use strict;
use warnings;
use PVE::JSONSchema qw(get_standard_option);
+use PVE::Exception qw(raise raise_param_exc);
use PVE::Firewall;
my $additional_param_hash = {};
+sub allow_groups {
+ return 1;
+}
+
sub additional_parameters {
my ($class, $new_value) = @_;
my ($fw_conf, $rules) = $class->load_config($param);
- my $digest = $fw_conf->{digest};
-
- my $res = [];
+ my ($list, $digest) = PVE::Firewall::copy_list_with_digest($rules);
my $ind = 0;
- foreach my $rule (@$rules) {
- push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++);
+ foreach my $rule (@$list) {
+ $rule->{pos} = $ind++;
}
- return $res;
+ return $list;
}});
}
my ($fw_conf, $rules) = $class->load_config($param);
- my $digest = $fw_conf->{digest};
- # fixme: check digest
+ my ($list, $digest) = PVE::Firewall::copy_list_with_digest($rules);
- die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
+ die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$list);
- my $rule = $rules->[$param->{pos}];
-
- return PVE::Firewall::cleanup_fw_rule($rule, $digest, $param->{pos});
+ my $rule = $list->[$param->{pos}];
+ $rule->{pos} = $param->{pos};
+
+ return $rule;
}});
}
my ($fw_conf, $rules) = $class->load_config($param);
- my $digest = $fw_conf->{digest};
-
my $rule = {};
PVE::Firewall::copy_rule_data($rule, $param);
+ PVE::Firewall::verify_rule($rule, $class->allow_groups());
$rule->{enable} = 0 if !defined($param->{enable});
optional => 1,
};
+ $properties->{delete} = {
+ type => 'string', format => 'pve-configid-list',
+ description => "A list of settings you want to delete.",
+ optional => 1,
+ };
+
my $update_rule_properties = PVE::Firewall::add_rule_properties($properties);
$class->register_method({
my ($fw_conf, $rules) = $class->load_config($param);
- my $digest = $fw_conf->{digest};
- # fixme: check digest
-
+ my (undef, $digest) = PVE::Firewall::copy_list_with_digest($rules);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
+
die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
my $rule = $rules->[$param->{pos}];
if !defined($param->{action});
PVE::Firewall::copy_rule_data($rule, $param);
+
+ PVE::Firewall::delete_rule_properties($rule, $param->{'delete'}) if $param->{'delete'};
+
+ PVE::Firewall::verify_rule($rule, $class->allow_groups());
}
$class->save_rules($param, $fw_conf, $rules);
my $properties = $class->additional_parameters();
$properties->{pos} = $api_properties->{pos};
+
+ $properties->{digest} = get_standard_option('pve-config-digest');
$class->register_method({
name => 'delete_rule',
my ($fw_conf, $rules) = $class->load_config($param);
- my $digest = $fw_conf->{digest};
- # fixme: check digest
+ my (undef, $digest) = PVE::Firewall::copy_list_with_digest($rules);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
use strict;
use warnings;
+use PVE::JSONSchema qw(get_standard_option);
use base qw(PVE::API2::Firewall::RulesBase);
-__PACKAGE__->additional_parameters({ group => {
- description => "Security group name.",
- type => 'string',
- maxLength => 20, # fixme: what length?
-}});
+__PACKAGE__->additional_parameters({ group => get_standard_option('pve-security-group-name') });
+
+sub allow_groups {
+ return 0;
+}
sub load_config {
my ($class, $param) = @_;
projects / pve-firewall.git / blobdiff