]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Aliases.pm
1 package PVE
::API2
::Firewall
::AliasesBase
;
5 use PVE
::Exception
qw(raise raise_param_exc);
6 use PVE
::JSONSchema
qw(get_standard_option);
10 use base
qw(PVE::RESTHandler);
12 my $api_properties = {
14 description
=> "Network/IP specification in CIDR format.",
15 type
=> 'string', format
=> 'IPorCIDR',
17 name
=> get_standard_option
('pve-fw-alias'),
18 rename => get_standard_option
('pve-fw-alias', {
19 description
=> "Rename an existing alias.",
29 my ($class, $param) = @_;
31 die "implement this in subclass";
33 #return ($fw_conf, $rules);
37 my ($class, $param, $fw_conf, $aliases) = @_;
39 die "implement this in subclass";
43 my ($class, $param) = @_;
45 die "implement this in subclass";
48 my $additional_param_hash = {};
50 sub additional_parameters
{
51 my ($class, $new_value) = @_;
53 if (defined($new_value)) {
54 $additional_param_hash->{$class} = $new_value;
59 my $org = $additional_param_hash->{$class} || {};
60 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
64 my $aliases_to_list = sub {
68 foreach my $k (sort keys %$aliases) {
69 push @$list, $aliases->{$k};
74 sub register_get_aliases
{
77 my $properties = $class->additional_parameters();
79 $class->register_method({
80 name
=> 'get_aliases',
83 description
=> "List aliases",
84 permissions
=> PVE
::Firewall
::rules_audit_permissions
($class->rule_env()),
86 additionalProperties
=> 0,
87 properties
=> $properties,
94 name
=> { type
=> 'string' },
95 cidr
=> { type
=> 'string' },
100 digest
=> get_standard_option
('pve-config-digest', { optional
=> 0} ),
103 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
108 my ($fw_conf, $aliases) = $class->load_config($param);
110 my $list = &$aliases_to_list($aliases);
112 return PVE
::Firewall
::copy_list_with_digest
($list);
116 sub register_create_alias
{
119 my $properties = $class->additional_parameters();
121 $properties->{name
} = $api_properties->{name
};
122 $properties->{cidr
} = $api_properties->{cidr
};
123 $properties->{comment
} = $api_properties->{comment
};
125 $class->register_method({
126 name
=> 'create_alias',
129 description
=> "Create IP or Network Alias.",
130 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
133 additionalProperties
=> 0,
134 properties
=> $properties,
136 returns
=> { type
=> "null" },
140 my ($fw_conf, $aliases) = $class->load_config($param);
142 my $name = lc($param->{name
});
144 raise_param_exc
({ name
=> "alias '$param->{name}' already exists" })
145 if defined($aliases->{$name});
147 my $data = { name
=> $param->{name
}, cidr
=> $param->{cidr
} };
148 $data->{comment
} = $param->{comment
} if $param->{comment
};
150 $aliases->{$name} = $data;
152 $class->save_aliases($param, $fw_conf, $aliases);
158 sub register_read_alias
{
161 my $properties = $class->additional_parameters();
163 $properties->{name
} = $api_properties->{name
};
165 $class->register_method({
166 name
=> 'read_alias',
169 description
=> "Read alias.",
170 permissions
=> PVE
::Firewall
::rules_audit_permissions
($class->rule_env()),
172 additionalProperties
=> 0,
173 properties
=> $properties,
175 returns
=> { type
=> "object" },
179 my ($fw_conf, $aliases) = $class->load_config($param);
181 my $name = lc($param->{name
});
183 raise_param_exc
({ name
=> "no such alias" })
184 if !defined($aliases->{$name});
186 return $aliases->{$name};
190 sub register_update_alias
{
193 my $properties = $class->additional_parameters();
195 $properties->{name
} = $api_properties->{name
};
196 $properties->{rename} = $api_properties->{rename};
197 $properties->{cidr
} = $api_properties->{cidr
};
198 $properties->{comment
} = $api_properties->{comment
};
199 $properties->{digest
} = get_standard_option
('pve-config-digest');
201 $class->register_method({
202 name
=> 'update_alias',
205 description
=> "Update IP or Network alias.",
206 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
