]>
Commit | Line | Data |
---|---|---|
b4366f00 DM |
1 | package PVE::API2::Firewall::Cluster; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
1df4ba7e | 5 | use PVE::Exception qw(raise raise_param_exc raise_perm_exc); |
b4366f00 DM |
6 | use PVE::JSONSchema qw(get_standard_option); |
7 | ||
8 | use PVE::Firewall; | |
86791289 | 9 | use PVE::API2::Firewall::Rules; |
b4366f00 | 10 | use PVE::API2::Firewall::Groups; |
009ee3ac | 11 | use PVE::API2::Firewall::IPSet; |
b4366f00 | 12 | |
1df4ba7e DM |
13 | #fixme: locking? |
14 | ||
b4366f00 DM |
15 | use Data::Dumper; # fixme: remove |
16 | ||
17 | use base qw(PVE::RESTHandler); | |
18 | ||
19 | __PACKAGE__->register_method ({ | |
20 | subclass => "PVE::API2::Firewall::Groups", | |
21 | path => 'groups', | |
22 | }); | |
23 | ||
86791289 DM |
24 | __PACKAGE__->register_method ({ |
25 | subclass => "PVE::API2::Firewall::ClusterRules", | |
26 | path => 'rules', | |
27 | }); | |
28 | ||
c85c87f9 DM |
29 | __PACKAGE__->register_method ({ |
30 | subclass => "PVE::API2::Firewall::ClusterIPSetList", | |
31 | path => 'ipset', | |
32 | }); | |
33 | ||
b4366f00 DM |
34 | __PACKAGE__->register_method({ |
35 | name => 'index', | |
36 | path => '', | |
37 | method => 'GET', | |
38 | permissions => { user => 'all' }, | |
39 | description => "Directory index.", | |
40 | parameters => { | |
41 | additionalProperties => 0, | |
42 | }, | |
43 | returns => { | |
44 | type => 'array', | |
45 | items => { | |
46 | type => "object", | |
47 | properties => {}, | |
48 | }, | |
49 | links => [ { rel => 'child', href => "{name}" } ], | |
50 | }, | |
51 | code => sub { | |
52 | my ($param) = @_; | |
53 | ||
54 | my $result = [ | |
55 | { name => 'rules' }, | |
56 | { name => 'options' }, | |
57 | { name => 'groups' }, | |
9d6f90e6 | 58 | { name => 'ipset' }, |
ebd54ae9 | 59 | { name => 'macros' }, |
b4366f00 DM |
60 | ]; |
61 | ||
62 | return $result; | |
63 | }}); | |
1df4ba7e | 64 | |
271f287b DM |
65 | my $option_properties = { |
66 | enable => { | |
67 | type => 'boolean', | |
68 | optional => 1, | |
69 | }, | |
70 | policy_in => { | |
71 | description => "Input policy.", | |
72 | type => 'string', | |
73 | optional => 1, | |
74 | enum => ['ACCEPT', 'REJECT', 'DROP'], | |
75 | }, | |
76 | policy_out => { | |
77 | description => "Output policy.", | |
78 | type => 'string', | |
79 | optional => 1, | |
80 | enum => ['ACCEPT', 'REJECT', 'DROP'], | |
81 | }, | |
82 | }; | |
83 | ||
84 | my $add_option_properties = sub { | |
85 | my ($properties) = @_; | |
86 | ||
87 | foreach my $k (keys %$option_properties) { | |
88 | $properties->{$k} = $option_properties->{$k}; | |
89 | } | |
90 | ||
91 | return $properties; | |
92 | }; | |
93 | ||
94 | ||
1df4ba7e DM |
95 | __PACKAGE__->register_method({ |
96 | name => 'get_options', | |
97 | path => 'options', | |
98 | method => 'GET', | |
99 | description => "Get Firewall options.", | |
100 | parameters => { | |
101 | additionalProperties => 0, | |
102 | }, | |
103 | returns => { | |
104 | type => "object", | |
105 | #additionalProperties => 1, | |
271f287b | 106 | properties => $option_properties, |
1df4ba7e DM |
107 | }, |
108 | code => sub { | |
109 | my ($param) = @_; | |
110 | ||
111 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); | |
112 | ||
5d38d64f | 113 | return PVE::Firewall::copy_opject_with_digest($cluster_conf->{options}); |
1df4ba7e DM |
114 | }}); |
115 | ||
1df4ba7e DM |
116 | |
117 | __PACKAGE__->register_method({ | |
118 | name => 'set_options', | |
119 | path => 'options', | |
120 | method => 'PUT', | |
121 | description => "Set Firewall options.", | |
68c90e21 | 122 | protected => 1, |
1df4ba7e DM |
123 | parameters => { |
124 | additionalProperties => 0, | |
125 | properties => &$add_option_properties({ | |
126 | delete => { | |
127 | type => 'string', format => 'pve-configid-list', | |
128 | description => "A list of settings you want to delete.", | |
129 | optional => 1, | |
130 | }, | |
5d38d64f | 131 | digest => get_standard_option('pve-config-digest'), |
1df4ba7e DM |
132 | }), |
133 | }, | |
134 | returns => { type => "null" }, | |
135 | code => sub { | |
136 | my ($param) = @_; | |
137 | ||
138 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); | |
139 | ||
5d38d64f DM |
140 | my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($cluster_conf->{options}); |
141 | PVE::Tools::assert_if_modified($digest, $param->{digest}); | |
142 | ||
1df4ba7e DM |
143 | if ($param->{delete}) { |
144 | foreach my $opt (PVE::Tools::split_list($param->{delete})) { | |
145 | raise_param_exc({ delete => "no such option '$opt'" }) | |
146 | if !$option_properties->{$opt}; | |
147 | delete $cluster_conf->{options}->{$opt}; | |
148 | } | |
149 | } | |
150 | ||
151 | if (defined($param->{enable})) { | |
271f287b DM |
152 | $param->{enable} = $param->{enable} ? 1 : 0; |
153 | } | |
154 | ||
155 | foreach my $k (keys %$option_properties) { | |
156 | next if !defined($param->{$k}); | |
157 | $cluster_conf->{options}->{$k} = $param->{$k}; | |
1df4ba7e DM |
158 | } |
159 | ||
1df4ba7e DM |
160 | PVE::Firewall::save_clusterfw_conf($cluster_conf); |
161 | ||
162 | return undef; | |
163 | }}); | |
ebd54ae9 DM |
164 | |
165 | __PACKAGE__->register_method({ | |
166 | name => 'get_macros', | |
167 | path => 'macros', | |
168 | method => 'GET', | |
169 | description => "List available macros", | |
170 | parameters => { | |
171 | additionalProperties => 0, | |
172 | }, | |
173 | returns => { | |
174 | type => 'array', | |
175 | items => { | |
176 | type => "object", | |
177 | properties => { | |
178 | macro => { | |
179 | description => "Macro name.", | |
180 | type => 'string', | |
181 | }, | |
182 | descr => { | |
183 | description => "More verbose description (if available).", | |
184 | type => 'string', | |
185 | } | |
186 | }, | |
187 | }, | |
188 | }, | |
189 | code => sub { | |
190 | my ($param) = @_; | |
191 | ||
192 | my $res = []; | |
193 | ||
194 | my ($macros, $descr) = PVE::Firewall::get_macros(); | |
195 | ||
196 | foreach my $macro (keys %$macros) { | |
197 | push @$res, { macro => $macro, descr => $descr->{$macro} || $macro }; | |
198 | } | |
199 | ||
200 | return $res; | |
201 | }}); | |
202 | ||
203 | 1; |