F #5324: Remove duplicates in Security Group

Author: Pavel Czerny <pczerny@opennebula.systems>
2025-03-22 18:50:08 +03:00 · 2021-04-12 10:01:40 +00:00 · 2021-04-12 10:01:40 +00:00 · 2ea4b1f767
commit 2ea4b1f767
parent f2e90df506
2 changed files with 55 additions and 7 deletions
--- a/include/SecurityGroup.h
+++ b/include/SecurityGroup.h
@ -179,7 +179,14 @@ private:
     *    @param error describing the problem if any
     *    @return true if the rule is valid
     */
-    bool isValidRule(const VectorAttribute * rule, std::string& error) const;
+    bool is_valid(const VectorAttribute * rule, std::string& error) const;
+
+    /**
+     *  Remove duplicit rules. The duplicits are removed from obj_template
+     *  not from passed parameter
+     *    @param rules as vector of VectorAttributes
+     */
+    void remove_duplicates(std::vector<VectorAttribute*>& rules);

    /**
     * Checks the new rules
--- a/src/secgroup/SecurityGroup.cc
+++ b/src/secgroup/SecurityGroup.cc
@ -57,7 +57,7 @@ SecurityGroup::SecurityGroup(

 int SecurityGroup::insert(SqlDB *db, string& error_str)
 {
-    vector<const VectorAttribute*> rules;
+    vector<VectorAttribute*> rules;

    erase_template_attribute("NAME",name);

@ -70,12 +70,14 @@ int SecurityGroup::insert(SqlDB *db, string& error_str)

    for ( auto rule : rules )
    {
-        if (!isValidRule(rule, error_str))
+        if (!is_valid(rule, error_str))
        {
            goto error_valid;
        }
    }

+    remove_duplicates(rules);
+
    if ( insert_replace(db, false, error_str) != 0 )
    {
        goto error_db;
@ -299,7 +301,7 @@ void SecurityGroup::get_rules(vector<VectorAttribute*>& result) const
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */

-bool SecurityGroup::isValidRule(const VectorAttribute * rule, string& error) const
+bool SecurityGroup::is_valid(const VectorAttribute * rule, string& error) const
 {
    string value, ip, proto;

@ -431,20 +433,59 @@ bool SecurityGroup::isValidRule(const VectorAttribute * rule, string& error) con
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */

+void SecurityGroup::remove_duplicates(vector<VectorAttribute*>& rules)
+{
+    for (auto rule : rules)
+    {
+        rule->replace("HASH", one_util::sha1_digest(rule->marshall()));
+    }
+
+    // Sort to get duplicates next to each other
+    sort(rules.begin(), rules.end(),
+        [](const VectorAttribute* va1, const VectorAttribute* va2) {
+            return va1->vector_value("HASH") < va2->vector_value("HASH");
+        });
+
+    string prev_value;
+
+    for (auto rule : rules)
+    {
+        string value = rule->vector_value("HASH");
+
+        if (value == prev_value)
+        {
+            auto r = obj_template->remove(rule);
+
+            delete r;
+        }
+        else
+        {
+            rule->remove("HASH");
+        }
+
+        prev_value = move(value);
+    }
+}
+
+/* -------------------------------------------------------------------------- */
+/* -------------------------------------------------------------------------- */
+
 int SecurityGroup::post_update_template(string& error)
 {
-    vector<const VectorAttribute*> rules;
+    vector<VectorAttribute*> rules;

-    get_template_attribute("RULE", rules);
+    obj_template->get("RULE", rules);

    for ( auto rule : rules )
    {
-        if (!isValidRule(rule, error))
+        if (!is_valid(rule, error))
        {
            return -1;
        }
    }

+    remove_duplicates(rules);
+
    commit(false);

    Nebula::instance().get_lcm()->trigger_updatesg(oid);