[pve-firewall.git] / src / PVE / API2 / Firewall / Cluster.pm

package PVE::API2::Firewall::Cluster;

use strict;
use warnings;
use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
use PVE::JSONSchema qw(get_standard_option);

use PVE::Firewall;
use PVE::API2::Firewall::Rules;
use PVE::API2::Firewall::Groups;
use PVE::API2::Firewall::IPSet;

#fixme: locking?

use Data::Dumper; # fixme: remove

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::Groups",  
    path => 'groups',
});

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::ClusterRules",  
    path => 'rules',
});

__PACKAGE__->register_method({
    name => 'index',
    path => '',
    method => 'GET',
    permissions => { user => 'all' },
    description => "Directory index.",
    parameters => {
    	additionalProperties => 0,
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $result = [
	    { name => 'rules' },
	    { name => 'options' },
	    { name => 'groups' },
	    { name => 'ipset' },
	    { name => 'macros' },
	    ];

	return $result;
    }});

__PACKAGE__->register_method({
    name => 'get_options',
    path => 'options',
    method => 'GET',
    description => "Get Firewall options.",
    parameters => {
    	additionalProperties => 0,
    },
    returns => {
	type => "object",
    	#additionalProperties => 1,
	properties => {
	    enable => {
		type => 'boolean',
		optional => 1,
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $options = $cluster_conf->{options};

	return $options;
    }});

my $option_properties = {
    enable => {
	type => 'boolean',
	optional => 1,
    },
};

my $add_option_properties = sub {
    my ($properties) = @_;

    foreach my $k (keys %$option_properties) {
	$properties->{$k} = $option_properties->{$k};
    }
    
    return $properties;
};

__PACKAGE__->register_method({
    name => 'set_options',
    path => 'options',
    method => 'PUT',
    description => "Set Firewall options.",
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => &$add_option_properties({
	    delete => {
		type => 'string', format => 'pve-configid-list',
		description => "A list of settings you want to delete.",
		optional => 1,
	    },
	}),
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	if ($param->{delete}) {
	    foreach my $opt (PVE::Tools::split_list($param->{delete})) {
		raise_param_exc({ delete => "no such option '$opt'" }) 
		    if !$option_properties->{$opt};
		delete $cluster_conf->{options}->{$opt};
	    }
	}

	if (defined($param->{enable})) {
	    $cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0;
	}

	PVE::Firewall::save_clusterfw_conf($cluster_conf);

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'get_macros',
    path => 'macros',
    method => 'GET',
    description => "List available macros",
    parameters => {
    	additionalProperties => 0,
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {
		macro => {
		    description => "Macro name.",
		    type => 'string',
		},
		descr => {
		    description => "More verbose description (if available).",
		    type => 'string',
		}
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	my $res = [];

	my ($macros, $descr) = PVE::Firewall::get_macros();

	foreach my $macro (keys %$macros) {
	    push @$res, { macro => $macro, descr => $descr->{$macro} || $macro };
	}

	return $res;
    }});

__PACKAGE__->register_method({
    name => 'ipset',
    path => 'ipset',
    method => 'GET',
    description => "List IPSets",
    parameters => {
    	additionalProperties => 0,
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => { 
		name => {
		    description => "IPSet name.",
		    type => 'string',
		},
	    },
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $res = [];
	foreach my $name (keys %{$cluster_conf->{ipset}}) {
	    push @$res, { name => $name, count => scalar(@{$cluster_conf->{ipset}->{$name}}) };
	}

	return $res;
    }});

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::ClusterIPset",  
    path => 'ipset/{name}',
    # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/' 
    fragmentDelimiter => '', 
});

