[pve-devel] [PATCH v2 proxmox 15/42] notify: api: add API for filters
Lukas Wagner
l.wagner at proxmox.com
Wed May 24 15:56:22 CEST 2023
Signed-off-by: Lukas Wagner <l.wagner at proxmox.com>
---
proxmox-notify/src/api/filter.rs | 366 +++++++++++++++++++++++++++++
proxmox-notify/src/api/gotify.rs | 7 +
proxmox-notify/src/api/mod.rs | 1 +
proxmox-notify/src/api/sendmail.rs | 5 +
4 files changed, 379 insertions(+)
create mode 100644 proxmox-notify/src/api/filter.rs
diff --git a/proxmox-notify/src/api/filter.rs b/proxmox-notify/src/api/filter.rs
new file mode 100644
index 00000000..3d80778f
--- /dev/null
+++ b/proxmox-notify/src/api/filter.rs
@@ -0,0 +1,366 @@
+use crate::api::ApiError;
+use crate::filter::{DeleteableFilterProperty, FilterConfig, FilterConfigUpdater, FILTER_TYPENAME};
+use crate::Config;
+use std::collections::HashSet;
+
+/// Get a list of all filters
+///
+/// The caller is responsible for any needed permission checks.
+/// Returns a list of all filters or an `ApiError` if the config is erroneous.
+pub fn get_filters(config: &Config) -> Result<Vec<FilterConfig>, ApiError> {
+ config
+ .config
+ .convert_to_typed_array(FILTER_TYPENAME)
+ .map_err(|e| ApiError::internal_server_error("Could not fetch filters", Some(e.into())))
+}
+
+/// Get filter with given `name`
+///
+/// The caller is responsible for any needed permission checks.
+/// Returns the endpoint or an `ApiError` if the filter was not found.
+pub fn get_filter(config: &Config, name: &str) -> Result<FilterConfig, ApiError> {
+ config
+ .config
+ .lookup(FILTER_TYPENAME, name)
+ .map_err(|_| ApiError::not_found(format!("filter '{name}' not found"), None))
+}
+
+/// Add new notification filter.
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if a filter with the same name already exists,
+/// if the filter could not be saved, or if the included sub-filter leads to
+/// a filter recursion.
+pub fn add_filter(config: &mut Config, filter_config: &FilterConfig) -> Result<(), ApiError> {
+ if get_filter(config, &filter_config.name).is_ok() {
+ return Err(ApiError::bad_request(
+ format!("filter '{}' already exists", filter_config.name),
+ None,
+ ));
+ }
+
+ if let Some(sub_filters) = filter_config.sub_filter.as_ref() {
+ let sub_filters = sub_filters
+ .iter()
+ .map(|s| s.as_str())
+ .collect::<Vec<&str>>();
+ check_for_filter_recursion(config, &filter_config.name, &sub_filters)?;
+ }
+
+ config
+ .config
+ .set_data(&filter_config.name, FILTER_TYPENAME, filter_config)
+ .map_err(|e| {
+ ApiError::internal_server_error(
+ format!("could not save filter '{}'", filter_config.name),
+ Some(e.into()),
+ )
+ })?;
+
+ Ok(())
+}
+
+/// Update existing filter
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if the config could not be saved, or if one of
+/// the sub-filters leads to a recursive filter definition.
+pub fn update_filter(
+ config: &mut Config,
+ name: &str,
+ filter_updater: &FilterConfigUpdater,
+ delete: Option<&[DeleteableFilterProperty]>,
+ digest: Option<&[u8]>,
+) -> Result<(), ApiError> {
+ super::verify_digest(config, digest)?;
+
+ let mut filter = get_filter(config, name)?;
+
+ if let Some(delete) = delete {
+ for deleteable_property in delete {
+ match deleteable_property {
+ DeleteableFilterProperty::MinSeverity => filter.min_severity = None,
+ DeleteableFilterProperty::SubFilter => filter.sub_filter = None,
+ DeleteableFilterProperty::Mode => filter.mode = None,
+ DeleteableFilterProperty::MatchProperty => filter.match_property = None,
+ DeleteableFilterProperty::InvertMatch => filter.invert_match = None,
+ DeleteableFilterProperty::Comment => filter.comment = None,
+ }
+ }
+ }
+
+ if let Some(min_severity) = filter_updater.min_severity {
+ filter.min_severity = Some(min_severity);
+ }
+
+ if let Some(sub_filter) = &filter_updater.sub_filter {
+ let sub_filters = sub_filter.iter().map(|s| s.as_str()).collect::<Vec<&str>>();
+ check_for_filter_recursion(config, name, &sub_filters)?;
+ filter.sub_filter = Some(sub_filter.iter().map(String::from).collect());
+ }
+
+ if let Some(mode) = filter_updater.mode {
+ filter.mode = Some(mode);
+ }
+
+ if let Some(match_property) = &filter_updater.match_property {
+ filter.match_property = Some(match_property.iter().map(String::from).collect());
+ }
+
+ if let Some(invert_match) = filter_updater.invert_match {
+ filter.invert_match = Some(invert_match);
+ }
+
+ if let Some(comment) = &filter_updater.comment {
+ filter.comment = Some(comment.into());
+ }
+
+ config
+ .config
+ .set_data(name, FILTER_TYPENAME, &filter)
+ .map_err(|e| {
+ ApiError::internal_server_error(
+ format!("could not save filter '{name}'"),
+ Some(e.into()),
+ )
+ })?;
+
+ Ok(())
+}
+
+/// Delete existing filter
+///
+/// The caller is responsible for any needed permission checks.
