TLSPolicy: rename domain to destination

TLS policies are applied to destinations - for the outbound case these are
domains. However when setting a policy for a next-hop destination the
property name 'domain' is misleading, and should be renamed to 'destination'

In order to maintain backward compatibility in the API, we need to keep the
'domain' property in all return defintions, and also accept it (or the new
'destination') for the create call (all other calls get the destination from
the path)

the create call warns of the deprecation  if the domain property is provided
(which ends up in the journal), but still works.

We can then get rid of the 'domain' property with the release of PMG 7.0

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>

diff --git a/src/PMG/API2/DestinationTLSPolicy.pm b/src/PMG/API2/DestinationTLSPolicy.pm
index 55512873a452b0e9323cabd99d595812015e7537..e3acb21ee58d72b05e011f6803da606daa6e2529 100644 (file)
--- a/src/PMG/API2/DestinationTLSPolicy.pm
+++ b/src/PMG/API2/DestinationTLSPolicy.pm
@@ -11,6 +11,8 @@ use PMG::Config;
 
 use base qw(PVE::RESTHandler);
 
+#TODO: drop the domain property with PMG 7.0
+
 __PACKAGE__->register_method ({
     name => 'index',
     path => '',
@@ -27,11 +29,12 @@ __PACKAGE__->register_method ({
        items => {
            type => 'object',
            properties => {
+               destination => { type => 'string', format => 'transport-domain-or-nexthop'},
                domain => { type => 'string', format => 'transport-domain-or-nexthop'},
                policy => { type => 'string', format => 'tls-policy'},
            },
        },
-       links => [ { rel => 'child', href => "{domain}" } ],
+       links => [ { rel => 'child', href => "{destination}" } ],
     },
     code => sub {
        my ($param) = @_;
@@ -40,6 +43,7 @@ __PACKAGE__->register_method ({
 
        my $policies = PVE::INotify::read_file('tls_policy');
        foreach my $policy (sort keys %$policies) {
+           $policies->{$policy}->{domain} = $policies->{$policy}->{destination};
            push @$res, $policies->{$policy};
        }
 
@@ -58,8 +62,14 @@ __PACKAGE__->register_method ({
        additionalProperties => 0,
        properties => {
            domain => {
-               description => "Domain name.",
+               description => "Deprecated - use 'destination'.",
+               type => 'string', format => 'transport-domain-or-nexthop',
+               optional => 1,
+           },
+           destination => {
+               description => "Destination (Domain or next-hop).",
                type => 'string', format => 'transport-domain-or-nexthop',
+               optional => 1,
            },
            policy => {
                description => "TLS policy",
@@ -71,15 +81,21 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
        my $domain = $param->{domain};
+       warn "Parameter 'domain' is deprecated for DestinationTLSPolicy - use 'destination'\n"
+           if defined($domain);
+       my $destination = $param->{destination} // $domain;
        my $policy = $param->{policy};
 
+       raise_param_exc({ destination => "No destination provided" })
+           if !defined($destination);
+
        my $code = sub {
            my $tls_policy = PVE::INotify::read_file('tls_policy');
-           raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' already exists" })
-               if $tls_policy->{$domain};
+           raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' already exists" })
+               if $tls_policy->{$destination};
 
-           $tls_policy->{$domain} = {
-               domain => $domain,
+           $tls_policy->{$destination} = {
+               destination => $destination,
                policy => $param->{policy},
            };
 
@@ -94,7 +110,7 @@ __PACKAGE__->register_method ({
 
 __PACKAGE__->register_method ({
     name => 'read',
-    path => '{domain}',
+    path => '{destination}',
     method => 'GET',
     description => "Read tls_policy entry.",
     proxyto => 'master',
@@ -102,8 +118,8 @@ __PACKAGE__->register_method ({
     parameters => {
        additionalProperties => 0,
        properties => {
-           domain => {
-               description => "Domain name.",
+           destination => {
+               description => "Destination (Domain or next-hop).",
                type => 'string', format => 'transport-domain-or-nexthop',
            },
        },
@@ -111,26 +127,28 @@ __PACKAGE__->register_method ({
     returns => {
        type => "object",
        properties => {
+           destination => { type => 'string', format => 'transport-domain-or-nexthop'},
            domain => { type => 'string', format => 'transport-domain-or-nexthop'},
            policy => { type => 'string', format => 'tls-policy'},
        },
     },
     code => sub {
        my ($param) = @_;
-       my $domain = $param->{domain};
+       my $destination = $param->{destination};
 
        my $tls_policy = PVE::INotify::read_file('tls_policy');
 
