[pve-firewall.git] / src / PVE / API2 / Firewall / Cluster.pm

package PVE::API2::Firewall::Cluster;

use strict;
use warnings;
use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
use PVE::JSONSchema qw(get_standard_option);

use PVE::Firewall;
use PVE::API2::Firewall::Aliases;
use PVE::API2::Firewall::Rules;
use PVE::API2::Firewall::Groups;
use PVE::API2::Firewall::IPSet;

#fixme: locking?

use Data::Dumper; # fixme: remove

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::Groups",  
    path => 'groups',
});

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::ClusterRules",  
    path => 'rules',
});

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::ClusterIPSetList",  
    path => 'ipset',
});

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::ClusterAliases",  
    path => 'aliases',
});


__PACKAGE__->register_method({
    name => 'index',
    path => '',
    method => 'GET',
    permissions => { user => 'all' },
    description => "Directory index.",
    parameters => {
    	additionalProperties => 0,
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $result = [
	    { name => 'aliases' },
	    { name => 'rules' },
	    { name => 'options' },
	    { name => 'groups' },
	    { name => 'ipset' },
	    { name => 'macros' },
	    ];

	return $result;
    }});

my $option_properties = {
    enable => {
	type => 'boolean',
	optional => 1,
    },
    policy_in => {
	description => "Input policy.",
	type => 'string',
	optional => 1,
	enum => ['ACCEPT', 'REJECT', 'DROP'],
    },
    policy_out => { 
	description => "Output policy.",
	type => 'string',
	optional => 1,
	enum => ['ACCEPT', 'REJECT', 'DROP'],
    },
};

my $add_option_properties = sub {
    my ($properties) = @_;

    foreach my $k (keys %$option_properties) {
	$properties->{$k} = $option_properties->{$k};
    }
    
    return $properties;
};


__PACKAGE__->register_method({
    name => 'get_options',
    path => 'options',
    method => 'GET',
    description => "Get Firewall options.",
    parameters => {
    	additionalProperties => 0,
    },
    returns => {
	type => "object",
    	#additionalProperties => 1,
	properties => $option_properties,
    },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	return PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
    }});


__PACKAGE__->register_method({
    name => 'set_options',
    path => 'options',
    method => 'PUT',
    description => "Set Firewall options.",
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => &$add_option_properties({
	    delete => {
		type => 'string', format => 'pve-configid-list',
		description => "A list of settings you want to delete.",
		optional => 1,
	    },
	    digest => get_standard_option('pve-config-digest'),
	}),
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
	PVE::Tools::assert_if_modified($digest, $param->{digest});

	if ($param->{delete}) {
	    foreach my $opt (PVE::Tools::split_list($param->{delete})) {
		raise_param_exc({ delete => "no such option '$opt'" }) 
		    if !$option_properties->{$opt};
		delete $cluster_conf->{options}->{$opt};
	    }
	}

	if (defined($param->{enable})) {
	    $param->{enable} = $param->{enable} ? 1 : 0;
	}

	foreach my $k (keys %$option_properties) {
	    next if !defined($param->{$k});
	    $cluster_conf->{options}->{$k} = $param->{$k}; 
	}

	PVE::Firewall::save_clusterfw_conf($cluster_conf);

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'get_macros',
    path => 'macros',
    method => 'GET',
    description => "List available macros",
    parameters => {
    	additionalProperties => 0,
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {
		macro => {
		    description => "Macro name.",
		    type => 'string',
		},
		descr => {
		    description => "More verbose description (if available).",
		    type => 'string',
		}
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	my $res = [];

	my ($macros, $descr) = PVE::Firewall::get_macros();

	foreach my $macro (keys %$macros) {
	    push @$res, { macro => $macro, descr => $descr->{$macro} || $macro };
	}

	return $res;
    }});

