[pve-firewall.git] / src / PVE / API2 / Firewall / Groups.pm

package PVE::API2::Firewall::Groups;

use strict;
use warnings;
use PVE::JSONSchema qw(get_standard_option);

use PVE::Firewall;


use Data::Dumper; # fixme: remove

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method({
    name => 'list',
    path => '',
    method => 'GET',
    description => "List security groups.",
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => { 
		name => {
		    description => "Security group name.",
		    type => 'string',
		},
	    },
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $res = [];
	foreach my $group (keys %{$cluster_conf->{rules}}) {
	    push @$res, { name => $group, count => scalar(@{$cluster_conf->{rules}->{$group}}) };
	}

	return $res;
    }});

__PACKAGE__->register_method({
    name => 'get_rules',
    path => '{group}',
    method => 'GET',
    description => "List security groups rules.",
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {
		pos => {
		    type => 'integer',
		}
	    },
	},
	links => [ { rel => 'child', href => "{pos}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{rules}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};

	my $res = [];

	my $ind = 0;
	foreach my $rule (@$rules) {
	    push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++);
	}

	return $res;
    }});

__PACKAGE__->register_method({
    name => 'get_rule',
    path => '{group}/{pos}',
    method => 'GET',
    description => "Get single rule data.",
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	    pos => {
		description => "Return rule from position <pos>.",
		type => 'integer',
		minimum => 0,
	    },
	},
    },
    returns => {
	type => "object",
	properties => {
	    pos => {
		type => 'integer',
	    }
	},
    },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{rules}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};
	# fixme: check digest
	
	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	
	my $rule = $rules->[$param->{pos}];

	return PVE::Firewall::cleanup_fw_rule($rule, $digest, $param->{pos});
   }});


__PACKAGE__->register_method({
    name => 'create_rule',
    path => '{group}',
    method => 'POST',
    description => "Create new rule.",
    proxyto => 'node',
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => PVE::Firewall::add_rule_properties({
	    node => get_standard_option('pve-node'),
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	}),
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{rules}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};
		
	my $rule = { type => 'out', action => 'ACCEPT', enable => 0};

	PVE::Firewall::copy_rule_data($rule, $param);

	unshift @$rules, $rule;

	PVE::Firewall::save_clusterfw_conf($cluster_conf);

	return undef;
   }});

__PACKAGE__->register_method({
    name => 'update_rule',
    path => '{group}/{pos}',
    method => 'PUT',
    description => "Modify rule data.",
    proxyto => 'node',
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => PVE::Firewall::add_rule_properties({
	    node => get_standard_option('pve-node'),
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	    moveto => {
		description => "Move rule to new position <moveto>. Other arguments are ignored.",
		type => 'integer',
		minimum => 0,
		optional => 1,
	    },
	}),
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{rules}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};
	# fixme: check digest
	
	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	
	my $rule = $rules->[$param->{pos}];

	my $moveto = $param->{moveto};
	if (defined($moveto) && $moveto != $param->{pos}) {
	    my $newrules = [];
	    for (my $i = 0; $i < scalar(@$rules); $i++) {
		next if $i == $param->{pos};
		if ($i == $moveto) {
		    push @$newrules, $rule;
		}
		push @$newrules, $rules->[$i];
	    }
	    push @$newrules, $rule if $moveto >= scalar(@$rules);

	    $cluster_conf->{rules}->{$param->{group}} = $newrules;
	} else {
	    PVE::Firewall::copy_rule_data($rule, $param);
	}

	PVE::Firewall::save_clusterfw_conf($cluster_conf);

	return undef;
   }});

__PACKAGE__->register_method({
    name => 'delete_rule',
    path => '{group}/{pos}',
    method => 'DELETE',
    description => "Delete rule.",
    proxyto => 'node',
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	    pos => {
		description => "Delete rule at position <pos>.",
		type => 'integer',
		minimum => 0,
	    },
	},
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{rules}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};
	# fixme: check digest
	
	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	
	splice(@$rules, $param->{pos}, 1);

	PVE::Firewall::save_clusterfw_conf($cluster_conf);

	return undef;
   }});

