use base qw(PVE::RESTHandler);
-my $api_properties = {
+my $api_properties = {
cidr => {
description => "Network/IP specification in CIDR format.",
- type => 'string', format => 'IPv4orCIDR',
+ type => 'string', format => 'IPorCIDR',
},
name => get_standard_option('pve-fw-alias'),
+ rename => get_standard_option('pve-fw-alias', {
+ description => "Rename an existing alias.",
+ optional => 1,
+ }),
comment => {
type => 'string',
optional => 1,
- }
+ },
};
sub load_config {
die "implement this in subclass";
}
+sub rule_env {
+ my ($class, $param) = @_;
+
+ die "implement this in subclass";
+}
+
my $additional_param_hash = {};
sub additional_parameters {
path => '',
method => 'GET',
description => "List aliases",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
type => 'string',
optional => 1,
},
- digest => get_standard_option('pve-config-digest', { optional => 0} ),
+ digest => get_standard_option('pve-config-digest', { optional => 0} ),
},
},
links => [ { rel => 'child', href => "{name}" } ],
path => '',
method => 'POST',
description => "Create IP or Network Alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
my ($fw_conf, $aliases) = $class->load_config($param);
my $name = lc($param->{name});
-
- raise_param_exc({ name => "alias '$param->{name}' already exists" })
+
+ raise_param_exc({ name => "alias '$param->{name}' already exists" })
if defined($aliases->{$name});
-
+
my $data = { name => $param->{name}, cidr => $param->{cidr} };
$data->{comment} = $param->{comment} if $param->{comment};
my $properties = $class->additional_parameters();
$properties->{name} = $api_properties->{name};
- $properties->{cidr} = $api_properties->{cidr};
-
+
$class->register_method({
name => 'read_alias',
path => '{name}',
method => 'GET',
description => "Read alias.",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
my $properties = $class->additional_parameters();
$properties->{name} = $api_properties->{name};
+ $properties->{rename} = $api_properties->{rename};
$properties->{cidr} = $api_properties->{cidr};
$properties->{comment} = $api_properties->{comment};
$properties->{digest} = get_standard_option('pve-config-digest');
path => '{name}',
method => 'PUT',
description => "Update IP or Network alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
$aliases->{$name} = $data;
+ my $rename = $param->{rename};
+ $rename = lc($rename) if $rename;
+
+ if ($rename && ($name ne $rename)) {
+ raise_param_exc({ name => "alias '$param->{rename}' already exists" })
+ if defined($aliases->{$rename});
+ $aliases->{$name}->{name} = $param->{rename};
+ $aliases->{$rename} = $aliases->{$name};
+ delete $aliases->{$name};
+ }
+
$class->save_aliases($param, $fw_conf, $aliases);
+
+ return undef;
}});
}
my $properties = $class->additional_parameters();
$properties->{name} = $api_properties->{name};
- $properties->{cidr} = $api_properties->{cidr};
$properties->{digest} = get_standard_option('pve-config-digest');
$class->register_method({
path => '{name}',
method => 'DELETE',
description => "Remove IP or Network alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
delete $aliases->{$name};
$class->save_aliases($param, $fw_conf, $aliases);
-
+
return undef;
}});
}
use base qw(PVE::API2::Firewall::AliasesBase);
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'cluster';
+}
+
sub load_config {
my ($class, $param) = @_;
__PACKAGE__->register_handlers();
+package PVE::API2::Firewall::VMAliases;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::AliasesBase);
+
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'vm';
+}
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'vm', $param->{vmid});
+ my $aliases = $fw_conf->{aliases};
+
+ return ($fw_conf, $aliases);
+}
+
+sub save_aliases {
+ my ($class, $param, $fw_conf, $aliases) = @_;
+
+ $fw_conf->{aliases} = $aliases;
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
+package PVE::API2::Firewall::CTAliases;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::AliasesBase);
+
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'ct';
+}
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'ct', $param->{vmid});
+ my $aliases = $fw_conf->{aliases};
+
+ return ($fw_conf, $aliases);
+}
+
+sub save_aliases {
+ my ($class, $param, $fw_conf, $aliases) = @_;
+
+ $fw_conf->{aliases} = $aliases;
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
1;