my $api_properties = {
cidr => {
description => "Network/IP specification in CIDR format.",
- type => 'string', format => 'IPv4orCIDR',
+ type => 'string', format => 'IPorCIDR',
},
name => get_standard_option('pve-fw-alias'),
rename => get_standard_option('pve-fw-alias', {
die "implement this in subclass";
}
+sub rule_env {
+ my ($class, $param) = @_;
+
+ die "implement this in subclass";
+}
+
my $additional_param_hash = {};
sub additional_parameters {
path => '',
method => 'GET',
description => "List aliases",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
path => '',
method => 'POST',
description => "Create IP or Network Alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
path => '{name}',
method => 'GET',
description => "Read alias.",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
path => '{name}',
method => 'PUT',
description => "Update IP or Network alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
my $properties = $class->additional_parameters();
$properties->{name} = $api_properties->{name};
- $properties->{cidr} = $api_properties->{cidr};
$properties->{digest} = get_standard_option('pve-config-digest');
$class->register_method({
path => '{name}',
method => 'DELETE',
description => "Remove IP or Network alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
use base qw(PVE::API2::Firewall::AliasesBase);
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'cluster';
+}
+
sub load_config {
my ($class, $param) = @_;
__PACKAGE__->register_handlers();
+package PVE::API2::Firewall::VMAliases;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::AliasesBase);
+
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'vm';
+}
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'vm', $param->{vmid});
+ my $aliases = $fw_conf->{aliases};
+
+ return ($fw_conf, $aliases);
+}
+
+sub save_aliases {
+ my ($class, $param, $fw_conf, $aliases) = @_;
+
+ $fw_conf->{aliases} = $aliases;
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
+package PVE::API2::Firewall::CTAliases;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::AliasesBase);
+
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'ct';
+}
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'ct', $param->{vmid});
+ my $aliases = $fw_conf->{aliases};
+
+ return ($fw_conf, $aliases);
+}
+
+sub save_aliases {
+ my ($class, $param, $fw_conf, $aliases) = @_;
+
+ $fw_conf->{aliases} = $aliases;
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
1;