1;
Commit	Line	Data
8f119284 DM	1	package PVE::API2::Firewall::Groups;
	2
	3	use strict;
	4	use warnings;
	5	use PVE::JSONSchema qw(get_standard_option);
	6
	7	use PVE::Firewall;
	8
	9
	10	use Data::Dumper; # fixme: remove
	11
	12	use base qw(PVE::RESTHandler);
	13
	14	__PACKAGE__->register_method({
	15	name => 'list',
	16	path => '',
	17	method => 'GET',
	18	description => "List security groups.",
	19	proxyto => 'node',
	20	parameters => {
	21	additionalProperties => 0,
	22	properties => {
	23	node => get_standard_option('pve-node'),
	24	},
	25	},
	26	returns => {
	27	type => 'array',
	28	items => {
	29	type => "object",
d1c53b3e DM	30	properties => {
	31	name => {
	32	description => "Security group name.",
	33	type => 'string',
	34	},
	35	},
8f119284 DM	36	},
	37	links => [ { rel => 'child', href => "{name}" } ],
	38	},
	39	code => sub {
	40	my ($param) = @_;
	41
fca39c2c	42	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
8f119284 DM	43
8f119284 DM	44	my $res = [];
fca39c2c DM	45	foreach my $group (keys %{$cluster_conf->{rules}}) {
fca39c2c DM	46	push @$res, { name => $group, count => scalar(@{$cluster_conf->{rules}->{$group}}) };
d1c53b3e DM	47	}
	48
	49	return $res;
	50	}});
	51
	52	__PACKAGE__->register_method({
	53	name => 'get_rules',
	54	path => '{group}',
	55	method => 'GET',
	56	description => "List security groups rules.",
	57	proxyto => 'node',
	58	parameters => {
	59	additionalProperties => 0,
	60	properties => {
	61	node => get_standard_option('pve-node'),
	62	group => {
	63	description => "Security group name.",
	64	type => 'string',
	65	},
	66	},
	67	},
	68	returns => {
	69	type => 'array',
	70	items => {
	71	type => "object",
9c7e0858 DM	72	properties => {
	73	pos => {
	74	type => 'integer',
	75	}
	76	},
d1c53b3e	77	},
9c7e0858	78	links => [ { rel => 'child', href => "{pos}" } ],
d1c53b3e DM	79	},
	80	code => sub {
	81	my ($param) = @_;
	82
fca39c2c	83	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
d1c53b3e	84
fca39c2c	85	my $rules = $cluster_conf->{rules}->{$param->{group}};
d1c53b3e DM	86	die "no such security group\n" if !defined($rules);
d1c53b3e DM	87
fca39c2c	88	my $digest = $cluster_conf->{digest};
d1c53b3e DM	89
	90	my $res = [];
	91
	92	my $ind = 0;
	93	foreach my $rule (@$rules) {
	94	push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++);
8f119284 DM	95	}
	96
	97	return $res;
	98	}});
	99
9c7e0858 DM	100	__PACKAGE__->register_method({
	101	name => 'get_rule',
	102	path => '{group}/{pos}',
	103	method => 'GET',
	104	description => "Get single rule data.",
	105	proxyto => 'node',
	106	parameters => {
	107	additionalProperties => 0,
	108	properties => {
	109	node => get_standard_option('pve-node'),
	110	group => {
	111	description => "Security group name.",
	112	type => 'string',
	113	},
	114	pos => {
	115	description => "Return rule from position <pos>.",
	116	type => 'integer',
	117	minimum => 0,
	118	},
	119	},
	120	},
	121	returns => {
	122	type => "object",
	123	properties => {
	124	pos => {
	125	type => 'integer',
	126	}
	127	},
	128	},
	129	code => sub {
	130	my ($param) = @_;
	131
fca39c2c	132	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
9c7e0858	133
fca39c2c	134	my $rules = $cluster_conf->{rules}->{$param->{group}};
9c7e0858 DM	135	die "no such security group\n" if !defined($rules);
9c7e0858 DM	136
fca39c2c	137	my $digest = $cluster_conf->{digest};
9c7e0858 DM	138	# fixme: check digest
	139
	140	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	141
	142	my $rule = $rules->[$param->{pos}];
	143
	144	return PVE::Firewall::cleanup_fw_rule($rule, $digest, $param->{pos});
	145	}});
	146
	147
	148	__PACKAGE__->register_method({
	149	name => 'create_rule',
	150	path => '{group}',
	151	method => 'POST',
	152	description => "Create new rule.",
	153	proxyto => 'node',
	154	protected => 1,
	155	parameters => {
	156	additionalProperties => 0,
