]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Aliases.pm
1 package PVE
::API2
::Firewall
::AliasesBase
;
5 use PVE
::Exception
qw(raise raise_param_exc);
6 use PVE
::JSONSchema
qw(get_standard_option);
10 use base
qw(PVE::RESTHandler);
12 my $api_properties = {
14 description
=> "Network/IP specification in CIDR format.",
15 type
=> 'string', format
=> 'IPorCIDR',
17 name
=> get_standard_option
('pve-fw-alias'),
18 rename => get_standard_option
('pve-fw-alias', {
19 description
=> "Rename an existing alias.",
29 my ($class, $param, $code) = @_;
31 die "implement this in subclass";
35 my ($class, $param) = @_;
37 die "implement this in subclass";
39 #return ($fw_conf, $rules);
43 my ($class, $param, $fw_conf, $aliases) = @_;
45 die "implement this in subclass";
49 my ($class, $param) = @_;
51 die "implement this in subclass";
54 my $additional_param_hash = {};
56 sub additional_parameters
{
57 my ($class, $new_value) = @_;
59 if (defined($new_value)) {
60 $additional_param_hash->{$class} = $new_value;
65 my $org = $additional_param_hash->{$class} || {};
66 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
70 my $aliases_to_list = sub {
74 foreach my $k (sort keys %$aliases) {
75 push @$list, $aliases->{$k};
80 sub register_get_aliases
{
83 my $properties = $class->additional_parameters();
85 $class->register_method({
86 name
=> 'get_aliases',
89 description
=> "List aliases",
90 permissions
=> PVE
::Firewall
::rules_audit_permissions
($class->rule_env()),
92 additionalProperties
=> 0,
93 properties
=> $properties,
100 name
=> { type
=> 'string' },
101 cidr
=> { type
=> 'string' },
106 digest
=> get_standard_option
('pve-config-digest', { optional
=> 0} ),
109 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
114 my ($fw_conf, $aliases) = $class->load_config($param);
116 my $list = &$aliases_to_list($aliases);
118 return PVE
::Firewall
::copy_list_with_digest
($list);
122 sub register_create_alias
{
125 my $properties = $class->additional_parameters();
127 $properties->{name
} = $api_properties->{name
};
128 $properties->{cidr
} = $api_properties->{cidr
};
129 $properties->{comment
} = $api_properties->{comment
};
131 $class->register_method({
132 name
=> 'create_alias',
135 description
=> "Create IP or Network Alias.",
136 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
139 additionalProperties
=> 0,
140 properties
=> $properties,
142 returns
=> { type
=> "null" },
146 $class->lock_config($param, sub {
149 my ($fw_conf, $aliases) = $class->load_config($param);
151 my $name = lc($param->{name
});
153 raise_param_exc
({ name
=> "alias '$param->{name}' already exists" })
154 if defined($aliases->{$name});
156 my $data = { name
=> $param->{name
}, cidr
=> $param->{cidr
} };
157 $data->{comment
} = $param->{comment
} if $param->{comment
};
159 $aliases->{$name} = $data;
161 $class->save_aliases($param, $fw_conf, $aliases);
168 sub register_read_alias
{
171 my $properties = $class->additional_parameters();
173 $properties->{name
} = $api_properties->{name
};
175 $class->register_method({
176 name
=> 'read_alias',
179 description
=> "Read alias.",
180 permissions
=> PVE
::Firewall
::rules_audit_permissions
($class->rule_env()),
182 additionalProperties
=> 0,
183 properties
=> $properties,
185 returns
=> { type
=> "object" },
189 my ($fw_conf, $aliases) = $class->load_config($param);
191 my $name = lc($param->{name
});
193 raise_param_exc
({ name
=> "no such alias" })
194 if !defined($aliases->{$name});
196 return $aliases->{$name};
200 sub register_update_alias
{
203 my $properties = $class->additional_parameters();
205 $properties->{name
} = $api_properties->{name
};
206 $properties->{rename} = $api_properties->{rename};
207 $properties->{cidr
} = $api_properties->{cidr
};
208 $properties->{comment
} = $api_properties->{comment
};
209 $properties->{digest
} = get_standard_option
('pve-config-digest');
211 $class->register_method({
212 name
=> 'update_alias',
215 description
=> "Update IP or Network alias.",
216 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
219 additionalProperties
=> 0,
220 properties
=> $properties,
222 returns
=> { type
=> "null" },
226 $class->lock_config($param, sub {
229 my ($fw_conf, $aliases) = $class->load_config($param);