1;
Commit	Line	Data
b4366f00 DM	1	package PVE::API2::Firewall::Cluster;
	2
	3	use strict;
	4	use warnings;
1df4ba7e	5	use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
b4366f00 DM	6	use PVE::JSONSchema qw(get_standard_option);
	7
	8	use PVE::Firewall;
81d574a7	9	use PVE::API2::Firewall::Aliases;
86791289	10	use PVE::API2::Firewall::Rules;
b4366f00	11	use PVE::API2::Firewall::Groups;
009ee3ac	12	use PVE::API2::Firewall::IPSet;
b4366f00	13
1df4ba7e DM	14	#fixme: locking?
1df4ba7e DM	15
b4366f00 DM	16	use Data::Dumper; # fixme: remove
	17
	18	use base qw(PVE::RESTHandler);
	19
	20	__PACKAGE__->register_method ({
	21	subclass => "PVE::API2::Firewall::Groups",
	22	path => 'groups',
	23	});
	24
86791289 DM	25	__PACKAGE__->register_method ({
	26	subclass => "PVE::API2::Firewall::ClusterRules",
	27	path => 'rules',
	28	});
	29
c85c87f9 DM	30	__PACKAGE__->register_method ({
	31	subclass => "PVE::API2::Firewall::ClusterIPSetList",
	32	path => 'ipset',
	33	});
	34
81d574a7 DM	35	__PACKAGE__->register_method ({
	36	subclass => "PVE::API2::Firewall::ClusterAliases",
	37	path => 'aliases',
	38	});
	39
	40
b4366f00 DM	41	__PACKAGE__->register_method({
	42	name => 'index',
	43	path => '',
	44	method => 'GET',
	45	permissions => { user => 'all' },
	46	description => "Directory index.",
	47	parameters => {
	48	additionalProperties => 0,
	49	},
	50	returns => {
	51	type => 'array',
	52	items => {
	53	type => "object",
	54	properties => {},
	55	},
	56	links => [ { rel => 'child', href => "{name}" } ],
	57	},
	58	code => sub {
	59	my ($param) = @_;
	60
	61	my $result = [
81d574a7	62	{ name => 'aliases' },
b4366f00 DM	63	{ name => 'rules' },
	64	{ name => 'options' },
	65	{ name => 'groups' },
9d6f90e6	66	{ name => 'ipset' },
ebd54ae9	67	{ name => 'macros' },
b4366f00 DM	68	];
	69
	70	return $result;
	71	}});
1df4ba7e	72
271f287b DM	73	my $option_properties = {
	74	enable => {
	75	type => 'boolean',
	76	optional => 1,
	77	},
	78	policy_in => {
	79	description => "Input policy.",
	80	type => 'string',
	81	optional => 1,
	82	enum => ['ACCEPT', 'REJECT', 'DROP'],
	83	},
	84	policy_out => {
	85	description => "Output policy.",
	86	type => 'string',
	87	optional => 1,
	88	enum => ['ACCEPT', 'REJECT', 'DROP'],
	89	},
	90	};
	91
	92	my $add_option_properties = sub {
	93	my ($properties) = @_;
	94
	95	foreach my $k (keys %$option_properties) {
	96	$properties->{$k} = $option_properties->{$k};
	97	}
	98
	99	return $properties;
	100	};
	101
	102
1df4ba7e DM	103	__PACKAGE__->register_method({
	104	name => 'get_options',
	105	path => 'options',
	106	method => 'GET',
	107	description => "Get Firewall options.",
	108	parameters => {
	109	additionalProperties => 0,
	110	},
	111	returns => {
	112	type => "object",
	113	#additionalProperties => 1,
271f287b	114	properties => $option_properties,
1df4ba7e DM	115	},
	116	code => sub {
	117	my ($param) = @_;
	118
	119	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
	120
5d38d64f	121	return PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
1df4ba7e DM	122	}});
1df4ba7e DM	123
1df4ba7e DM	124
	125	__PACKAGE__->register_method({
	126	name => 'set_options',
	127	path => 'options',
	128	method => 'PUT',
	129	description => "Set Firewall options.",
68c90e21	130	protected => 1,
1df4ba7e DM	131	parameters => {
	132	additionalProperties => 0,
	133	properties => &$add_option_properties({
	134	delete => {
	135	type => 'string', format => 'pve-configid-list',
	136	description => "A list of settings you want to delete.",
	137	optional => 1,
	138	},
5d38d64f	139	digest => get_standard_option('pve-config-digest'),
1df4ba7e DM	140	}),
	141	},
	142	returns => { type => "null" },
	143	code => sub {
	144	my ($param) = @_;
	145
	146	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
	147
5d38d64f DM	148	my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
	149	PVE::Tools::assert_if_modified($digest, $param->{digest});
	150
1df4ba7e DM	151	if ($param->{delete}) {
	152	foreach my $opt (PVE::Tools::split_list($param->{delete})) {
	153	raise_param_exc({ delete => "no such option '$opt'" })
	154	if !$option_properties->{$opt};
	155	delete $cluster_conf->{options}->{$opt};
	156	}
	157	}
	158
	159	if (defined($param->{enable})) {
271f287b DM	160	$param->{enable} = $param->{enable} ? 1 : 0;
	161	}
	162
	163	foreach my $k (keys %$option_properties) {
	164	next if !defined($param->{$k});
	165	$cluster_conf->{options}->{$k} = $param->{$k};
1df4ba7e DM	166	}
1df4ba7e DM	167
1df4ba7e DM	168	PVE::Firewall::save_clusterfw_conf($cluster_conf);
	169
	170	return undef;
	171	}});
ebd54ae9 DM	172
	173	__PACKAGE__->register_method({
	174	name => 'get_macros',
	175	path => 'macros',
	176	method => 'GET',
	177	description => "List available macros",
	178	parameters => {
	179	additionalProperties => 0,
	180	},
	181	returns => {
	182	type => 'array',
	183	items => {
	184	type => "object",
	185	properties => {
	186	macro => {
	187	description => "Macro name.",
	188	type => 'string',
	189	},
	190	descr => {
	191	description => "More verbose description (if available).",
	192	type => 'string',
	193	}
	194	},
	195	},
	196	},
	197	code => sub {
	198	my ($param) = @_;
	199
	200	my $res = [];
	201
	202	my ($macros, $descr) = PVE::Firewall::get_macros();
	203
	204	foreach my $macro (keys %$macros) {
	205	push @$res, { macro => $macro, descr => $descr->{$macro} \|\| $macro };
	206	}
	207
	208	return $res;
	209	}});
	210
	211	1;