X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPVE%2FAPI2%2FFirewall%2FAliases.pm;h=6f421fbe271ff8c75e09fe5533f95b71bd94f0c3;hb=e313afe046bbd3f2b3176bedd0b7163f2b314e28;hp=a3a379455bdbf6f795853f7952a00d4441c0f9cf;hpb=cdc39d63b2361e30bab76c715123e88a6d9589b6;p=pve-firewall.git

diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm
index a3a3794..6f421fb 100644
--- a/src/PVE/API2/Firewall/Aliases.pm
+++ b/src/PVE/API2/Firewall/Aliases.pm
@@ -12,7 +12,7 @@ use base qw(PVE::RESTHandler);
 my $api_properties = { 
     cidr => {
 	description => "Network/IP specification in CIDR format.",
-	type => 'string', format => 'IPv4orCIDR',
+	type => 'string', format => 'IPorCIDR',
     },
     name => get_standard_option('pve-fw-alias'),
     rename => get_standard_option('pve-fw-alias', {
@@ -39,6 +39,12 @@ sub save_aliases {
     die "implement this in subclass";
 }
 
+sub rule_env {
+    my ($class, $param) = @_;
+    
+    die "implement this in subclass";
+}
+
 my $additional_param_hash = {};
 
 sub additional_parameters {
@@ -75,6 +81,7 @@ sub register_get_aliases {
 	path => '',
 	method => 'GET',
 	description => "List aliases",
+	permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
 	parameters => {
 	    additionalProperties => 0,
 	    properties => $properties,
@@ -120,6 +127,7 @@ sub register_create_alias {
 	path => '',
 	method => 'POST',
 	description => "Create IP or Network Alias.",
+	permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
 	protected => 1,
 	parameters => {
 	    additionalProperties => 0,
@@ -159,6 +167,7 @@ sub register_read_alias {
 	path => '{name}',
 	method => 'GET',
 	description => "Read alias.",
+	permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
 	parameters => {
 	    additionalProperties => 0,
 	    properties => $properties,
@@ -194,6 +203,7 @@ sub register_update_alias {
 	path => '{name}',
 	method => 'PUT',
 	description => "Update IP or Network alias.",
+	permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
 	protected => 1,
 	parameters => {
 	    additionalProperties => 0,
@@ -242,7 +252,6 @@ sub register_delete_alias {
     my $properties = $class->additional_parameters();
 
     $properties->{name} = $api_properties->{name};
-    $properties->{cidr} = $api_properties->{cidr};
     $properties->{digest} = get_standard_option('pve-config-digest');
 
     $class->register_method({
@@ -250,6 +259,7 @@ sub register_delete_alias {
 	path => '{name}',
 	method => 'DELETE',
 	description => "Remove IP or Network alias.",
+	permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
 	protected => 1,
 	parameters => {
 	    additionalProperties => 0,
@@ -291,6 +301,12 @@ use warnings;
 
 use base qw(PVE::API2::Firewall::AliasesBase);
 
+sub rule_env {
+    my ($class, $param) = @_;
+    
+    return 'cluster';
+}
+
 sub load_config {
     my ($class, $param) = @_;
 
@@ -309,4 +325,80 @@ sub save_aliases {
 
 __PACKAGE__->register_handlers();
 
+package PVE::API2::Firewall::VMAliases;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::AliasesBase);
+
+sub rule_env {
+    my ($class, $param) = @_;
+    
+    return 'vm';
+}
+
+__PACKAGE__->additional_parameters({ 
+    node => get_standard_option('pve-node'),
+    vmid => get_standard_option('pve-vmid'),				   
+});
+
+sub load_config {
+    my ($class, $param) = @_;
+
+    my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+    my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'vm', $param->{vmid});
+    my $aliases = $fw_conf->{aliases};
+
+    return ($fw_conf, $aliases);
+}
+
+sub save_aliases {
+    my ($class, $param, $fw_conf, $aliases) = @_;
+
+    $fw_conf->{aliases} = $aliases;
+    PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
+package PVE::API2::Firewall::CTAliases;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::AliasesBase);
+
+sub rule_env {
+    my ($class, $param) = @_;
+    
+    return 'ct';
+}
+
+__PACKAGE__->additional_parameters({ 
+    node => get_standard_option('pve-node'),
+    vmid => get_standard_option('pve-vmid'),				   
+});
+
+sub load_config {
+    my ($class, $param) = @_;
+
+    my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+    my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'ct', $param->{vmid});
+    my $aliases = $fw_conf->{aliases};
+
+    return ($fw_conf, $aliases);
+}
+
+sub save_aliases {
+    my ($class, $param, $fw_conf, $aliases) = @_;
+
+    $fw_conf->{aliases} = $aliases;
+    PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
 1;