prefix ipset chains with PVEFW-
[pve-firewall.git] / src / PVE / API2 / Firewall / Cluster.pm
CommitLineData
b4366f00
DM
1package PVE::API2::Firewall::Cluster;
2
3use strict;
4use warnings;
1df4ba7e 5use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
b4366f00
DM
6use PVE::JSONSchema qw(get_standard_option);
7
8use PVE::Firewall;
86791289 9use PVE::API2::Firewall::Rules;
b4366f00
DM
10use PVE::API2::Firewall::Groups;
11
1df4ba7e
DM
12#fixme: locking?
13
b4366f00
DM
14use Data::Dumper; # fixme: remove
15
16use base qw(PVE::RESTHandler);
17
18__PACKAGE__->register_method ({
19 subclass => "PVE::API2::Firewall::Groups",
20 path => 'groups',
21});
22
86791289
DM
23__PACKAGE__->register_method ({
24 subclass => "PVE::API2::Firewall::ClusterRules",
25 path => 'rules',
26});
27
b4366f00
DM
28__PACKAGE__->register_method({
29 name => 'index',
30 path => '',
31 method => 'GET',
32 permissions => { user => 'all' },
33 description => "Directory index.",
34 parameters => {
35 additionalProperties => 0,
36 },
37 returns => {
38 type => 'array',
39 items => {
40 type => "object",
41 properties => {},
42 },
43 links => [ { rel => 'child', href => "{name}" } ],
44 },
45 code => sub {
46 my ($param) = @_;
47
48 my $result = [
49 { name => 'rules' },
50 { name => 'options' },
51 { name => 'groups' },
52 { name => 'netgroups' },
53 ];
54
55 return $result;
56 }});
1df4ba7e
DM
57
58__PACKAGE__->register_method({
59 name => 'get_options',
60 path => 'options',
61 method => 'GET',
62 description => "Get Firewall options.",
63 parameters => {
64 additionalProperties => 0,
65 },
66 returns => {
67 type => "object",
68 #additionalProperties => 1,
69 properties => {
70 enable => {
71 type => 'boolean',
72 optional => 1,
73 },
74 },
75 },
76 code => sub {
77 my ($param) = @_;
78
79 my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
80
81 my $options = $cluster_conf->{options};
82
83 return $options;
84 }});
85
86my $option_properties = {
87 enable => {
88 type => 'boolean',
89 optional => 1,
90 },
91};
92
93my $add_option_properties = sub {
94 my ($properties) = @_;
95
96 foreach my $k (keys %$option_properties) {
97 $properties->{$k} = $option_properties->{$k};
98 }
99
100 return $properties;
101};
102
103__PACKAGE__->register_method({
104 name => 'set_options',
105 path => 'options',
106 method => 'PUT',
107 description => "Set Firewall options.",
68c90e21 108 protected => 1,
1df4ba7e
DM
109 parameters => {
110 additionalProperties => 0,
111 properties => &$add_option_properties({
112 delete => {
113 type => 'string', format => 'pve-configid-list',
114 description => "A list of settings you want to delete.",
115 optional => 1,
116 },
117 }),
118 },
119 returns => { type => "null" },
120 code => sub {
121 my ($param) = @_;
122
123 my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
124
125 if ($param->{delete}) {
126 foreach my $opt (PVE::Tools::split_list($param->{delete})) {
127 raise_param_exc({ delete => "no such option '$opt'" })
128 if !$option_properties->{$opt};
129 delete $cluster_conf->{options}->{$opt};
130 }
131 }
132
133 if (defined($param->{enable})) {
134 $cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0;
135 }
136
1df4ba7e
DM
137 PVE::Firewall::save_clusterfw_conf($cluster_conf);
138
139 return undef;
140 }});