]>
Commit | Line | Data |
---|---|---|
8b27beb9 DM |
1 | package PVE::API2::Firewall::Host; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
f6163c2e TL |
5 | |
6 | use PVE::Exception qw(raise_param_exc); | |
8b27beb9 | 7 | use PVE::JSONSchema qw(get_standard_option); |
a959126d | 8 | use PVE::RPCEnvironment; |
8b27beb9 DM |
9 | |
10 | use PVE::Firewall; | |
63c91681 | 11 | use PVE::API2::Firewall::Rules; |
8b27beb9 DM |
12 | |
13 | use Data::Dumper; # fixme: remove | |
14 | ||
15 | use base qw(PVE::RESTHandler); | |
16 | ||
63c91681 DM |
17 | __PACKAGE__->register_method ({ |
18 | subclass => "PVE::API2::Firewall::HostRules", | |
19 | path => 'rules', | |
20 | }); | |
21 | ||
8b27beb9 DM |
22 | __PACKAGE__->register_method({ |
23 | name => 'index', | |
24 | path => '', | |
25 | method => 'GET', | |
26 | permissions => { user => 'all' }, | |
27 | description => "Directory index.", | |
28 | parameters => { | |
29 | additionalProperties => 0, | |
30 | properties => { | |
31 | node => get_standard_option('pve-node'), | |
32 | }, | |
33 | }, | |
34 | returns => { | |
35 | type => 'array', | |
36 | items => { | |
37 | type => "object", | |
38 | properties => {}, | |
39 | }, | |
40 | links => [ { rel => 'child', href => "{name}" } ], | |
41 | }, | |
42 | code => sub { | |
43 | my ($param) = @_; | |
44 | ||
45 | my $result = [ | |
46 | { name => 'rules' }, | |
47 | { name => 'options' }, | |
a959126d | 48 | { name => 'log' }, |
8b27beb9 DM |
49 | ]; |
50 | ||
51 | return $result; | |
52 | }}); | |
53 | ||
e313afe0 | 54 | my $option_properties = $PVE::Firewall::host_option_properties; |
6302c41f DM |
55 | |
56 | my $add_option_properties = sub { | |
57 | my ($properties) = @_; | |
58 | ||
59 | foreach my $k (keys %$option_properties) { | |
60 | $properties->{$k} = $option_properties->{$k}; | |
61 | } | |
62 | ||
63 | return $properties; | |
64 | }; | |
65 | ||
66 | ||
8b27beb9 DM |
67 | __PACKAGE__->register_method({ |
68 | name => 'get_options', | |
69 | path => 'options', | |
70 | method => 'GET', | |
71 | description => "Get host firewall options.", | |
72 | proxyto => 'node', | |
60c103df DM |
73 | permissions => { |
74 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], | |
75 | }, | |
8b27beb9 DM |
76 | parameters => { |
77 | additionalProperties => 0, | |
78 | properties => { | |
79 | node => get_standard_option('pve-node'), | |
80 | }, | |
81 | }, | |
82 | returns => { | |
83 | type => "object", | |
6302c41f DM |
84 | #additionalProperties => 1, |
85 | properties => $option_properties, | |
8b27beb9 DM |
86 | }, |
87 | code => sub { | |
88 | my ($param) = @_; | |
89 | ||
90 | my $hostfw_conf = PVE::Firewall::load_hostfw_conf(); | |
91 | ||
5d38d64f | 92 | return PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options}); |
8b27beb9 DM |
93 | }}); |
94 | ||
6302c41f DM |
95 | __PACKAGE__->register_method({ |
96 | name => 'set_options', | |
97 | path => 'options', | |
98 | method => 'PUT', | |
99 | description => "Set Firewall options.", | |
100 | protected => 1, | |
101 | proxyto => 'node', | |
60c103df DM |
102 | permissions => { |
103 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
104 | }, | |
6302c41f DM |
105 | parameters => { |
106 | additionalProperties => 0, | |
107 | properties => &$add_option_properties({ | |
108 | node => get_standard_option('pve-node'), | |
109 | delete => { | |
110 | type => 'string', format => 'pve-configid-list', | |
111 | description => "A list of settings you want to delete.", | |
112 | optional => 1, | |
113 | }, | |
114 | digest => get_standard_option('pve-config-digest'), | |
115 | }), | |
116 | }, | |
117 | returns => { type => "null" }, | |
118 | code => sub { | |
119 | my ($param) = @_; | |
120 | ||
121 | my $hostfw_conf = PVE::Firewall::load_hostfw_conf(); | |
122 | ||
123 | my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options}); | |
124 | PVE::Tools::assert_if_modified($digest, $param->{digest}); | |
125 | ||
126 | if ($param->{delete}) { | |
127 | foreach my $opt (PVE::Tools::split_list($param->{delete})) { | |
128 | raise_param_exc({ delete => "no such option '$opt'" }) | |
129 | if !$option_properties->{$opt}; | |
130 | delete $hostfw_conf->{options}->{$opt}; | |
131 | } | |
132 | } | |
133 | ||
134 | if (defined($param->{enable})) { | |
135 | $param->{enable} = $param->{enable} ? 1 : 0; | |
136 | } | |
137 | ||
138 | foreach my $k (keys %$option_properties) { | |
139 | next if !defined($param->{$k}); | |
140 | $hostfw_conf->{options}->{$k} = $param->{$k}; | |
141 | } | |
142 | ||
143 | PVE::Firewall::save_hostfw_conf($hostfw_conf); | |
144 | ||
145 | return undef; | |
146 | }}); | |
147 | ||
a959126d DM |
148 | __PACKAGE__->register_method({ |
149 | name => 'log', | |
150 | path => 'log', | |
151 | method => 'GET', | |
152 | description => "Read firewall log", | |
153 | proxyto => 'node', | |
154 | permissions => { | |
155 | check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]], | |
156 | }, | |
157 | protected => 1, | |
158 | parameters => { | |
159 | additionalProperties => 0, | |
160 | properties => { | |
161 | node => get_standard_option('pve-node'), | |
162 | start => { | |
163 | type => 'integer', | |
164 | minimum => 0, | |
165 | optional => 1, | |
166 | }, | |
167 | limit => { | |
168 | type => 'integer', | |
169 | minimum => 0, | |
170 | optional => 1, | |
171 | }, | |
172 | }, | |
173 | }, | |
174 | returns => { | |
175 | type => 'array', | |
176 | items => { | |
177 | type => "object", | |
178 | properties => { | |
179 | n => { | |
180 | description=> "Line number", | |
181 | type=> 'integer', | |
182 | }, | |
183 | t => { | |
184 | description=> "Line text", | |
185 | type => 'string', | |
186 | } | |
187 | } | |
188 | } | |
189 | }, | |
190 | code => sub { | |
191 | my ($param) = @_; | |
192 | ||
193 | my $rpcenv = PVE::RPCEnvironment::get(); | |
194 | my $user = $rpcenv->get_user(); | |
195 | my $node = $param->{node}; | |
196 | ||
197 | my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit}); | |
198 | ||
199 | $rpcenv->set_result_attrib('total', $count); | |
200 | ||
201 | return $lines; | |
202 | }}); | |
203 | ||
8b27beb9 | 204 | 1; |