209 additionalProperties
=> 0,
210 properties
=> $properties,
212 returns
=> { type
=> "null" },
216 my ($fw_conf, $aliases) = $class->load_config($param);
218 my $list = &$aliases_to_list($aliases);
220 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($list);
222 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
224 my $name = lc($param->{name
});
226 raise_param_exc
({ name
=> "no such alias" }) if !$aliases->{$name};
228 my $data = { name
=> $param->{name
}, cidr
=> $param->{cidr
} };
229 $data->{comment
} = $param->{comment
} if $param->{comment
};
231 $aliases->{$name} = $data;
233 my $rename = lc($param->{rename});
235 if ($rename && ($name ne $rename)) {
236 raise_param_exc
({ name
=> "alias '$param->{rename}' already exists" })
237 if defined($aliases->{$rename});
238 $aliases->{$name}->{name
} = $param->{rename};
239 $aliases->{$rename} = $aliases->{$name};
240 delete $aliases->{$name};
243 $class->save_aliases($param, $fw_conf, $aliases);
249 sub register_delete_alias
{
252 my $properties = $class->additional_parameters();
254 $properties->{name
} = $api_properties->{name
};
255 $properties->{digest
} = get_standard_option
('pve-config-digest');
257 $class->register_method({
258 name
=> 'remove_alias',
261 description
=> "Remove IP or Network alias.",
262 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
265 additionalProperties
=> 0,
266 properties
=> $properties,
268 returns
=> { type
=> "null" },
272 my ($fw_conf, $aliases) = $class->load_config($param);
274 my $list = &$aliases_to_list($aliases);
275 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($list);
276 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
278 my $name = lc($param->{name
});
279 delete $aliases->{$name};
281 $class->save_aliases($param, $fw_conf, $aliases);
287 sub register_handlers
{
290 $class->register_get_aliases();
291 $class->register_create_alias();
292 $class->register_read_alias();
293 $class->register_update_alias();
294 $class->register_delete_alias();
297 package PVE
::API2
::Firewall
::ClusterAliases
;
302 use base
qw(PVE::API2::Firewall::AliasesBase);
305 my ($class, $param) = @_;
311 my ($class, $param) = @_;
313 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
314 my $aliases = $fw_conf->{aliases
};
316 return ($fw_conf, $aliases);
320 my ($class, $param, $fw_conf, $aliases) = @_;
322 $fw_conf->{aliases
} = $aliases;
323 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
326 __PACKAGE__-
>register_handlers();
328 package PVE
::API2
::Firewall
::VMAliases
;
332 use PVE
::JSONSchema
qw(get_standard_option);
334 use base
qw(PVE::API2::Firewall::AliasesBase);
337 my ($class, $param) = @_;
342 __PACKAGE__-
>additional_parameters({
343 node
=> get_standard_option
('pve-node'),
344 vmid
=> get_standard_option
('pve-vmid'),
348 my ($class, $param) = @_;
350 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
351 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'vm', $param->{vmid
});
352 my $aliases = $fw_conf->{aliases
};
354 return ($fw_conf, $aliases);
358 my ($class, $param, $fw_conf, $aliases) = @_;
360 $fw_conf->{aliases
} = $aliases;
361 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
364 __PACKAGE__-
>register_handlers();
366 package PVE
::API2
::Firewall
::CTAliases
;
370 use PVE
::JSONSchema
qw(get_standard_option);
372 use base
qw(PVE::API2::Firewall::AliasesBase);
375 my ($class, $param) = @_;
380 __PACKAGE__-
>additional_parameters({
381 node
=> get_standard_option
('pve-node'),
382 vmid
=> get_standard_option
('pve-vmid'),
386 my ($class, $param) = @_;
388 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
389 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'ct', $param->{vmid
});
390 my $aliases = $fw_conf->{aliases
};
392 return ($fw_conf, $aliases);
396 my ($class, $param, $fw_conf, $aliases) = @_;
398 $fw_conf->{aliases
} = $aliases;
399 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
402 __PACKAGE__-
>register_handlers();