename_from;
+
+		    my $data = delete $fw_conf->{ipset}->{$rename_from};
+		    $fw_conf->{ipset}->{$rename_to} = $data;
+		    if (my $comment = delete $fw_conf->{ipset_comments}->{$rename_from}) {
+			$fw_conf->{ipset_comments}->{$rename_to} = $comment;
 		    }
-		    $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+		    $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment});
 		} else {
-		    foreach my $name (keys %{$fw_conf->{ipset}}) {
-			raise_param_exc({ name => "IPSet '$name' already exists" })
-			    if $name eq $param->{name};
-		    }
+		    # In this context, $rename_to is the name for the new IPSet
+		    raise_param_exc({ name => "IPSet '$rename_to' already exists" })
+		        if $fw_conf->{ipset}->{$rename_to};
 
-		    $fw_conf->{ipset}->{$param->{name}} = [];
-		    $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+		    $fw_conf->{ipset}->{$rename_to} = [];
+		    $fw_conf->{ipset_comments}->{$rename_to} = $param->{comment} if defined($param->{comment});
 		}
 
 		$class->save_config($param, $fw_conf);
-- 
2.30.2

More information about the pve-devel mailing list