]>
Commit | Line | Data |
---|---|---|
8f119284 DM |
1 | package PVE::API2::Firewall::Groups; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use PVE::JSONSchema qw(get_standard_option); | |
6 | ||
7 | use PVE::Firewall; | |
8 | ||
9 | ||
10 | use Data::Dumper; # fixme: remove | |
11 | ||
12 | use base qw(PVE::RESTHandler); | |
13 | ||
14 | __PACKAGE__->register_method({ | |
15 | name => 'list', | |
16 | path => '', | |
17 | method => 'GET', | |
18 | description => "List security groups.", | |
8f119284 DM |
19 | parameters => { |
20 | additionalProperties => 0, | |
8f119284 DM |
21 | }, |
22 | returns => { | |
23 | type => 'array', | |
24 | items => { | |
25 | type => "object", | |
d1c53b3e DM |
26 | properties => { |
27 | name => { | |
28 | description => "Security group name.", | |
29 | type => 'string', | |
30 | }, | |
31 | }, | |
8f119284 DM |
32 | }, |
33 | links => [ { rel => 'child', href => "{name}" } ], | |
34 | }, | |
35 | code => sub { | |
36 | my ($param) = @_; | |
37 | ||
fca39c2c | 38 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); |
8f119284 DM |
39 | |
40 | my $res = []; | |
c6f5cc88 DM |
41 | foreach my $group (keys %{$cluster_conf->{groups}}) { |
42 | push @$res, { name => $group, count => scalar(@{$cluster_conf->{groups}->{$group}}) }; | |
d1c53b3e DM |
43 | } |
44 | ||
45 | return $res; | |
46 | }}); | |
47 | ||
48 | __PACKAGE__->register_method({ | |
49 | name => 'get_rules', | |
50 | path => '{group}', | |
51 | method => 'GET', | |
52 | description => "List security groups rules.", | |
d1c53b3e DM |
53 | parameters => { |
54 | additionalProperties => 0, | |
55 | properties => { | |
d1c53b3e DM |
56 | group => { |
57 | description => "Security group name.", | |
58 | type => 'string', | |
59 | }, | |
60 | }, | |
61 | }, | |
62 | returns => { | |
63 | type => 'array', | |
64 | items => { | |
65 | type => "object", | |
9c7e0858 DM |
66 | properties => { |
67 | pos => { | |
68 | type => 'integer', | |
69 | } | |
70 | }, | |
d1c53b3e | 71 | }, |
9c7e0858 | 72 | links => [ { rel => 'child', href => "{pos}" } ], |
d1c53b3e DM |
73 | }, |
74 | code => sub { | |
75 | my ($param) = @_; | |
76 | ||
fca39c2c | 77 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); |
d1c53b3e | 78 | |
c6f5cc88 | 79 | my $rules = $cluster_conf->{groups}->{$param->{group}}; |
d1c53b3e DM |
80 | die "no such security group\n" if !defined($rules); |
81 | ||
fca39c2c | 82 | my $digest = $cluster_conf->{digest}; |
d1c53b3e DM |
83 | |
84 | my $res = []; | |
85 | ||
86 | my $ind = 0; | |
87 | foreach my $rule (@$rules) { | |
88 | push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++); | |
8f119284 DM |
89 | } |
90 | ||
91 | return $res; | |
92 | }}); | |
93 | ||
9c7e0858 DM |
94 | __PACKAGE__->register_method({ |
95 | name => 'get_rule', | |
96 | path => '{group}/{pos}', | |
97 | method => 'GET', | |
98 | description => "Get single rule data.", | |
9c7e0858 DM |
99 | parameters => { |
100 | additionalProperties => 0, | |
101 | properties => { | |
9c7e0858 DM |
102 | group => { |
103 | description => "Security group name.", | |
104 | type => 'string', | |
105 | }, | |
106 | pos => { | |
107 | description => "Return rule from position <pos>.", | |
108 | type => 'integer', | |
109 | minimum => 0, | |
110 | }, | |
111 | }, | |
112 | }, | |
113 | returns => { | |
114 | type => "object", | |
115 | properties => { | |
116 | pos => { | |
117 | type => 'integer', | |
118 | } | |
119 | }, | |
120 | }, | |
121 | code => sub { | |
122 | my ($param) = @_; | |
123 | ||
fca39c2c | 124 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); |
9c7e0858 | 125 | |
c6f5cc88 | 126 | my $rules = $cluster_conf->{groups}->{$param->{group}}; |
9c7e0858 DM |
127 | die "no such security group\n" if !defined($rules); |
128 | ||
fca39c2c | 129 | my $digest = $cluster_conf->{digest}; |
9c7e0858 DM |
130 | # fixme: check digest |
131 | ||
132 | die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules); | |
133 | ||
134 | my $rule = $rules->[$param->{pos}]; | |
135 | ||
136 | return PVE::Firewall::cleanup_fw_rule($rule, $digest, $param->{pos}); | |
137 | }}); | |
138 | ||
139 | ||
140 | __PACKAGE__->register_method({ | |
141 | name => 'create_rule', | |
142 | path => '{group}', | |
143 | method => 'POST', | |
144 | description => "Create new rule.", | |
9c7e0858 DM |
145 | protected => 1, |
146 | parameters => { | |
147 | additionalProperties => 0, | |
