Always combine IP set data with static network definitions from NetBox

Before we relied on the combined data being present in ipsets.json when generating a new config, but ipsets.json is only updated through the form at /ipsets. So submitting any other form after changing NetBox definitions might crash when trying to find an entry from networks.json in ipsets.json. Now we introduce a helper functon to always read both files and combine the prefixes fron networks.json with ipsets.json. This way it is not necessary to save a new ipsets.json before other changes. Also don’t crash when enumerating networks for each VPN group.
2024-08-14 11:25:07 +02:00 · 2024-08-14 11:25:07 +02:00 · 048195c45c
commit 048195c45c
parent b6c191e2ce
5 changed files with 41 additions and 26 deletions
--- a/web/ipsets.py
+++ b/web/ipsets.py
@ -8,6 +8,19 @@ from . import system

 blueprint = flask.Blueprint('ipsets', __name__)

+# return combined data for all IP sets, stored in two files:
+#   - networks.json: IP prefixes for networks defined in NetBox
+#   - ipsets.json: custom IP prefixes defined with this app, and NAT and other settings for all sets
+# database should be locked when calling this function
+def read():
+    # first read in static data
+    all_ipsets = db.read('networks')
+    # then add the custom definitions, not overriding any IP prefixes from NetBox
+    for name, data in db.read('ipsets').items():
+        # set “custom” flag for this set if it is not present in networks.json
+        all_ipsets[name] = data | all_ipsets.get(name, {'custom': True})
+    return all_ipsets
+
@blueprint.route('/', methods=('GET', 'POST'))
@flask_login.login_required
 def index():
@ -17,25 +30,19 @@ def index():
    with db.locked():
        if flask.request.method == 'POST':
            # read network data from NetBox, merge in custom definitions and dump the lot
-            ipsets = db.read('networks')
+            sets = db.read('networks')
            formdata = zip(*(flask.request.form.getlist(e) for e in ('name', 'ip', 'ip6', 'nat', 'vpn')))
            for name, ip, ip6, nat, vpn in formdata:
                # drop sets with empty names
                if not name:
                    continue
                # assign IPs for custom networks only
-                if name not in ipsets:
-                    ipsets[name] = { 'ip': ip.split(), 'ip6': ip6.split() }
+                if name not in sets:
+                    sets[name] = { 'ip': ip.split(), 'ip6': ip6.split() }
                # assign NAT and VPN for all networks
-                ipsets[name] |= { 'nat': nat, 'vpn': vpn }
-            db.write('ipsets', ipsets)
+                sets[name] |= { 'nat': nat, 'vpn': vpn }
+            db.write('ipsets', sets)
            system.run(system.save_config)
            return flask.redirect(flask.url_for('ipsets.index'))

-        # read network data from NetBox and merge in custom definitions
-        ipsets = db.read('networks')
-        for name, data in db.read('ipsets').items():
-            # keep static IPs if there are any, otherwise set custom flag for this set
-            ipsets[name] = data | ipsets.get(name, {'custom': True})
-
-        return flask.render_template('ipsets/index.html', ipsets=ipsets)
+        return flask.render_template('ipsets/index.html', ipsets=read())