]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Aliases.pm
1 package PVE
::API2
::Firewall
::AliasesBase
;
5 use PVE
::Exception
qw(raise raise_param_exc);
6 use PVE
::JSONSchema
qw(get_standard_option);
10 use base
qw(PVE::RESTHandler);
12 my $api_properties = {
14 description
=> "Network/IP specification in CIDR format.",
15 type
=> 'string', format
=> 'IPorCIDR',
17 name
=> get_standard_option
('pve-fw-alias'),
18 rename => get_standard_option
('pve-fw-alias', {
19 description
=> "Rename an existing alias.",
29 my ($class, $param) = @_;
31 die "implement this in subclass";
33 #return ($fw_conf, $rules);
37 my ($class, $param, $fw_conf, $aliases) = @_;
39 die "implement this in subclass";
43 my ($class, $param) = @_;
45 die "implement this in subclass";
48 my $additional_param_hash = {};
50 sub additional_parameters
{
51 my ($class, $new_value) = @_;
53 if (defined($new_value)) {
54 $additional_param_hash->{$class} = $new_value;
59 my $org = $additional_param_hash->{$class} || {};
60 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
64 my $aliases_to_list = sub {
68 foreach my $k (sort keys %$aliases) {
69 push @$list, $aliases->{$k};
74 sub register_get_aliases
{
77 my $properties = $class->additional_parameters();
79 $class->register_method({
80 name
=> 'get_aliases',
83 description
=> "List aliases",
84 permissions
=> PVE
::Firewall
::rules_audit_permissions
($class->rule_env()),
86 additionalProperties
=> 0,
87 properties
=> $properties,
94 name
=> { type
=> 'string' },
95 cidr
=> { type
=> 'string' },
100 digest
=> get_standard_option
('pve-config-digest', { optional
=> 0} ),
103 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
108 my ($fw_conf, $aliases) = $class->load_config($param);
110 my $list = &$aliases_to_list($aliases);
112 return PVE
::Firewall
::copy_list_with_digest
($list);
116 sub register_create_alias
{
119 my $properties = $class->additional_parameters();
121 $properties->{name
} = $api_properties->{name
};
122 $properties->{cidr
} = $api_properties->{cidr
};
123 $properties->{comment
} = $api_properties->{comment
};
125 $class->register_method({
126 name
=> 'create_alias',
129 description
=> "Create IP or Network Alias.",
130 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
133 additionalProperties
=> 0,
134 properties
=> $properties,
136 returns
=> { type
=> "null" },
140 my ($fw_conf, $aliases) = $class->load_config($param);
142 my $name = lc($param->{name
});
144 raise_param_exc
({ name
=> "alias '$param->{name}' already exists" })
145 if defined($aliases->{$name});
147 my $data = { name
=> $param->{name
}, cidr
=> $param->{cidr
} };
148 $data->{comment
} = $param->{comment
} if $param->{comment
};
150 $aliases->{$name} = $data;
152 $class->save_aliases($param, $fw_conf, $aliases);
158 sub register_read_alias
{
161 my $properties = $class->additional_parameters();
163 $properties->{name
} = $api_properties->{name
};
165 $class->register_method({
166 name
=> 'read_alias',
169 description
=> "Read alias.",
170 permissions
=> PVE
::Firewall
::rules_audit_permissions
($class->rule_env()),
172 additionalProperties
=> 0,
173 properties
=> $properties,
175 returns
=> { type
=> "object" },
179 my ($fw_conf, $aliases) = $class->load_config($param);
181 my $name = lc($param->{name
});
183 raise_param_exc
({ name
=> "no such alias" })
184 if !defined($aliases->{$name});
186 return $aliases->{$name};
190 sub register_update_alias
{
193 my $properties = $class->additional_parameters();
195 $properties->{name
} = $api_properties->{name
};
196 $properties->{rename} = $api_properties->{rename};
197 $properties->{cidr
} = $api_properties->{cidr
};
198 $properties->{comment
} = $api_properties->{comment
};
199 $properties->{digest
} = get_standard_option
('pve-config-digest');
201 $class->register_method({
202 name
=> 'update_alias',
205 description
=> "Update IP or Network alias.",
206 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
209 additionalProperties