148 | properties => PVE::Firewall::add_rule_properties({ | |
9c7e0858 DM |
149 | group => { |
150 | description => "Security group name.", | |
151 | type => 'string', | |
152 | }, | |
153 | }), | |
154 | }, | |
155 | returns => { type => "null" }, | |
156 | code => sub { | |
157 | my ($param) = @_; | |
158 | ||
fca39c2c | 159 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); |
9c7e0858 | 160 | |
c6f5cc88 | 161 | my $rules = $cluster_conf->{groups}->{$param->{group}}; |
9c7e0858 DM |
162 | die "no such security group\n" if !defined($rules); |
163 | ||
fca39c2c | 164 | my $digest = $cluster_conf->{digest}; |
9c7e0858 DM |
165 | |
166 | my $rule = { type => 'out', action => 'ACCEPT', enable => 0}; | |
167 | ||
168 | PVE::Firewall::copy_rule_data($rule, $param); | |
169 | ||
170 | unshift @$rules, $rule; | |
171 | ||
fca39c2c | 172 | PVE::Firewall::save_clusterfw_conf($cluster_conf); |
9c7e0858 DM |
173 | |
174 | return undef; | |
175 | }}); | |
176 | ||
177 | __PACKAGE__->register_method({ | |
178 | name => 'update_rule', | |
179 | path => '{group}/{pos}', | |
180 | method => 'PUT', | |
181 | description => "Modify rule data.", | |
9c7e0858 DM |
182 | protected => 1, |
183 | parameters => { | |
184 | additionalProperties => 0, | |
185 | properties => PVE::Firewall::add_rule_properties({ | |
9c7e0858 DM |
186 | group => { |
187 | description => "Security group name.", | |
188 | type => 'string', | |
189 | }, | |
190 | moveto => { | |
236f55b9 | 191 | description => "Move rule to new position <moveto>. Other arguments are ignored.", |
9c7e0858 DM |
192 | type => 'integer', |
193 | minimum => 0, | |
194 | optional => 1, | |
195 | }, | |
196 | }), | |
197 | }, | |
198 | returns => { type => "null" }, | |
199 | code => sub { | |
200 | my ($param) = @_; | |
201 | ||
fca39c2c | 202 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); |
9c7e0858 | 203 | |
c6f5cc88 | 204 | my $rules = $cluster_conf->{groups}->{$param->{group}}; |
9c7e0858 DM |
205 | die "no such security group\n" if !defined($rules); |
206 | ||
fca39c2c | 207 | my $digest = $cluster_conf->{digest}; |
9c7e0858 DM |
208 | # fixme: check digest |
209 | ||
210 | die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules); | |
211 | ||
212 | my $rule = $rules->[$param->{pos}]; | |
213 | ||
9c7e0858 DM |
214 | my $moveto = $param->{moveto}; |
215 | if (defined($moveto) && $moveto != $param->{pos}) { | |
216 | my $newrules = []; | |
217 | for (my $i = 0; $i < scalar(@$rules); $i++) { | |
218 | next if $i == $param->{pos}; | |
219 | if ($i == $moveto) { | |
220 | push @$newrules, $rule; | |
221 | } | |
222 | push @$newrules, $rules->[$i]; | |
223 | } | |
224 | push @$newrules, $rule if $moveto >= scalar(@$rules); | |
225 | ||
c6f5cc88 | 226 | $cluster_conf->{groups}->{$param->{group}} = $newrules; |
236f55b9 DM |
227 | } else { |
228 | PVE::Firewall::copy_rule_data($rule, $param); | |
229 | } | |
9c7e0858 | 230 | |
fca39c2c | 231 | PVE::Firewall::save_clusterfw_conf($cluster_conf); |
9c7e0858 DM |
232 | |
233 | return undef; | |
234 | }}); | |
235 | ||
236 | __PACKAGE__->register_method({ | |
237 | name => 'delete_rule', | |
238 | path => '{group}/{pos}', | |
239 | method => 'DELETE', | |
240 | description => "Delete rule.", | |
9c7e0858 DM |
241 | protected => 1, |
242 | parameters => { | |
243 | additionalProperties => 0, | |
244 | properties => { | |
9c7e0858 DM |
245 | group => { |
246 | description => "Security group name.", | |
247 | type => 'string', | |
248 | }, | |
249 | pos => { | |
250 | description => "Delete rule at position <pos>.", | |
251 | type => 'integer', | |
252 | minimum => 0, | |
253 | }, | |
254 | }, | |
255 | }, | |
256 | returns => { type => "null" }, | |
257 | code => sub { | |
258 | my ($param) = @_; | |
259 | ||
fca39c2c | 260 | my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); |
9c7e0858 | 261 | |
c6f5cc88 | 262 | my $rules = $cluster_conf->{groups}->{$param->{group}}; |
9c7e0858 DM |
263 | die "no such security group\n" if !defined($rules); |
264 | ||
fca39c2c | 265 | my $digest = $cluster_conf->{digest}; |
9c7e0858 DM |
266 | # fixme: check digest |
267 | ||
268 | die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules); | |
269 | ||
270 | splice(@$rules, $param->{pos}, 1); | |
271 | ||
fca39c2c | 272 | PVE::Firewall::save_clusterfw_conf($cluster_conf); |
9c7e0858 DM |
273 | |
274 | return undef; | |
275 | }}); | |
276 | ||
8f119284 | 277 | 1; |