description => "Network/IP specification in CIDR format.",
type => 'string', format => 'IPv4orCIDR',
},
- name => {
- description => "IP set name.",
- type => 'string',
- },
+ name => get_standard_option('ipset-name'),
comment => {
type => 'string',
optional => 1,
my ($class, $param) = @_;
die "implement this in subclass";
-
- #return ($fw_conf, $rules);
}
-sub save_rules {
+sub save_ipset {
my ($class, $param, $fw_conf, $rules) = @_;
die "implement this in subclass";
nomatch => {
type => 'boolean',
optional => 1,
- },
+ },
+ digest => get_standard_option('pve-config-digest', { optional => 0} ),
},
},
links => [ { rel => 'child', href => "{cidr}" } ],
my ($fw_conf, $ipset) = $class->load_config($param);
- return $ipset;
+ return PVE::Firewall::copy_list_with_digest($ipset);
}});
}
$properties->{cidr} = $api_properties->{cidr};
$properties->{nomatch} = $api_properties->{nomatch};
$properties->{comment} = $api_properties->{comment};
-
+
$class->register_method({
name => 'create_ip',
path => '',
my ($fw_conf, $ipset) = $class->load_config($param);
- foreach my $entry (@$ipset) {
- return $entry if $entry->{cidr} eq $param->{cidr};
+ my $list = PVE::Firewall::copy_list_with_digest($ipset);
+
+ foreach my $entry (@$list) {
+ if ($entry->{cidr} eq $param->{cidr}) {
+ return $entry;
+ }
}
raise_param_exc({ cidr => "no such IP/Network" });
$properties->{cidr} = $api_properties->{cidr};
$properties->{nomatch} = $api_properties->{nomatch};
$properties->{comment} = $api_properties->{comment};
-
+ $properties->{digest} = get_standard_option('pve-config-digest');
+
$class->register_method({
name => 'update_ip',
path => '{cidr}',
my ($fw_conf, $ipset) = $class->load_config($param);
+ my (undef, $digest) = PVE::Firewall::copy_list_with_digest($ipset);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
+ warn "TEST:$digest:$param->{digest}:\n";
+
foreach my $entry (@$ipset) {
if($entry->{cidr} eq $param->{cidr}) {
$entry->{nomatch} = $param->{nomatch};
$properties->{name} = $api_properties->{name};
$properties->{cidr} = $api_properties->{cidr};
-
+ $properties->{digest} = get_standard_option('pve-config-digest');
+
$class->register_method({
name => 'remove_ip',
path => '{cidr}',
my ($fw_conf, $ipset) = $class->load_config($param);
+ my (undef, $digest) = PVE::Firewall::copy_list_with_digest($ipset);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
+
my $new = [];
foreach my $entry (@$ipset) {
use strict;
use warnings;
-use PVE::Firewall;
+use PVE::JSONSchema qw(get_standard_option);
use PVE::Exception qw(raise_param_exc);
+use PVE::Firewall;
use base qw(PVE::RESTHandler);
+my $get_ipset_list = sub {
+ my ($fw_conf) = @_;
+
+ my $res = [];
+ foreach my $name (keys %{$fw_conf->{ipset}}) {
+ my $data = {
+ name => $name,
+ };
+ if (my $comment = $fw_conf->{ipset_comments}->{$name}) {
+ $data->{comment} = $comment;
+ }
+ push @$res, $data;
+ }
+
+ my ($list, $digest) = PVE::Firewall::copy_list_with_digest($res);
+
+ return wantarray ? ($list, $digest) : $list;
+};
+
sub register_index {
my ($class) = @_;
items => {
type => "object",
properties => {
- name => {
- description => "IPSet name.",
+ name => get_standard_option('ipset-name'),
+ digest => get_standard_option('pve-config-digest', { optional => 0} ),
+ comment => {
type => 'string',
- },
+ optional => 1,
+ }
},
},
links => [ { rel => 'child', href => "{name}" } ],
my $fw_conf = $class->load_config();
- my $res = [];
- foreach my $name (keys %{$fw_conf->{ipset}}) {
- push @$res, { name => $name, count => scalar(@{$fw_conf->{ipset}->{$name}}) };
- }
-
- return $res;
+ return &$get_ipset_list($fw_conf);
}});
}
parameters => {
additionalProperties => 0,
properties => {
- name => {
- # fixme: verify format
- description => "IP set name.",
- type => 'string',
- },
- rename => {
- description => "Rename an existing IPSet.",
+ name => get_standard_option('ipset-name'),
+ comment => {
type => 'string',
optional => 1,
},
+ rename => get_standard_option('ipset-name', {
+ description => "Rename an existing IPSet. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing IPSet.",
+ optional => 1,
+ }),
+ digest => get_standard_option('pve-config-digest'),
}
},
returns => { type => 'null' },
my $fw_conf = $class->load_config();
- foreach my $name (keys %{$fw_conf->{ipset}}) {
- raise_param_exc({ name => "IPSet '$name' already exists" })
- if $name eq $param->{name};
- }
-
if ($param->{rename}) {
+ my (undef, $digest) = &$get_ipset_list($fw_conf);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
+
raise_param_exc({ name => "IPSet '$param->{rename}' does not exists" })
if !$fw_conf->{ipset}->{$param->{rename}};
+
my $data = delete $fw_conf->{ipset}->{$param->{rename}};
$fw_conf->{ipset}->{$param->{name}} = $data;
- } else {
+ if (my $comment = delete $fw_conf->{ipset_comments}->{$param->{rename}}) {
+ $fw_conf->{ipset_comments}->{$param->{name}} = $comment;
+ }
+ $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ } else {
+ foreach my $name (keys %{$fw_conf->{ipset}}) {
+ raise_param_exc({ name => "IPSet '$name' already exists" })
+ if $name eq $param->{name};
+ }
+
$fw_conf->{ipset}->{$param->{name}} = [];
+ $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
}
$class->save_config($fw_conf);
parameters => {
additionalProperties => 0,
properties => {
- name => {
- # fixme: verify format
- description => "IP set name.",
- type => 'string',
- },
- }
+ name => get_standard_option('ipset-name'),
+ digest => get_standard_option('pve-config-digest'),
+ },
},
returns => { type => 'null' },
code => sub {
return undef if !$fw_conf->{ipset}->{$param->{name}};
+ my (undef, $digest) = &$get_ipset_list($fw_conf);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
+
die "IPSet '$param->{name}' is not empty\n"
if scalar(@{$fw_conf->{ipset}->{$param->{name}}});