Task 7 complete: move config operational orchestration from routers into service/task layer

2026-04-10 21:24:54 +02:00
parent 91e5792caf
commit 952469e667
5 changed files with 87 additions and 44 deletions
--- a/backend/app/routers/config.py
+++ b/backend/app/routers/config.py
@@ -113,14 +113,7 @@ from app.services.jail_config_service import (
    JailNameError,
    JailNotFoundInConfigError,
 )
-from app.tasks.health_check import _run_probe
 from app.utils.fail2ban_client import Fail2BanConnectionError
-from app.utils.runtime_state import (
-    clear_activation_record,
-    clear_pending_recovery,
-    create_pending_recovery,
-    record_activation,
-)

 log: structlog.stdlib.BoundLogger = structlog.get_logger()

@@ -714,7 +707,7 @@ async def activate_jail(
    req = body if body is not None else ActivateJailRequest()

    try:
-        result = await jail_config_service.activate_jail(config_dir, socket_path, name, req)
+        result = await jail_config_service.activate_jail(app, config_dir, socket_path, name, req)
    except JailNameError as exc:
        raise _bad_request(str(exc)) from exc
    except JailNotFoundInConfigError:
@@ -732,23 +725,6 @@ async def activate_jail(
    except Fail2BanConnectionError as exc:
        raise _bad_gateway(exc) from exc

-    # Record this activation so the health-check task can attribute a
-    # subsequent fail2ban crash to it.
-    activation_time = record_activation(app, name)
-
-    # If fail2ban stopped responding after the reload, create a pending-recovery
-    # record immediately (before the background health task notices).
-    if not result.fail2ban_running:
-        create_pending_recovery(
-            app,
-            jail_name=name,
-            activated_at=activation_time,
-        )
-
-    # Force an immediate health probe so the cached status reflects the current
-    # fail2ban state without waiting for the next scheduled check.
-    await _run_probe(app)
-
    return result


@@ -785,7 +761,7 @@ async def deactivate_jail(
    """

    try:
-        result = await jail_config_service.deactivate_jail(config_dir, socket_path, name)
+        result = await jail_config_service.deactivate_jail(app, config_dir, socket_path, name)
    except JailNameError as exc:
        raise _bad_request(str(exc)) from exc
    except JailNotFoundInConfigError:
@@ -803,11 +779,6 @@ async def deactivate_jail(
    except Fail2BanConnectionError as exc:
        raise _bad_gateway(exc) from exc

-    # Force an immediate health probe so the cached status reflects the current
-    # fail2ban state (reload changes the active-jail count) without waiting for
-    # the next scheduled background check (up to 30 seconds).
-    await _run_probe(app)
-
    return result


@@ -963,7 +934,7 @@ async def rollback_jail(
    start_cmd_parts: list[str] = start_cmd.split()

    try:
-        result = await jail_config_service.rollback_jail(config_dir, socket_path, name, start_cmd_parts)
+        result = await jail_config_service.rollback_jail(app, config_dir, socket_path, name, start_cmd_parts)
    except JailNameError as exc:
        raise _bad_request(str(exc)) from exc
    except ConfigWriteError as exc:
@@ -972,11 +943,6 @@ async def rollback_jail(
            detail=f"Failed to write config override: {exc}",
        ) from exc

-    # Clear pending recovery if fail2ban came back online.
-    if result.fail2ban_running:
-        clear_pending_recovery(app)
-        clear_activation_record(app)
-
    return result