+/// The caller also responsible for locking the configuration files.
+/// Returns an `ApiError` if the filter does not exist.
+pub fn delete_filter(config: &mut Config, name: &str) -> Result<(), ApiError> {
+ // Check if the filter exists
+ let _ = get_filter(config, name)?;
+
+ config.config.sections.remove(name);
+
+ Ok(())
+}
+
+fn check_for_filter_recursion(
+ config: &Config,
+ filter: &str,
+ new_sub_filters: &[&str],
+) -> Result<(), ApiError> {
+ for sub_filter in new_sub_filters {
+ let mut visited = HashSet::new();
+
+ // Add the the filter we're currently adding/updating as a starting point,
+ // since it has not been saved in the configuration
+ visited.insert(filter.to_string());
+ do_check_for_filter_recursion(config, sub_filter, &mut visited)?;
+ }
+
+ Ok(())
+}
+
+fn do_check_for_filter_recursion(
+ config: &Config,
+ filter: &str,
+ visited: &mut HashSet<String>,
+) -> Result<(), ApiError> {
+ if visited.contains(filter) {
+ return Err(ApiError::bad_request(
+ format!("recursion in sub-filter detected: {filter}"),
+ None,
+ ));
+ }
+
+ visited.insert(filter.to_string());
+
+ let filter = get_filter(config, filter)?;
+
+ if let Some(sub_filters) = &filter.sub_filter {
+ for sub_filter in sub_filters {
+ do_check_for_filter_recursion(config, sub_filter, visited)?;
+ }
+ }
+
+ Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+ use crate::filter::FilterModeOperator;
+ use crate::Severity;
+
+ fn empty_config() -> Config {
+ Config::new("", "").unwrap()
+ }
+
+ fn config_with_two_filters() -> Config {
+ Config::new(
+ "
+filter: filter1
+ min-severity info
+
+filter: filter2
+ min-severity warning
+",
+ "",
+ )
+ .unwrap()
+ }
+
+ #[test]
+ fn test_update_not_existing_returns_error() -> Result<(), ApiError> {
+ let mut config = empty_config();
+ assert!(update_filter(&mut config, "test", &Default::default(), None, None).is_err());
+ Ok(())
+ }
+
+ #[test]
+ fn test_update_invalid_digest_returns_error() -> Result<(), ApiError> {
+ let mut config = config_with_two_filters();
+ assert!(update_filter(
+ &mut config,
+ "filter1",
+ &Default::default(),
+ None,
+ Some(&[0u8; 32])
+ )
+ .is_err());
+
+ Ok(())
+ }
+
+ #[test]
+ fn test_filter_update() -> Result<(), ApiError> {
+ let mut config = config_with_two_filters();
+
+ let digest = config.digest;
+
+ update_filter(
+ &mut config,
+ "filter1",
+ &FilterConfigUpdater {
+ min_severity: Some(Severity::Error),
+ sub_filter: Some(vec!["filter2".into()]),
+ mode: Some(FilterModeOperator::Or),
+ match_property: Some(vec!["foo=bar".into()]),
+ invert_match: Some(true),
+ comment: Some("new comment".into()),
+ },
+ None,
+ Some(&digest),
+ )?;
+
+ let filter = get_filter(&config, "filter1")?;
+
+ assert!(matches!(filter.mode, Some(FilterModeOperator::Or)));
+ assert!(matches!(filter.min_severity, Some(Severity::Error)));
+ assert_eq!(filter.match_property, Some(vec!["foo=bar".into()]));
+ assert_eq!(filter.invert_match, Some(true));
+ assert_eq!(filter.sub_filter, Some(vec!["filter2".into()]));
+ assert_eq!(filter.comment, Some("new comment".into()));
+
+ // Test property deletion
+ update_filter(
+ &mut config,
+ "filter1",
+ &Default::default(),
+ Some(&[
+ DeleteableFilterProperty::InvertMatch,
+ DeleteableFilterProperty::SubFilter,
+ DeleteableFilterProperty::Mode,
