type => 'array',
items => {
type => "object",
- properties => {},
+ properties => {
+ name => {
+ description => "Security group name.",
+ type => 'string',
+ },
+ },
},
links => [ { rel => 'child', href => "{name}" } ],
},
my $res = [];
foreach my $group (keys %{$groups_conf->{rules}}) {
- push @$res, { name => $group };
+ push @$res, { name => $group, count => scalar(@{$groups_conf->{rules}->{$group}}) };
+ }
+
+ return $res;
+ }});
+
+__PACKAGE__->register_method({
+ name => 'get_rules',
+ path => '{group}',
+ method => 'GET',
+ description => "List security groups rules.",
+ proxyto => 'node',
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ group => {
+ description => "Security group name.",
+ type => 'string',
+ },
+ },
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => "object",
+ properties => {},
+ },
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $groups_conf = PVE::Firewall::load_security_groups();
+
+ my $rules = $groups_conf->{rules}->{$param->{group}};
+ die "no such security group\n" if !defined($rules);
+
+ my $digest = $groups_conf->{digest};
+
+ my $res = [];
+
+ my $ind = 0;
+ foreach my $rule (@$rules) {
+ push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++);
}
return $res;
return ($nbports);
}
+# helper function for API
+sub cleanup_fw_rule {
+ my ($rule, $digest, $pos) = @_;
+
+ my $r = {};
+
+ foreach my $k (keys %$rule) {
+ next if $k eq 'nbdport';
+ next if $k eq 'nbsport';
+ my $v = $rule->{$k};
+ next if !defined($v);
+ $r->{$k} = $v;
+ $r->{digest} = $digest;
+ $r->{pos} = $pos;
+ }
+
+ return $r;
+}
+
my $bridge_firewall_enabled = 0;
sub enable_bridge_firewall {
my $res = { rules => {} };
+ my $digest = Digest::SHA->new('sha1');
+
while (defined(my $line = <$fh>)) {
+ $digest->add($line);
+
next if $line =~ m/^#/;
next if $line =~ m/^\s*$/;
push @{$res->{$section}->{$group}}, @$rules;
}
+ $res->{digest} = $digest->b64digest;
+
return $res;
}
my $res = shift;
print Dumper($res);
}],
+ grouprules => [ 'PVE::API2::Firewall::Groups', 'get_rules', ['group'],
+ { node => $nodename }, sub {
+ my $res = shift;
+ print Dumper($res);
+ }],
};
my $cmd = shift;