[pve-firewall.git] / src / PVE / API2 / Firewall / Groups.pm

package PVE::API2::Firewall::Groups;

use strict;
use warnings;
use PVE::JSONSchema qw(get_standard_option);

use PVE::Firewall;


use Data::Dumper; # fixme: remove

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method({
    name => 'list',
    path => '',
    method => 'GET',
    description => "List security groups.",
    parameters => {
    	additionalProperties => 0,
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => { 
		name => {
		    description => "Security group name.",
		    type => 'string',
		},
	    },
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $res = [];
	foreach my $group (keys %{$cluster_conf->{groups}}) {
	    push @$res, { name => $group, count => scalar(@{$cluster_conf->{groups}->{$group}}) };
	}

	return $res;
    }});

__PACKAGE__->register_method({
    name => 'get_rules',
    path => '{group}',
    method => 'GET',
    description => "List security groups rules.",
    parameters => {
    	additionalProperties => 0,
	properties => {
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {
		pos => {
		    type => 'integer',
		}
	    },
	},
	links => [ { rel => 'child', href => "{pos}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{groups}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};

	my $res = [];

	my $ind = 0;
	foreach my $rule (@$rules) {
	    push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++);
	}

	return $res;
    }});

__PACKAGE__->register_method({
    name => 'get_rule',
    path => '{group}/{pos}',
    method => 'GET',
    description => "Get single rule data.",
    parameters => {
    	additionalProperties => 0,
	properties => {
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	    pos => {
		description => "Return rule from position <pos>.",
		type => 'integer',
		minimum => 0,
	    },
	},
    },
    returns => {
	type => "object",
	properties => {
	    pos => {
		type => 'integer',
	    }
	},
    },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{groups}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};
	# fixme: check digest
	
	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	
	my $rule = $rules->[$param->{pos}];

	return PVE::Firewall::cleanup_fw_rule($rule, $digest, $param->{pos});
   }});


__PACKAGE__->register_method({
    name => 'create_rule',
    path => '{group}',
    method => 'POST',
    description => "Create new rule.",
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => PVE::Firewall::add_rule_properties({
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	}),
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{groups}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};
		
	my $rule = { type => 'out', action => 'ACCEPT', enable => 0};

	PVE::Firewall::copy_rule_data($rule, $param);

	unshift @$rules, $rule;

	PVE::Firewall::save_clusterfw_conf($cluster_conf);

	return undef;
   }});

__PACKAGE__->register_method({
    name => 'update_rule',
    path => '{group}/{pos}',
    method => 'PUT',
    description => "Modify rule data.",
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => PVE::Firewall::add_rule_properties({
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	    moveto => {
		description => "Move rule to new position <moveto>. Other arguments are ignored.",
		type => 'integer',
		minimum => 0,
		optional => 1,
	    },
	}),
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{groups}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};
	# fixme: check digest
	
	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	
	my $rule = $rules->[$param->{pos}];

	my $moveto = $param->{moveto};
	if (defined($moveto) && $moveto != $param->{pos}) {
	    my $newrules = [];
	    for (my $i = 0; $i < scalar(@$rules); $i++) {
		next if $i == $param->{pos};
		if ($i == $moveto) {
		    push @$newrules, $rule;
		}
		push @$newrules, $rules->[$i];
	    }
	    push @$newrules, $rule if $moveto >= scalar(@$rules);

	    $cluster_conf->{groups}->{$param->{group}} = $newrules;
	} else {
	    PVE::Firewall::copy_rule_data($rule, $param);
	}

	PVE::Firewall::save_clusterfw_conf($cluster_conf);

	return undef;
   }});

__PACKAGE__->register_method({
    name => 'delete_rule',
    path => '{group}/{pos}',
    method => 'DELETE',
    description => "Delete rule.",
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => {
	    group => {
		description => "Security group name.",
		type => 'string',
	    },
	    pos => {
		description => "Delete rule at position <pos>.",
		type => 'integer',
		minimum => 0,
	    },
	},
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();

	my $rules = $cluster_conf->{groups}->{$param->{group}};
	die "no such security group\n" if !defined($rules);

	my $digest = $cluster_conf->{digest};
	# fixme: check digest
	
	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	
	splice(@$rules, $param->{pos}, 1);

	PVE::Firewall::save_clusterfw_conf($cluster_conf);

	return undef;
   }});

