package PVE::JSONSchema;
-use warnings;
use strict;
+use warnings;
use Storable; # for dclone
use Getopt::Long;
use Devel::Cycle -quiet; # todo: remove?
-use PVE::Tools qw(split_list);
+use PVE::Tools qw(split_list $IPV6RE $IPV4RE);
use PVE::Exception qw(raise);
use HTTP::Status qw(:constants);
+use Net::IP qw(:PROC);
use base 'Exporter';
minLength => 2, maxLength => 20,
});
+PVE::JSONSchema::register_standard_option('pve-storage-id', {
+ description => "The storage identifier.",
+ type => 'string', format => 'pve-storage-id',
+});
+
+PVE::JSONSchema::register_standard_option('pve-config-digest', {
+ description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
+ type => 'string',
+ optional => 1,
+ maxLength => 40, # sha1 hex digest lenght is 40
+});
+
my $format_list = {};
sub register_format {
if ($id !~ m/^[a-z][a-z0-9_]+$/i) {
return undef if $noerr;
- die "invalid cofiguration ID '$id'\n";
+ die "invalid configuration ID '$id'\n";
}
return $id;
}
+PVE::JSONSchema::register_format('pve-storage-id', \&parse_storage_id);
+sub parse_storage_id {
+ my ($storeid, $noerr) = @_;
+
+ if ($storeid !~ m/^[a-z][a-z0-9\-\_\.]*[a-z0-9]$/i) {
+ return undef if $noerr;
+ die "storage ID '$storeid' contains illegal characters\n";
+ }
+ return $storeid;
+}
+
+
register_format('pve-vmid', \&pve_verify_vmid);
sub pve_verify_vmid {
my ($vmid, $noerr) = @_;
sub pve_verify_node_name {
my ($node, $noerr) = @_;
- # todo: use better regex ?
- if ($node !~ m/^[A-Za-z][[:alnum:]\-]*[[:alnum:]]+$/) {
+ if ($node !~ m/^([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)$/) {
return undef if $noerr;
die "value does not look like a valid node name\n";
}
sub pve_verify_ipv4 {
my ($ipv4, $noerr) = @_;
- if ($ipv4 !~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ ||
- !(($1 > 0) && ($1 < 255) &&
- ($2 <= 255) && ($3 <= 255) &&
- ($4 > 0) && ($4 < 255))) {
- return undef if $noerr;
+ if (!Net::IP::ip_is_ipv4($ipv4)) {
+ return undef if $noerr;
die "value does not look like a valid IP address\n";
}
return $ipv4;
}
+
+my $ipv4_mask_hash = {
+ '128.0.0.0' => 1,
+ '192.0.0.0' => 2,
+ '224.0.0.0' => 3,
+ '240.0.0.0' => 4,
+ '248.0.0.0' => 5,
+ '252.0.0.0' => 6,
+ '254.0.0.0' => 7,
+ '255.0.0.0' => 8,
+ '255.128.0.0' => 9,
+ '255.192.0.0' => 10,
+ '255.224.0.0' => 11,
+ '255.240.0.0' => 12,
+ '255.248.0.0' => 13,
+ '255.252.0.0' => 14,
+ '255.254.0.0' => 15,
+ '255.255.0.0' => 16,
+ '255.255.128.0' => 17,
+ '255.255.192.0' => 18,
+ '255.255.224.0' => 19,
+ '255.255.240.0' => 20,
+ '255.255.248.0' => 21,
+ '255.255.252.0' => 22,
+ '255.255.254.0' => 23,
+ '255.255.255.0' => 24,
+ '255.255.255.128' => 25,
+ '255.255.255.192' => 26,
+ '255.255.255.224' => 27,
+ '255.255.255.240' => 28,
+ '255.255.255.248' => 29,
+ '255.255.255.252' => 30
+};
+
register_format('ipv4mask', \&pve_verify_ipv4mask);
sub pve_verify_ipv4mask {
my ($mask, $noerr) = @_;
- if ($mask !~ m/^255\.255\.(\d{1,3})\.(\d{1,3})$/ ||
- !(($1 <= 255) && ($2 <= 255))) {
+ if (!defined($ipv4_mask_hash->{$mask})) {
return undef if $noerr;
die "value does not look like a valid IP netmask\n";
}
return $mask;
}
+register_format('CIDR', \&pve_verify_cidr);
+sub pve_verify_cidr {
+ my ($cidr, $noerr) = @_;
+
+ if ($cidr =~ m!^(?:$IPV4RE)(?:/(\d+))$! && ($1 > 7) && ($1 < 32)) {
+ return $cidr;
+ } elsif ($cidr =~ m!^(?:$IPV6RE)(?:/(\d+))$! && ($1 > 7) && ($1 <= 120)) {
+ return $cidr;
+ }
+
+ return undef if $noerr;
+ die "value does not look like a valid CIDR network\n";
+}
+
register_format('email', \&pve_verify_email);
sub pve_verify_email {
my ($email, $noerr) = @_;
return $email;
}
+register_format('dns-name', \&pve_verify_dns_name);
+sub pve_verify_dns_name {
+ my ($name, $noerr) = @_;
+
+ my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)";
+
+ if ($name !~ /^(${namere}\.)*${namere}$/) {
+ return undef if $noerr;
+ die "value does not look like a valid DNS name\n";
+ }
+ return $name;
+}
+
# network interface name
register_format('pve-iface', \&pve_verify_iface);
sub pve_verify_iface {
return $id;
}
+register_standard_option('spice-proxy', {
+ description => "SPICE proxy server. This can be used by the client to specify the proxy server. All nodes in a cluster runs 'spiceproxy', so it is up to the client to choose one. By default, we return the node where the VM is currently running. As resonable setting is to use same node you use to connect to the API (This is window.location.hostname for the JS GUI).",
+ type => 'string', format => 'dns-name',
+});
+
+register_standard_option('remote-viewer-config', {
+ description => "Returned values can be directly passed to the 'remote-viewer' application.",
+ additionalProperties => 1,
+ properties => {
+ type => { type => 'string' },
+ password => { type => 'string' },
+ proxy => { type => 'string' },
+ host => { type => 'string' },
+ 'tls-port' => { type => 'integer' },
+ },
+});
+
sub check_format {
my ($format, $value) = @_;
optional => 1,
additionalProperties => 0,
properties => {
+ description => {
+ description => "Describe access permissions.",
+ optional => 1,
+ },
user => {
- description => "A simply way to allow access for 'all' users. The special value 'arg' allows access for the user specified in the 'username' parameter. This is useful to allow access to things owned by a user, like changing the user password. Value 'world' is used to allow access without credentials.",
+ description => "A simply way to allow access for 'all' authenticated users. Value 'world' is used to allow access without credentials.",
type => 'string',
- enum => ['all', 'arg', 'world'],
+ enum => ['all', 'world'],
optional => 1,
},
- path => { type => 'string', optional => 1, requires => 'privs' },
- privs => { type => 'array', optional => 1, requires => 'path' },
+ check => {
+ description => "Array of permission checks (prefix notation).",
+ type => 'array',
+ optional => 1
+ },
},
},
match_name => {
}
}
}
-
+
+ $opts = PVE::Tools::decode_utf8_parameters($opts);
+
foreach my $p (keys %$opts) {
if (my $pd = $schema->{properties}->{$p}) {
if ($pd->{type} eq 'boolean') {
projects / pve-common.git / blobdiff