=> 0,
210 properties
=> $properties,
212 returns
=> { type
=> "null" },
216 my ($fw_conf, $aliases) = $class->load_config($param);
218 my $list = &$aliases_to_list($aliases);
220 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($list);
222 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
224 my $name = lc($param->{name
});
226 raise_param_exc
({ name
=> "no such alias" }) if !$aliases->{$name};
228 my $data = { name
=> $param->{name
}, cidr
=> $param->{cidr
} };
229 $data->{comment
} = $param->{comment
} if $param->{comment
};
231 $aliases->{$name} = $data;
233 my $rename = $param->{rename};
234 $rename = lc($rename) if $rename;
236 if ($rename && ($name ne $rename)) {
237 raise_param_exc
({ name
=> "alias '$param->{rename}' already exists" })
238 if defined($aliases->{$rename});
239 $aliases->{$name}->{name
} = $param->{rename};
240 $aliases->{$rename} = $aliases->{$name};
241 delete $aliases->{$name};
244 $class->save_aliases($param, $fw_conf, $aliases);
250 sub register_delete_alias
{
253 my $properties = $class->additional_parameters();
255 $properties->{name
} = $api_properties->{name
};
256 $properties->{digest
} = get_standard_option
('pve-config-digest');
258 $class->register_method({
259 name
=> 'remove_alias',
262 description
=> "Remove IP or Network alias.",
263 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
266 additionalProperties
=> 0,
267 properties
=> $properties,
269 returns
=> { type
=> "null" },
273 my ($fw_conf, $aliases) = $class->load_config($param);
275 my $list = &$aliases_to_list($aliases);
276 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($list);
277 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
279 my $name = lc($param->{name
});
280 delete $aliases->{$name};
282 $class->save_aliases($param, $fw_conf, $aliases);
288 sub register_handlers
{
291 $class->register_get_aliases();
292 $class->register_create_alias();
293 $class->register_read_alias();
294 $class->register_update_alias();
295 $class->register_delete_alias();
298 package PVE
::API2
::Firewall
::ClusterAliases
;
303 use base
qw(PVE::API2::Firewall::AliasesBase);
306 my ($class, $param) = @_;
312 my ($class, $param) = @_;
314 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
315 my $aliases = $fw_conf->{aliases
};
317 return ($fw_conf, $aliases);
321 my ($class, $param, $fw_conf, $aliases) = @_;
323 $fw_conf->{aliases
} = $aliases;
324 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
327 __PACKAGE__-
>register_handlers();
329 package PVE
::API2
::Firewall
::VMAliases
;
333 use PVE
::JSONSchema
qw(get_standard_option);
335 use base
qw(PVE::API2::Firewall::AliasesBase);
338 my ($class, $param) = @_;
343 __PACKAGE__-
>additional_parameters({
344 node
=> get_standard_option
('pve-node'),
345 vmid
=> get_standard_option
('pve-vmid'),
349 my ($class, $param) = @_;
351 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
352 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'vm', $param->{vmid
});
353 my $aliases = $fw_conf->{aliases
};
355 return ($fw_conf, $aliases);
359 my ($class, $param, $fw_conf, $aliases) = @_;
361 $fw_conf->{aliases
} = $aliases;
362 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
365 __PACKAGE__-
>register_handlers();
367 package PVE
::API2
::Firewall
::CTAliases
;
371 use PVE
::JSONSchema
qw(get_standard_option);
373 use base
qw(PVE::API2::Firewall::AliasesBase);
376 my ($class, $param) = @_;
381 __PACKAGE__-
>additional_parameters({
382 node
=> get_standard_option
('pve-node'),
383 vmid
=> get_standard_option
('pve-vmid'),
387 my ($class, $param) = @_;
389 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
390 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'ct', $param->{vmid
});
391 my $aliases = $fw_conf->{aliases
};
393 return ($fw_conf, $aliases);
397 my ($class, $param, $fw_conf, $aliases) = @_;
399 $fw_conf->{aliases
} = $aliases;
400 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
403 __PACKAGE__-
>register_handlers();