]>
Commit | Line | Data |
---|---|---|
b4366f00 DM |
1 | package PVE::API2::Firewall::Cluster; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
1df4ba7e | 5 | use PVE::Exception qw(raise raise_param_exc raise_perm_exc); |
b4366f00 DM |
6 | use PVE::JSONSchema qw(get_standard_option); |
7 | ||
8 | use PVE::Firewall; | |
86791289 | 9 | use PVE::API2::Firewall::Rules; |
b4366f00 | 10 | use PVE::API2::Firewall::Groups; |
009ee3ac | 11 | use PVE::API2::Firewall::IPSet; |
b4366f00 | 12 | |
1df4ba7e DM |
13 | #fixme: locking? |
14 | ||
b4366f00 DM |
15 | use Data::Dumper; # fixme: remove |
16 | ||
17 | use base qw(PVE::RESTHandler); | |
18 | ||
19 | __PACKAGE__->register_method ({ | |
20 | subclass => "PVE::API2::Firewall::Groups", | |
21 | path => 'groups', | |
22 | }); | |
23 | ||
86791289 DM |
24 | __PACKAGE__->register_method ({ |
25 | subclass => "PVE::API2::Firewall::ClusterRules", | |
26 | path => 'rules', | |
27 | }); | |
28 | ||
b4366f00 DM |
29 | __PACKAGE__->register_method({ |
30 | name => 'index', | |
31 | path => '', | |
32 | method => 'GET', | |
33 | permissions => { user => 'all' }, | |
34 | description => "Directory index.", | |
35 | parameters => { | |
36 | additionalProperties => 0, | |
37 | }, | |
38 | returns => { | |
39 | type => 'array', | |
40 | items => { | |
41 | type => "object", | |
42 | properties => {}, | |
43 | }, | |
44 | links => [ { rel => 'child', href => "{name}" } ], | |
45 | }, | |
46 | code => sub { | |
47 | my ($param) = @_; | |
48 | ||
49 | my $result = [ | |
50 | { name => 'rules' }, | |
51 | { name => 'options' }, | |
52 | { name => 'groups' }, | |
9d6f90e6 | 53 | { name => 'ipset' }, |
ebd54ae9 | 54 | { name => 'macros' }, |
b4366f00 DM |
55 | ]; |
56 | ||
57 | return $result; | |
58 | }}); | |
1df4ba7e DM |
59 | |
60 | __PACKAGE__->register_method({ | |
61 | name => 'get_options', | |
62 | path => 'options', | |
63 | method => 'GET', | |
64 | description => "Get Firewall options.", | |
65 | parameters => { | |
66 | additionalProperties => 0, | |
67 | }, | |
68 | returns => { | |
69 | type => "object", | |
70 | #additionalProperties => 1, | |
71 | properties => { | |
72 | enable => { | |
73 | type => 'boolean', | |
74 | optional => 1, | |
75 | }, | |
76 | }, | |
77 | }, | |
78 | code => sub { | |
79 | my ($param) = @_; | |
80 | ||
81 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); | |
82 | ||
83 | my $options = $cluster_conf->{options}; | |
84 | ||
85 | return $options; | |
86 | }}); | |
87 | ||
88 | my $option_properties = { | |
89 | enable => { | |
90 | type => 'boolean', | |
91 | optional => 1, | |
92 | }, | |
93 | }; | |
94 | ||
95 | my $add_option_properties = sub { | |
96 | my ($properties) = @_; | |
97 | ||
98 | foreach my $k (keys %$option_properties) { | |
99 | $properties->{$k} = $option_properties->{$k}; | |
100 | } | |
101 | ||
102 | return $properties; | |
103 | }; | |
104 | ||
105 | __PACKAGE__->register_method({ | |
106 | name => 'set_options', | |
107 | path => 'options', | |
108 | method => 'PUT', | |
109 | description => "Set Firewall options.", | |
68c90e21 | 110 | protected => 1, |
1df4ba7e DM |
111 | parameters => { |
112 | additionalProperties => 0, | |
113 | properties => &$add_option_properties({ | |