1;
Commit	Line	Data
8f119284 DM	1	package PVE::API2::Firewall::Groups;
	2
	3	use strict;
	4	use warnings;
	5	use PVE::JSONSchema qw(get_standard_option);
	6
	7	use PVE::Firewall;
	8
	9
	10	use Data::Dumper; # fixme: remove
	11
	12	use base qw(PVE::RESTHandler);
	13
	14	__PACKAGE__->register_method({
	15	name => 'list',
	16	path => '',
	17	method => 'GET',
	18	description => "List security groups.",
8f119284 DM	19	parameters => {
8f119284 DM	20	additionalProperties => 0,
8f119284 DM	21	},
	22	returns => {
	23	type => 'array',
	24	items => {
	25	type => "object",
d1c53b3e DM	26	properties => {
	27	name => {
	28	description => "Security group name.",
	29	type => 'string',
	30	},
	31	},
8f119284 DM	32	},
	33	links => [ { rel => 'child', href => "{name}" } ],
	34	},
	35	code => sub {
	36	my ($param) = @_;
	37
fca39c2c	38	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
8f119284 DM	39
8f119284 DM	40	my $res = [];
c6f5cc88 DM	41	foreach my $group (keys %{$cluster_conf->{groups}}) {
c6f5cc88 DM	42	push @$res, { name => $group, count => scalar(@{$cluster_conf->{groups}->{$group}}) };
d1c53b3e DM	43	}
	44
	45	return $res;
	46	}});
	47
	48	__PACKAGE__->register_method({
	49	name => 'get_rules',
	50	path => '{group}',
	51	method => 'GET',
	52	description => "List security groups rules.",
d1c53b3e DM	53	parameters => {
	54	additionalProperties => 0,
	55	properties => {
d1c53b3e DM	56	group => {
	57	description => "Security group name.",
	58	type => 'string',
	59	},
	60	},
	61	},
	62	returns => {
	63	type => 'array',
	64	items => {
	65	type => "object",
9c7e0858 DM	66	properties => {
	67	pos => {
	68	type => 'integer',
	69	}
	70	},
d1c53b3e	71	},
9c7e0858	72	links => [ { rel => 'child', href => "{pos}" } ],
d1c53b3e DM	73	},
	74	code => sub {
	75	my ($param) = @_;
	76
fca39c2c	77	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
d1c53b3e	78
c6f5cc88	79	my $rules = $cluster_conf->{groups}->{$param->{group}};
d1c53b3e DM	80	die "no such security group\n" if !defined($rules);
d1c53b3e DM	81
fca39c2c	82	my $digest = $cluster_conf->{digest};
d1c53b3e DM	83
	84	my $res = [];
	85
	86	my $ind = 0;
	87	foreach my $rule (@$rules) {
	88	push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++);
8f119284 DM	89	}
	90
	91	return $res;
	92	}});
	93
9c7e0858 DM	94	__PACKAGE__->register_method({
	95	name => 'get_rule',
	96	path => '{group}/{pos}',
	97	method => 'GET',
	98	description => "Get single rule data.",
9c7e0858 DM	99	parameters => {
	100	additionalProperties => 0,
	101	properties => {
9c7e0858 DM	102	group => {
	103	description => "Security group name.",
	104	type => 'string',
	105	},
	106	pos => {
	107	description => "Return rule from position <pos>.",
	108	type => 'integer',
	109	minimum => 0,
	110	},
	111	},
	112	},
	113	returns => {
	114	type => "object",
	115	properties => {
	116	pos => {
	117	type => 'integer',
	118	}
	119	},
	120	},
	121	code => sub {
	122	my ($param) = @_;
	123
fca39c2c	124	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
9c7e0858	125
c6f5cc88	126	my $rules = $cluster_conf->{groups}->{$param->{group}};
9c7e0858 DM	127	die "no such security group\n" if !defined($rules);
9c7e0858 DM	128
fca39c2c	129	my $digest = $cluster_conf->{digest};
9c7e0858 DM	130	# fixme: check digest
	131
	132	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	133
	134	my $rule = $rules->[$param->{pos}];
	135
	136	return PVE::Firewall::cleanup_fw_rule($rule, $digest, $param->{pos});
	137	}});
	138
	139
	140	__PACKAGE__->register_method({
	141	name => 'create_rule',
	142	path => '{group}',
	143	method => 'POST',
	144	description => "Create new rule.",
9c7e0858 DM	145	protected => 1,
	146	parameters => {
	147	additionalProperties => 0,
	148	properties => PVE::Firewall::add_rule_properties({
