[pve-devel] [PATCH v2 proxmox 15/42] notify: api: add API for filters

Lukas Wagner l.wagner at proxmox.com
Wed May 24 15:56:22 CEST 2023


Signed-off-by: Lukas Wagner <l.wagner at proxmox.com>
---
 proxmox-notify/src/api/filter.rs   | 366 +++++++++++++++++++++++++++++
 proxmox-notify/src/api/gotify.rs   |   7 +
 proxmox-notify/src/api/mod.rs      |   1 +
 proxmox-notify/src/api/sendmail.rs |   5 +
 4 files changed, 379 insertions(+)
 create mode 100644 proxmox-notify/src/api/filter.rs

diff --git a/proxmox-notify/src/api/filter.rs b/proxmox-notify/src/api/filter.rs
new file mode 100644
index 00000000..3d80778f
--- /dev/null
+++ b/proxmox-notify/src/api/filter.rs
@@ -0,0 +1,366 @@
+use crate::api::ApiError;
+use crate::filter::{DeleteableFilterProperty, FilterConfig, FilterConfigUpdater, FILTER_TYPENAME};
+use crate::Config;
+use std::collections::HashSet;
+
+/// Get a list of all filters
+///
+/// The caller is responsible for any needed permission checks.
+/// Returns a list of all filters or an `ApiError` if the config is erroneous.
+pub fn get_filters(config: &Config) -> Result<Vec<FilterConfig>, ApiError> {
+    config
+        .config
+        .convert_to_typed_array(FILTER_TYPENAME)
+        .map_err(|e| ApiError::internal_server_error("Could not fetch filters", Some(e.into())))
+}
+
+/// Get filter with given `name`
+///
+/// The caller is responsible for any needed permission checks.
+/// Returns the endpoint or an `ApiError` if the filter was not found.
+pub fn get_filter(config: &Config, name: &str) -> Result<FilterConfig, ApiError> {
+    config
+        .config
+        .lookup(FILTER_TYPENAME, name)
+        .map_err(|_| ApiError::not_found(format!("filter '{name}' not found"), None))
+}
+
+/// Add new notification filter.
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if a filter with the same name already exists,
+/// if the filter could not be saved, or if the included sub-filter leads to
+/// a filter recursion.
+pub fn add_filter(config: &mut Config, filter_config: &FilterConfig) -> Result<(), ApiError> {
+    if get_filter(config, &filter_config.name).is_ok() {
+        return Err(ApiError::bad_request(
+            format!("filter '{}' already exists", filter_config.name),
+            None,
+        ));
+    }
+
+    if let Some(sub_filters) = filter_config.sub_filter.as_ref() {
+        let sub_filters = sub_filters
+            .iter()
+            .map(|s| s.as_str())
+            .collect::<Vec<&str>>();
+        check_for_filter_recursion(config, &filter_config.name, &sub_filters)?;
+    }
+
+    config
+        .config
+        .set_data(&filter_config.name, FILTER_TYPENAME, filter_config)
+        .map_err(|e| {
+            ApiError::internal_server_error(
+                format!("could not save filter '{}'", filter_config.name),
+                Some(e.into()),
+            )
+        })?;
+
+    Ok(())
+}
+
+/// Update existing filter
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if the config could not be saved, or if one of
+/// the sub-filters leads to a recursive filter definition.
+pub fn update_filter(
+    config: &mut Config,
+    name: &str,
+    filter_updater: &FilterConfigUpdater,
+    delete: Option<&[DeleteableFilterProperty]>,
+    digest: Option<&[u8]>,
+) -> Result<(), ApiError> {
+    super::verify_digest(config, digest)?;
+
+    let mut filter = get_filter(config, name)?;
+
+    if let Some(delete) = delete {
+        for deleteable_property in delete {
+            match deleteable_property {
+                DeleteableFilterProperty::MinSeverity => filter.min_severity = None,
+                DeleteableFilterProperty::SubFilter => filter.sub_filter = None,
+                DeleteableFilterProperty::Mode => filter.mode = None,
+                DeleteableFilterProperty::MatchProperty => filter.match_property = None,
+                DeleteableFilterProperty::InvertMatch => filter.invert_match = None,
+                DeleteableFilterProperty::Comment => filter.comment = None,
+            }
+        }
+    }
+
+    if let Some(min_severity) = filter_updater.min_severity {
+        filter.min_severity = Some(min_severity);
+    }
+
+    if let Some(sub_filter) = &filter_updater.sub_filter {
+        let sub_filters = sub_filter.iter().map(|s| s.as_str()).collect::<Vec<&str>>();
+        check_for_filter_recursion(config, name, &sub_filters)?;
+        filter.sub_filter = Some(sub_filter.iter().map(String::from).collect());
+    }
+
+    if let Some(mode) = filter_updater.mode {
+        filter.mode = Some(mode);
+    }
+
+    if let Some(match_property) = &filter_updater.match_property {
+        filter.match_property = Some(match_property.iter().map(String::from).collect());
+    }
+
+    if let Some(invert_match) = filter_updater.invert_match {
+        filter.invert_match = Some(invert_match);
+    }
+
+    if let Some(comment) = &filter_updater.comment {
+        filter.comment = Some(comment.into());
+    }
+
+    config
+        .config
+        .set_data(name, FILTER_TYPENAME, &filter)
+        .map_err(|e| {
+            ApiError::internal_server_error(
+                format!("could not save filter '{name}'"),
+                Some(e.into()),
+            )
+        })?;
+
+    Ok(())
+}
+
+/// Delete existing filter
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if the filter does not exist.
+pub fn delete_filter(config: &mut Config, name: &str) -> Result<(), ApiError> {
+    // Check if the filter exists
+    let _ = get_filter(config, name)?;
+
+    config.config.sections.remove(name);
+
+    Ok(())
+}
+
+fn check_for_filter_recursion(
+    config: &Config,
+    filter: &str,
+    new_sub_filters: &[&str],
+) -> Result<(), ApiError> {
+    for sub_filter in new_sub_filters {
+        let mut visited = HashSet::new();
+
+        // Add the the filter we're currently adding/updating as a starting point,
+        // since it has not been saved in the configuration
+        visited.insert(filter.to_string());