1;
Commit	Line	Data
b4366f00 DM	1	package PVE::API2::Firewall::Cluster;
	2
	3	use strict;
	4	use warnings;
1df4ba7e	5	use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
b4366f00 DM	6	use PVE::JSONSchema qw(get_standard_option);
	7
	8	use PVE::Firewall;
86791289	9	use PVE::API2::Firewall::Rules;
b4366f00	10	use PVE::API2::Firewall::Groups;
009ee3ac	11	use PVE::API2::Firewall::IPSet;
b4366f00	12
1df4ba7e DM	13	#fixme: locking?
1df4ba7e DM	14
b4366f00 DM	15	use Data::Dumper; # fixme: remove
	16
	17	use base qw(PVE::RESTHandler);
	18
	19	__PACKAGE__->register_method ({
	20	subclass => "PVE::API2::Firewall::Groups",
	21	path => 'groups',
	22	});
	23
86791289 DM	24	__PACKAGE__->register_method ({
	25	subclass => "PVE::API2::Firewall::ClusterRules",
	26	path => 'rules',
	27	});
	28
b4366f00 DM	29	__PACKAGE__->register_method({
	30	name => 'index',
	31	path => '',
	32	method => 'GET',
	33	permissions => { user => 'all' },
	34	description => "Directory index.",
	35	parameters => {
	36	additionalProperties => 0,
	37	},
	38	returns => {
	39	type => 'array',
	40	items => {
	41	type => "object",
	42	properties => {},
	43	},
	44	links => [ { rel => 'child', href => "{name}" } ],
	45	},
	46	code => sub {
	47	my ($param) = @_;
	48
	49	my $result = [
	50	{ name => 'rules' },
	51	{ name => 'options' },
	52	{ name => 'groups' },
9d6f90e6	53	{ name => 'ipset' },
ebd54ae9	54	{ name => 'macros' },
b4366f00 DM	55	];
	56
	57	return $result;
	58	}});
1df4ba7e DM	59
	60	__PACKAGE__->register_method({
	61	name => 'get_options',
	62	path => 'options',
	63	method => 'GET',
	64	description => "Get Firewall options.",
	65	parameters => {
	66	additionalProperties => 0,
	67	},
	68	returns => {
	69	type => "object",
	70	#additionalProperties => 1,
	71	properties => {
	72	enable => {
	73	type => 'boolean',
	74	optional => 1,
	75	},
	76	},
	77	},
	78	code => sub {
	79	my ($param) = @_;
	80
	81	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
	82
	83	my $options = $cluster_conf->{options};
	84
	85	return $options;
	86	}});
	87
	88	my $option_properties = {
	89	enable => {
	90	type => 'boolean',
	91	optional => 1,
	92	},
	93	};
	94
	95	my $add_option_properties = sub {
	96	my ($properties) = @_;
	97
	98	foreach my $k (keys %$option_properties) {
	99	$properties->{$k} = $option_properties->{$k};
	100	}
	101
	102	return $properties;
	103	};
	104
	105	__PACKAGE__->register_method({
	106	name => 'set_options',
	107	path => 'options',
	108	method => 'PUT',
	109	description => "Set Firewall options.",
68c90e21	110	protected => 1,
1df4ba7e DM	111	parameters => {
	112	additionalProperties => 0,
	113	properties => &$add_option_properties({
	114	delete => {
	115	type => 'string', format => 'pve-configid-list',
	116	description => "A list of settings you want to delete.",
	117	optional => 1,
	118	},
	119	}),
	120	},
	121	returns => { type => "null" },
	122	code => sub {
	123	my ($param) = @_;
	124
	125	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
	126
	127	if ($param->{delete}) {
	128	foreach my $opt (PVE::Tools::split_list($param->{delete})) {
	129	raise_param_exc({ delete => "no such option '$opt'" })
	130	if !$option_properties->{$opt};
	131	delete $cluster_conf->{options}->{$opt};
	132	}
	133	}
	134
	135	if (defined($param->{enable})) {
	136	$cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0;
	137	}
	138
1df4ba7e DM	139	PVE::Firewall::save_clusterfw_conf($cluster_conf);
	140
	141	return undef;
	142	}});
ebd54ae9 DM	143
	144	__PACKAGE__->register_method({
	145	name => 'get_macros',
	146	path => 'macros',
	147	method => 'GET',
	148	description => "List available macros",
	149	parameters => {
	150	additionalProperties => 0,
	151	},
	152	returns => {
	153	type => 'array',
	154	items => {
	155	type => "object",
	156	properties => {
	157	macro => {
	158	description => "Macro name.",
	159	type => 'string',
	160	},
	161	descr => {
	162	description => "More verbose description (if available).",
	163	type => 'string',
	164	}
	165	},
	166	},
	167	},
	168	code => sub {
	169	my ($param) = @_;
	170
	171	my $res = [];
	172
	173	my ($macros, $descr) = PVE::Firewall::get_macros();
	174
	175	foreach my $macro (keys %$macros) {
	176	push @$res, { macro => $macro, descr => $descr->{$macro} \|\| $macro };
	177	}
	178
	179	return $res;
	180	}});
	181
009ee3ac DM	182	__PACKAGE__->register_method({
	183	name => 'ipset',
	184	path => 'ipset',
	185	method => 'GET',
	186	description => "List IPSets",
	187	parameters => {
	188	additionalProperties => 0,
	189	},
	190	returns => {
	191	type => 'array',
	192	items => {
	193	type => "object",
	194	properties => {
	195	name => {
	196	description => "IPSet name.",
	197	type => 'string',
	198	},
	199	},
	200	},
	201	links => [ { rel => 'child', href => "{name}" } ],
	202	},
	203	code => sub {
	204	my ($param) = @_;
	205
	206	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
	207
	208	my $res = [];
	209	foreach my $name (keys %{$cluster_conf->{ipset}}) {
	210	push @$res, { name => $name, count => scalar(@{$cluster_conf->{ipset}->{$name}}) };
	211	}
	212
	213	return $res;
	214	}});
	215
	216	__PACKAGE__->register_method ({
	217	subclass => "PVE::API2::Firewall::ClusterIPset",
	218	path => 'ipset/{name}',
	219	# set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/'
	220	fragmentDelimiter => '',
	221	});
	222
ebd54ae9	223	1;