+ DeleteableFilterProperty::InvertMatch,
+ DeleteableFilterProperty::MinSeverity,
+ DeleteableFilterProperty::MatchProperty,
+ DeleteableFilterProperty::Comment,
+ ]),
+ Some(&digest),
+ )?;
+
+ let filter = get_filter(&config, "filter1")?;
+
+ assert_eq!(filter.invert_match, None);
+ assert_eq!(filter.min_severity, None);
+ assert!(matches!(filter.mode, None));
+ assert_eq!(filter.match_property, None);
+ assert_eq!(filter.sub_filter, None);
+ assert_eq!(filter.comment, None);
+
+ // Adding a non-existing sub-filter must fail
+ assert!(update_filter(
+ &mut config,
+ "filter1",
+ &FilterConfigUpdater {
+ sub_filter: Some(vec!["filter3".into()]),
+ ..Default::default()
+ },
+ None,
+ Some(&digest),
+ )
+ .is_err());
+
+ Ok(())
+ }
+
+ #[test]
+ fn test_filter_delete() -> Result<(), ApiError> {
+ let mut config = config_with_two_filters();
+
+ delete_filter(&mut config, "filter1")?;
+ assert!(delete_filter(&mut config, "filter1").is_err());
+ assert_eq!(get_filters(&config)?.len(), 1);
+
+ Ok(())
+ }
+
+ #[test]
+ fn test_recursive_subfilter_definition() -> Result<(), ApiError> {
+ let mut config = Config::new(
+ "
+filter: filter-a
+ sub-filter filter-b
+
+filter: filter-b
+
+filter: filter-e
+ sub-filter filter-f
+
+filter: filter-f
+ sub-filter filter-e
+ ",
+ "",
+ )
+ .unwrap();
+
+ // Newly created recursion should be detected
+ assert!(update_filter(
+ &mut config,
+ "filter-b",
+ &FilterConfigUpdater {
+ sub_filter: Some(vec!["filter-a".into()]),
+ ..Default::default()
+ },
+ None,
+ None,
+ )
+ .is_err());
+
+ // Existing recursions should also be detected, in case the
+ // configuration file was modified by hand.
+ assert!(update_filter(
+ &mut config,
+ "filter-c",
+ &FilterConfigUpdater {
+ sub_filter: Some(vec!["filter-e".into()]),
+ ..Default::default()
+ },
+ None,
+ None,
+ )
+ .is_err());
+
+ Ok(())
+ }
+}
diff --git a/proxmox-notify/src/api/gotify.rs b/proxmox-notify/src/api/gotify.rs
index fdb9cf53..48051200 100644
--- a/proxmox-notify/src/api/gotify.rs
+++ b/proxmox-notify/src/api/gotify.rs
@@ -112,6 +112,13 @@ pub fn update_endpoint(
endpoint.comment = Some(comment.into());
}
+ if let Some(filter) = &endpoint_config_updater.filter {
+ // Check if filter exists
+ let _ = super::filter::get_filter(config, &filter)?;
+
+ endpoint.filter = Some(filter.into());
+ }
+
config
.config
.set_data(name, GOTIFY_TYPENAME, &endpoint)
diff --git a/proxmox-notify/src/api/mod.rs b/proxmox-notify/src/api/mod.rs
index 1d249024..65dbc97c 100644
--- a/proxmox-notify/src/api/mod.rs
+++ b/proxmox-notify/src/api/mod.rs
@@ -6,6 +6,7 @@ use serde::Serialize;
pub mod channel;
pub mod common;
+pub mod filter;
#[cfg(feature = "gotify")]
pub mod gotify;
#[cfg(feature = "sendmail")]
diff --git a/proxmox-notify/src/api/sendmail.rs b/proxmox-notify/src/api/sendmail.rs
index a5379cd3..85b73a39 100644
--- a/proxmox-notify/src/api/sendmail.rs
+++ b/proxmox-notify/src/api/sendmail.rs
@@ -96,6 +96,11 @@ pub fn update_endpoint(
endpoint.comment = Some(comment.into());
}
+ if let Some(filter) = &updater.filter {
+ let _ = super::filter::get_filter(config, filter)?;
+ endpoint.filter = Some(filter.into());
+ }
+
config
.config
.set_data(name, SENDMAIL_TYPENAME, &endpoint)
--
2.30.2
More information about the pve-devel
mailing list