231 my $list = &$aliases_to_list($aliases);
233 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($list);
235 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
237 my $name = lc($param->{name
});
239 raise_param_exc
({ name
=> "no such alias" }) if !$aliases->{$name};
241 my $data = { name
=> $param->{name
}, cidr
=> $param->{cidr
} };
242 $data->{comment
} = $param->{comment
} if $param->{comment
};
244 $aliases->{$name} = $data;
246 my $rename = $param->{rename};
247 $rename = lc($rename) if $rename;
249 if ($rename && ($name ne $rename)) {
250 raise_param_exc
({ name
=> "alias '$param->{rename}' already exists" })
251 if defined($aliases->{$rename});
252 $aliases->{$name}->{name
} = $param->{rename};
253 $aliases->{$rename} = $aliases->{$name};
254 delete $aliases->{$name};
257 $class->save_aliases($param, $fw_conf, $aliases);
264 sub register_delete_alias
{
267 my $properties = $class->additional_parameters();
269 $properties->{name
} = $api_properties->{name
};
270 $properties->{digest
} = get_standard_option
('pve-config-digest');
272 $class->register_method({
273 name
=> 'remove_alias',
276 description
=> "Remove IP or Network alias.",
277 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
280 additionalProperties
=> 0,
281 properties
=> $properties,
283 returns
=> { type
=> "null" },
287 $class->lock_config($param, sub {
290 my ($fw_conf, $aliases) = $class->load_config($param);
292 my $list = &$aliases_to_list($aliases);
293 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($list);
294 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
296 my $name = lc($param->{name
});
297 delete $aliases->{$name};
299 $class->save_aliases($param, $fw_conf, $aliases);
306 sub register_handlers
{
309 $class->register_get_aliases();
310 $class->register_create_alias();
311 $class->register_read_alias();
312 $class->register_update_alias();
313 $class->register_delete_alias();
316 package PVE
::API2
::Firewall
::ClusterAliases
;
321 use base
qw(PVE::API2::Firewall::AliasesBase);
324 my ($class, $param) = @_;
330 my ($class, $param, $code) = @_;
332 PVE
::Firewall
::lock_clusterfw_conf
(10, $code, $param);
336 my ($class, $param) = @_;
338 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
339 my $aliases = $fw_conf->{aliases
};
341 return ($fw_conf, $aliases);
345 my ($class, $param, $fw_conf, $aliases) = @_;
347 $fw_conf->{aliases
} = $aliases;
348 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
351 __PACKAGE__-
>register_handlers();
353 package PVE
::API2
::Firewall
::VMAliases
;
357 use PVE
::JSONSchema
qw(get_standard_option);
359 use base
qw(PVE::API2::Firewall::AliasesBase);
362 my ($class, $param) = @_;
367 __PACKAGE__-
>additional_parameters({
368 node
=> get_standard_option
('pve-node'),
369 vmid
=> get_standard_option
('pve-vmid'),
373 my ($class, $param, $code) = @_;
375 PVE
::Firewall
::lock_vmfw_conf
($param->{vmid
}, 10, $code, $param);
379 my ($class, $param) = @_;
381 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
382 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'vm', $param->{vmid
});
383 my $aliases = $fw_conf->{aliases
};
385 return ($fw_conf, $aliases);
389 my ($class, $param, $fw_conf, $aliases) = @_;
391 $fw_conf->{aliases
} = $aliases;
392 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
395 __PACKAGE__-
>register_handlers();
397 package PVE
::API2
::Firewall
::CTAliases
;
401 use PVE
::JSONSchema
qw(get_standard_option);
403 use base
qw(PVE::API2::Firewall::AliasesBase);
406 my ($class, $param) = @_;
411 __PACKAGE__-
>additional_parameters({
412 node
=> get_standard_option
('pve-node'),
413 vmid
=> get_standard_option
('pve-vmid'),
417 my ($class, $param, $code) = @_;
419 PVE
::Firewall
::lock_vmfw_conf
($param->{vmid
}, 10, $code, $param);
423 my ($class, $param) = @_;
425 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
426 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'ct', $param->{vmid
});
427 my $aliases = $fw_conf->{aliases
};
429 return ($fw_conf, $aliases);
433 my ($class, $param, $fw_conf, $aliases) = @_;
435 $fw_conf->{aliases
} = $aliases;
436 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
439 __PACKAGE__-
>register_handlers();