114 | delete => { | |
115 | type => 'string', format => 'pve-configid-list', | |
116 | description => "A list of settings you want to delete.", | |
117 | optional => 1, | |
118 | }, | |
119 | }), | |
120 | }, | |
121 | returns => { type => "null" }, | |
122 | code => sub { | |
123 | my ($param) = @_; | |
124 | ||
125 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); | |
126 | ||
127 | if ($param->{delete}) { | |
128 | foreach my $opt (PVE::Tools::split_list($param->{delete})) { | |
129 | raise_param_exc({ delete => "no such option '$opt'" }) | |
130 | if !$option_properties->{$opt}; | |
131 | delete $cluster_conf->{options}->{$opt}; | |
132 | } | |
133 | } | |
134 | ||
135 | if (defined($param->{enable})) { | |
136 | $cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0; | |
137 | } | |
138 | ||
1df4ba7e DM |
139 | PVE::Firewall::save_clusterfw_conf($cluster_conf); |
140 | ||
141 | return undef; | |
142 | }}); | |
ebd54ae9 DM |
143 | |
144 | __PACKAGE__->register_method({ | |
145 | name => 'get_macros', | |
146 | path => 'macros', | |
147 | method => 'GET', | |
148 | description => "List available macros", | |
149 | parameters => { | |
150 | additionalProperties => 0, | |
151 | }, | |
152 | returns => { | |
153 | type => 'array', | |
154 | items => { | |
155 | type => "object", | |
156 | properties => { | |
157 | macro => { | |
158 | description => "Macro name.", | |
159 | type => 'string', | |
160 | }, | |
161 | descr => { | |
162 | description => "More verbose description (if available).", | |
163 | type => 'string', | |
164 | } | |
165 | }, | |
166 | }, | |
167 | }, | |
168 | code => sub { | |
169 | my ($param) = @_; | |
170 | ||
171 | my $res = []; | |
172 | ||
173 | my ($macros, $descr) = PVE::Firewall::get_macros(); | |
174 | ||
175 | foreach my $macro (keys %$macros) { | |
176 | push @$res, { macro => $macro, descr => $descr->{$macro} || $macro }; | |
177 | } | |
178 | ||
179 | return $res; | |
180 | }}); | |
181 | ||
009ee3ac DM |
182 | __PACKAGE__->register_method({ |
183 | name => 'ipset', | |
184 | path => 'ipset', | |
185 | method => 'GET', | |
186 | description => "List IPSets", | |
187 | parameters => { | |
188 | additionalProperties => 0, | |
189 | }, | |
190 | returns => { | |
191 | type => 'array', | |
192 | items => { | |
193 | type => "object", | |
194 | properties => { | |
195 | name => { | |
196 | description => "IPSet name.", | |
197 | type => 'string', | |
198 | }, | |
199 | }, | |
200 | }, | |
201 | links => [ { rel => 'child', href => "{name}" } ], | |
202 | }, | |
203 | code => sub { | |
204 | my ($param) = @_; | |
205 | ||
206 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); | |
207 | ||
208 | my $res = []; | |
209 | foreach my $name (keys %{$cluster_conf->{ipset}}) { | |
210 | push @$res, { name => $name, count => scalar(@{$cluster_conf->{ipset}->{$name}}) }; | |
211 | } | |
212 | ||
213 | return $res; | |
214 | }}); | |
215 | ||
216 | __PACKAGE__->register_method ({ | |
217 | subclass => "PVE::API2::Firewall::ClusterIPset", | |
218 | path => 'ipset/{name}', | |
219 | # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/' | |
220 | fragmentDelimiter => '', | |
221 | }); | |
222 | ||
ebd54ae9 | 223 | 1; |