9c7e0858 DM	149	group => {
	150	description => "Security group name.",
	151	type => 'string',
	152	},
	153	}),
	154	},
	155	returns => { type => "null" },
	156	code => sub {
	157	my ($param) = @_;
	158
fca39c2c	159	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
9c7e0858	160
c6f5cc88	161	my $rules = $cluster_conf->{groups}->{$param->{group}};
9c7e0858 DM	162	die "no such security group\n" if !defined($rules);
9c7e0858 DM	163
fca39c2c	164	my $digest = $cluster_conf->{digest};
9c7e0858 DM	165
	166	my $rule = { type => 'out', action => 'ACCEPT', enable => 0};
	167
	168	PVE::Firewall::copy_rule_data($rule, $param);
	169
	170	unshift @$rules, $rule;
	171
fca39c2c	172	PVE::Firewall::save_clusterfw_conf($cluster_conf);
9c7e0858 DM	173
	174	return undef;
	175	}});
	176
	177	__PACKAGE__->register_method({
	178	name => 'update_rule',
	179	path => '{group}/{pos}',
	180	method => 'PUT',
	181	description => "Modify rule data.",
9c7e0858 DM	182	protected => 1,
	183	parameters => {
	184	additionalProperties => 0,
	185	properties => PVE::Firewall::add_rule_properties({
9c7e0858 DM	186	group => {
	187	description => "Security group name.",
	188	type => 'string',
	189	},
	190	moveto => {
236f55b9	191	description => "Move rule to new position <moveto>. Other arguments are ignored.",
9c7e0858 DM	192	type => 'integer',
	193	minimum => 0,
	194	optional => 1,
	195	},
	196	}),
	197	},
	198	returns => { type => "null" },
	199	code => sub {
	200	my ($param) = @_;
	201
fca39c2c	202	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
9c7e0858	203
c6f5cc88	204	my $rules = $cluster_conf->{groups}->{$param->{group}};
9c7e0858 DM	205	die "no such security group\n" if !defined($rules);
9c7e0858 DM	206
fca39c2c	207	my $digest = $cluster_conf->{digest};
9c7e0858 DM	208	# fixme: check digest
	209
	210	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	211
	212	my $rule = $rules->[$param->{pos}];
	213
9c7e0858 DM	214	my $moveto = $param->{moveto};
	215	if (defined($moveto) && $moveto != $param->{pos}) {
	216	my $newrules = [];
	217	for (my $i = 0; $i < scalar(@$rules); $i++) {
	218	next if $i == $param->{pos};
	219	if ($i == $moveto) {
	220	push @$newrules, $rule;
	221	}
	222	push @$newrules, $rules->[$i];
	223	}
	224	push @$newrules, $rule if $moveto >= scalar(@$rules);
	225
c6f5cc88	226	$cluster_conf->{groups}->{$param->{group}} = $newrules;
236f55b9 DM	227	} else {
	228	PVE::Firewall::copy_rule_data($rule, $param);
	229	}
9c7e0858	230
fca39c2c	231	PVE::Firewall::save_clusterfw_conf($cluster_conf);
9c7e0858 DM	232
	233	return undef;
	234	}});
	235
	236	__PACKAGE__->register_method({
	237	name => 'delete_rule',
	238	path => '{group}/{pos}',
	239	method => 'DELETE',
	240	description => "Delete rule.",
9c7e0858 DM	241	protected => 1,
	242	parameters => {
	243	additionalProperties => 0,
	244	properties => {
9c7e0858 DM	245	group => {
	246	description => "Security group name.",
	247	type => 'string',
	248	},
	249	pos => {
	250	description => "Delete rule at position <pos>.",
	251	type => 'integer',
	252	minimum => 0,
	253	},
	254	},
	255	},
	256	returns => { type => "null" },
	257	code => sub {
	258	my ($param) = @_;
	259
fca39c2c	260	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
9c7e0858	261
c6f5cc88	262	my $rules = $cluster_conf->{groups}->{$param->{group}};
9c7e0858 DM	263	die "no such security group\n" if !defined($rules);
9c7e0858 DM	264
fca39c2c	265	my $digest = $cluster_conf->{digest};
9c7e0858 DM	266	# fixme: check digest
	267
	268	die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
	269
	270	splice(@$rules, $param->{pos}, 1);
	271
fca39c2c	272	PVE::Firewall::save_clusterfw_conf($cluster_conf);
9c7e0858 DM	273
	274	return undef;
	275	}});
	276
8f119284	277	1;