	157	properties => PVE::Firewall::add_rule_properties({
	158	node => get_standard_option('pve-node'),
	159	group => {
	160	description => "Security group name.",
	161	type => 'string',
	162	},
	163	}),
	164	},
	165	returns => { type => "null" },
	166	code => sub {
	167	my ($param) = @_;
	168
fca39c2c	169	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
9c7e0858	170
fca39c2c	171	my $rules = $cluster_conf->{rules}->{$param->{group}};
9c7e0858 DM	172	die "no such security group\n" if !defined($rules);
9c7e0858 DM	173
fca39c2c	174	my $digest = $cluster_conf->{digest};
9c7e0858 DM	175
	176	my $rule = { type => 'out', action => 'ACCEPT', enable => 0};
	177
	178	PVE::Firewall::copy_rule_data($rule, $param);
	179
	180	unshift @$rules, $rule;
	181
fca39c2c	182	PVE::Firewall::save_clusterfw_conf($cluster_conf);
9c7e0858 DM	183
	184	return undef;
	185	}});
	186
	187	__PACKAGE__->register_method({
	188	name => 'update_rule',
	189	path => '{group}/{pos}',
	190	method => 'PUT',
	191	description => "Modify rule data.",
	192	proxyto => 'node',
	193	protected => 1,
	194	parameters => {
	195	additionalProperties => 0,
	196	properties => PVE::Firewall::add_rule_properties({
	197	node => get_standard_option('pve-node'),
	198	group => {
	199	description => "Security group name.",
	200	type => 'string',
	201	},
	202	moveto => {
236f55b9	203	description => "Move rule to new position <moveto>. Other arguments are ignored.",
9c7e0858 DM	204	type => 'integer',
	205	minimum => 0,
	206	optional => 1,
	207	},
	208	}),
	209	},
	210	returns => { type => "null" },
	211	code => sub {
	212	my ($param) = @_;
	213
fca39c2c	214	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
9c7e0858	215
fca39c2c	216	my $rules = $cluster_conf->{rules}->{$param->{group}};
9c7e0858 DM	217	die "no such security group\n" if !defined($rules);
9c7e0858 DM	218
fca39c2c	219	my $digest = $cluster_conf->{digest};
9c7e0858 DM	220	# fixme: check digest
	221
	222	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	223
	224	my $rule = $rules->[$param->{pos}];
	225
9c7e0858 DM	226	my $moveto = $param->{moveto};
	227	if (defined($moveto) && $moveto != $param->{pos}) {
	228	my $newrules = [];
	229	for (my $i = 0; $i < scalar(@$rules); $i++) {
	230	next if $i == $param->{pos};
	231	if ($i == $moveto) {
	232	push @$newrules, $rule;
	233	}
	234	push @$newrules, $rules->[$i];
	235	}
	236	push @$newrules, $rule if $moveto >= scalar(@$rules);
	237
fca39c2c	238	$cluster_conf->{rules}->{$param->{group}} = $newrules;
236f55b9 DM	239	} else {
	240	PVE::Firewall::copy_rule_data($rule, $param);
	241	}
9c7e0858	242
fca39c2c	243	PVE::Firewall::save_clusterfw_conf($cluster_conf);
9c7e0858 DM	244
	245	return undef;
	246	}});
	247
	248	__PACKAGE__->register_method({
	249	name => 'delete_rule',
	250	path => '{group}/{pos}',
	251	method => 'DELETE',
	252	description => "Delete rule.",
	253	proxyto => 'node',
	254	protected => 1,
	255	parameters => {
	256	additionalProperties => 0,
	257	properties => {
	258	node => get_standard_option('pve-node'),
	259	group => {
	260	description => "Security group name.",
	261	type => 'string',
	262	},
	263	pos => {
	264	description => "Delete rule at position <pos>.",
	265	type => 'integer',
	266	minimum => 0,
	267	},
	268	},
	269	},
	270	returns => { type => "null" },
	271	code => sub {
	272	my ($param) = @_;
	273
fca39c2c	274	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
9c7e0858	275
fca39c2c	276	my $rules = $cluster_conf->{rules}->{$param->{group}};
9c7e0858 DM	277	die "no such security group\n" if !defined($rules);
9c7e0858 DM	278
fca39c2c	279	my $digest = $cluster_conf->{digest};
9c7e0858 DM	280	# fixme: check digest
	281
	282	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	283
	284	splice(@$rules, $param->{pos}, 1);
	285
fca39c2c	286	PVE::Firewall::save_clusterfw_conf($cluster_conf);
9c7e0858 DM	287
	288	return undef;
	289	}});
	290
8f119284	291	1;