Validate ports for Proxy devices

truenas · Sep 30, 2024 · e03876c · e03876c
1 parent fb5adb8
commit e03876c
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/src/middlewared/middlewared/plugins/virt/attachments.py b/src/middlewared/middlewared/plugins/virt/attachments.py
@@ -73,7 +73,7 @@ async def get_ports(self):
                 if device['dev_type'] != 'PROXY':
                     continue
                 instance_ports.append(('0.0.0.0', device['source_port']))
-                instance_ports.append(('[::]', device['source_port']))
+                instance_ports.append(('::', device['source_port']))
             if instance_ports:
                 ports.append({
                     'description': f'{instance["id"]!r} instance',

diff --git a/src/middlewared/middlewared/plugins/virt/instances.py b/src/middlewared/middlewared/plugins/virt/instances.py
@@ -138,6 +138,12 @@ async def do_create(self, job, data):
 
         verrors = ValidationErrors()
         await self.validate(data, 'virt_instance_create', verrors)
+
+        devices = {}
+        for i in (data['devices'] or []):
+            await self.__validate_device(i, 'virt_instance_create', verrors)
+            devices[i['name']] = await self.__device_to_incus(data['instance_type'], i)
+
         verrors.check()
 
         async def running_cb(data):
@@ -147,10 +153,6 @@ async def running_cb(data):
                 if 'create_instance_from_image_unpack_progress' in metadata:
                     job.set_progress(None, metadata['create_instance_from_image_unpack_progress'])
 
-        devices = {}
-        for i in (data['devices'] or []):
-            devices[i['name']] = await self.__device_to_incus(data['instance_type'], i)
-
         if data['remote'] in (None, 'LINUX_CONTAINERS'):
             url = LC_IMAGES_SERVER
         else:
@@ -382,6 +384,12 @@ async def __generate_device_name(self, device_names: List[str], device_type: str
             i += 1
         return name
 
+    async def __validate_device(self, device, schema, verrors: ValidationErrors):
+        match device['dev_type']:
+            case 'PROXY':
+                verror = await self.middleware.call('port.validate_port', schema, device['source_port'])
+                verrors.extend(verror)
+
     @api_method(VirtInstancesDeviceAddArgs, VirtInstancesDeviceAddResult, roles=['VIRT_INSTANCES_WRITE'])
     async def device_add(self, id, device):
         """
@@ -391,6 +399,11 @@ async def device_add(self, id, device):
         data = instance['raw']
         if device['name'] is None:
             device['name'] = await self.__generate_device_name(data['devices'].keys(), device['dev_type'])
+
+        verrors = ValidationErrors()
+        await self.__validate_device(device, 'virt_device_add', verrors)
+        verrors.check()
+
         data['devices'][device['name']] = await self.__device_to_incus(instance['type'], device)
         await incus_call_and_wait(f'1.0/instances/{id}', 'put', {'json': data})
         return True