+        do_check_for_filter_recursion(config, sub_filter, &mut visited)?;
+    }
+
+    Ok(())
+}
+
+fn do_check_for_filter_recursion(
+    config: &Config,
+    filter: &str,
+    visited: &mut HashSet<String>,
+) -> Result<(), ApiError> {
+    if visited.contains(filter) {
+        return Err(ApiError::bad_request(
+            format!("recursion in sub-filter detected: {filter}"),
+            None,
+        ));
+    }
+
+    visited.insert(filter.to_string());
+
+    let filter = get_filter(config, filter)?;
+
+    if let Some(sub_filters) = &filter.sub_filter {
+        for sub_filter in sub_filters {
+            do_check_for_filter_recursion(config, sub_filter, visited)?;
+        }
+    }
+
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::filter::FilterModeOperator;
+    use crate::Severity;
+
+    fn empty_config() -> Config {
+        Config::new("", "").unwrap()
+    }
+
+    fn config_with_two_filters() -> Config {
+        Config::new(
+            "
+filter: filter1
+    min-severity info
+
+filter: filter2
+    min-severity warning
+",
+            "",
+        )
+        .unwrap()
+    }
+
+    #[test]
+    fn test_update_not_existing_returns_error() -> Result<(), ApiError> {
+        let mut config = empty_config();
+        assert!(update_filter(&mut config, "test", &Default::default(), None, None).is_err());
+        Ok(())
+    }
+
+    #[test]
+    fn test_update_invalid_digest_returns_error() -> Result<(), ApiError> {
+        let mut config = config_with_two_filters();
+        assert!(update_filter(
+            &mut config,
+            "filter1",
+            &Default::default(),
+            None,
+            Some(&[0u8; 32])
+        )
+        .is_err());
+
+        Ok(())
+    }
+
+    #[test]
+    fn test_filter_update() -> Result<(), ApiError> {
+        let mut config = config_with_two_filters();
+
+        let digest = config.digest;
+
+        update_filter(
+            &mut config,
+            "filter1",
+            &FilterConfigUpdater {
+                min_severity: Some(Severity::Error),
+                sub_filter: Some(vec!["filter2".into()]),
+                mode: Some(FilterModeOperator::Or),
+                match_property: Some(vec!["foo=bar".into()]),
+                invert_match: Some(true),
+                comment: Some("new comment".into()),
+            },
+            None,
+            Some(&digest),
+        )?;
+
+        let filter = get_filter(&config, "filter1")?;
+
+        assert!(matches!(filter.mode, Some(FilterModeOperator::Or)));
+        assert!(matches!(filter.min_severity, Some(Severity::Error)));
+        assert_eq!(filter.match_property, Some(vec!["foo=bar".into()]));
+        assert_eq!(filter.invert_match, Some(true));
+        assert_eq!(filter.sub_filter, Some(vec!["filter2".into()]));
+        assert_eq!(filter.comment, Some("new comment".into()));
+
+        // Test property deletion
+        update_filter(
+            &mut config,
+            "filter1",
+            &Default::default(),
+            Some(&[
+                DeleteableFilterProperty::InvertMatch,
+                DeleteableFilterProperty::SubFilter,
+                DeleteableFilterProperty::Mode,
+                DeleteableFilterProperty::InvertMatch,
+                DeleteableFilterProperty::MinSeverity,
+                DeleteableFilterProperty::MatchProperty,
+                DeleteableFilterProperty::Comment,
+            ]),
+            Some(&digest),
+        )?;
+
+        let filter = get_filter(&config, "filter1")?;
+
+        assert_eq!(filter.invert_match, None);
+        assert_eq!(filter.min_severity, None);
+        assert!(matches!(filter.mode, None));
+        assert_eq!(filter.match_property, None);
+        assert_eq!(filter.sub_filter, None);
+        assert_eq!(filter.comment, None);
+
+        // Adding a non-existing sub-filter must fail
+        assert!(update_filter(
+            &mut config,
+            "filter1",
+            &FilterConfigUpdater {
+                sub_filter: Some(vec!["filter3".into()]),
+                ..Default::default()
+            },
+            None,
+            Some(&digest),
+        )
+        .is_err());
+
+        Ok(())
+    }
+
+    #[test]
+    fn test_filter_delete() -> Result<(), ApiError> {
+        let mut config = config_with_two_filters();
+
+        delete_filter(&mut config, "filter1")?;
+        assert!(delete_filter(&mut config, "filter1").is_err());
+        assert_eq!(get_filters(&config)?.len(), 1);
+
+        Ok(())
+    }
+
+    #[test]
+    fn test_recursive_subfilter_definition() -> Result<(), ApiError> {
+        let mut config = Config::new(
+            "
+filter: filter-a
+    sub-filter filter-b
+
+filter: filter-b
+
+filter: filter-e
+    sub-filter filter-f
+
+filter: filter-f
+    sub-filter filter-e
+        ",
+            "",
+        )
+        .unwrap();
+
+        // Newly created recursion should be detected
+        assert!(update_filter(
+            &mut config,
+            "filter-b",
+            &FilterConfigUpdater {
+                sub_filter: Some(vec!["filter-a".into()]),
+                ..Default::default()
+            },
+            None,
+            None,
+        )
+        .is_err());
+
+        // Existing recursions should also be detected, in case the
+        // configuration file was modified by hand.
+        assert!(update_filter(
+            &mut config,
+            "filter-c",
+            &FilterConfigUpdater {
+                sub_filter: Some(vec!["filter-e".into()]),
+                ..Default::default()
+            },
+            None,
+            None,
+        )
+        .is_err());
+
+        Ok(())
+    }
+}
diff --git a/proxmox-notify/src/api/gotify.rs b/proxmox-notify/src/api/gotify.rs
index fdb9cf53..48051200 100644
--- a/proxmox-notify/src/api/gotify.rs
+++ b/proxmox-notify/src/api/gotify.rs
@@ -112,6 +112,13 @@ pub fn update_endpoint(
         endpoint.comment = Some(comment.into());
     }
 