-       if (my $entry = $tls_policy->{$domain}) {
+       if (my $entry = $tls_policy->{$destination}) {
+           $entry->{domain} = $entry->{destination};
            return $entry;
        }
 
-       raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" });
+       raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" });
     }});
 
 __PACKAGE__->register_method ({
     name => 'write',
-    path => '{domain}',
+    path => '{destination}',
     method => 'PUT',
     description => "Update tls_policy entry.",
     protected => 1,
@@ -139,8 +157,8 @@ __PACKAGE__->register_method ({
     parameters => {
        additionalProperties => 0,
        properties => {
-           domain => {
-               description => "Domain name.",
+           destination => {
+               description => "Destination (Domain or next-hop).",
                type => 'string', format => 'transport-domain-or-nexthop',
            },
            policy => {
@@ -152,17 +170,17 @@ __PACKAGE__->register_method ({
     returns => { type => 'null' },
     code => sub {
        my ($param) = @_;
-       my $domain = $param->{domain};
+       my $destination = $param->{destination};
        my $policy = $param->{policy};
 
        my $code = sub {
 
            my $tls_policy = PVE::INotify::read_file('tls_policy');
 
-           raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" })
-               if !$tls_policy->{$domain};
+           raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" })
+               if !$tls_policy->{$destination};
 
-           $tls_policy->{$domain}->{policy} = $policy;
+           $tls_policy->{$destination}->{policy} = $policy;
 
            PVE::INotify::write_file('tls_policy', $tls_policy);
            PMG::Config::postmap_tls_policy();
@@ -175,7 +193,7 @@ __PACKAGE__->register_method ({
 
 __PACKAGE__->register_method ({
     name => 'delete',
-    path => '{domain}',
+    path => '{destination}',
     method => 'DELETE',
     description => "Delete a tls_policy entry",
     protected => 1,
@@ -184,8 +202,8 @@ __PACKAGE__->register_method ({
     parameters => {
        additionalProperties => 0,
        properties => {
-           domain => {
-               description => "Domain name.",
+           destination => {
+               description => "Destination (Domain or next-hop).",
                type => 'string', format => 'transport-domain-or-nexthop',
            },
        }
@@ -193,15 +211,15 @@ __PACKAGE__->register_method ({
     returns => { type => 'null' },
     code => sub {
        my ($param) = @_;
-       my $domain = $param->{domain};
+       my $destination = $param->{destination};
 
        my $code = sub {
            my $tls_policy = PVE::INotify::read_file('tls_policy');
 
-           raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" })
-               if !$tls_policy->{$domain};
+           raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" })
+               if !$tls_policy->{$destination};
 
-           delete $tls_policy->{$domain};
+           delete $tls_policy->{$destination};
 
            PVE::INotify::write_file('tls_policy', $tls_policy);
            PMG::Config::postmap_tls_policy();

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 2c1c9f1d023d1dc770b8bb78ea54a4252d5d7de4..4a0ca2c71a119ca0aaa4545ed94fbb15318b3573 100755 (executable)
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -1071,10 +1071,10 @@ sub read_tls_policy {
        };
 
        if ($line =~ m/^(\S+)\s+(.+)\s*$/) {
-           my ($domain, $policy) = ($1, $2);
+           my ($destination, $policy) = ($1, $2);
 
            eval {
-               pmg_verify_transport_domain_or_nexthop($domain);
+               pmg_verify_transport_domain_or_nexthop($destination);
                pmg_verify_tls_policy($policy);
            };
            if (my $err = $@) {
@@ -1082,8 +1082,8 @@ sub read_tls_policy {
                next;
            }
 
-           $tls_policy->{$domain} = {
-                   domain => $domain,
+           $tls_policy->{$destination} = {
+                   destination => $destination,
                    policy => $policy,
            };
        } else {
@@ -1099,10 +1099,10 @@ sub write_tls_policy {
 
     return if !$tls_policy;
 
-    foreach my $domain (sort keys %$tls_policy) {
-       my $entry = $tls_policy->{$domain};
+    foreach my $destination (sort keys %$tls_policy) {
+       my $entry = $tls_policy->{$destination};
        PVE::Tools::safe_print(
-           $filename, $fh, "$entry->{domain} $entry->{policy}\n");
+           $filename, $fh, "$entry->{destination} $entry->{policy}\n");
     }
 }