+    if let Some(filter) = &endpoint_config_updater.filter {
+        // Check if filter exists
+        let _ = super::filter::get_filter(config, &filter)?;
+
+        endpoint.filter = Some(filter.into());
+    }
+
     config
         .config
         .set_data(name, GOTIFY_TYPENAME, &endpoint)
diff --git a/proxmox-notify/src/api/mod.rs b/proxmox-notify/src/api/mod.rs
index 1d249024..65dbc97c 100644
--- a/proxmox-notify/src/api/mod.rs
+++ b/proxmox-notify/src/api/mod.rs
@@ -6,6 +6,7 @@ use serde::Serialize;
 
 pub mod channel;
 pub mod common;
+pub mod filter;
 #[cfg(feature = "gotify")]
 pub mod gotify;
 #[cfg(feature = "sendmail")]
diff --git a/proxmox-notify/src/api/sendmail.rs b/proxmox-notify/src/api/sendmail.rs
index a5379cd3..85b73a39 100644
--- a/proxmox-notify/src/api/sendmail.rs
+++ b/proxmox-notify/src/api/sendmail.rs
@@ -96,6 +96,11 @@ pub fn update_endpoint(
         endpoint.comment = Some(comment.into());
     }
 
+    if let Some(filter) = &updater.filter {
+        let _ = super::filter::get_filter(config, filter)?;
+        endpoint.filter = Some(filter.into());
+    }
+
     config
         .config
         .set_data(name, SENDMAIL_TYPENAME, &endpoint)
-- 
2.30.2






More information about the pve-devel mailing list