[pve-firewall.git] / src / PVE / API2 / Firewall / Host.pm

package PVE::API2::Firewall::Host;

use strict;
use warnings;

use PVE::Exception qw(raise_param_exc);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RPCEnvironment;

use PVE::Firewall;
use PVE::API2::Firewall::Rules;

use Data::Dumper; # fixme: remove

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::HostRules",  
    path => 'rules',
});

__PACKAGE__->register_method({
    name => 'index',
    path => '',
    method => 'GET',
    permissions => { user => 'all' },
    description => "Directory index.",
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $result = [
	    { name => 'rules' },
	    { name => 'options' },
	    { name => 'log' },
	    ];

	return $result;
    }});

my $option_properties = $PVE::Firewall::host_option_properties;

my $add_option_properties = sub {
    my ($properties) = @_;

    foreach my $k (keys %$option_properties) {
	$properties->{$k} = $option_properties->{$k};
    }
    
    return $properties;
};


__PACKAGE__->register_method({
    name => 'get_options',
    path => 'options',
    method => 'GET',
    description => "Get host firewall options.",
    proxyto => 'node',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => {
	type => "object",
    	#additionalProperties => 1,
	properties => $option_properties,
    },
    code => sub {
	my ($param) = @_;

	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();

	return PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
    }});

__PACKAGE__->register_method({
    name => 'set_options',
    path => 'options',
    method => 'PUT',
    description => "Set Firewall options.",
    protected => 1,
    proxyto => 'node',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    parameters => {
    	additionalProperties => 0,
	properties => &$add_option_properties({
	    node => get_standard_option('pve-node'),
	    delete => {
		type => 'string', format => 'pve-configid-list',
		description => "A list of settings you want to delete.",
		optional => 1,
	    },
	    digest => get_standard_option('pve-config-digest'),
	}),
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();

	my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
	PVE::Tools::assert_if_modified($digest, $param->{digest});

	if ($param->{delete}) {
	    foreach my $opt (PVE::Tools::split_list($param->{delete})) {
		raise_param_exc({ delete => "no such option '$opt'" }) 
		    if !$option_properties->{$opt};
		delete $hostfw_conf->{options}->{$opt};
	    }
	}

	if (defined($param->{enable})) {
	    $param->{enable} = $param->{enable} ? 1 : 0;
	}

	foreach my $k (keys %$option_properties) {
	    next if !defined($param->{$k});
	    $hostfw_conf->{options}->{$k} = $param->{$k}; 
	}

	PVE::Firewall::save_hostfw_conf($hostfw_conf);

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'log', 
    path => 'log', 
    method => 'GET',
    description => "Read firewall log",
    proxyto => 'node',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
    },
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    start => {
		type => 'integer',
		minimum => 0,
		optional => 1,
	    },
	    limit => {
		type => 'integer',
		minimum => 0,
		optional => 1,
	    },
	},
    },
    returns => {
	type => 'array',
	items => { 
	    type => "object",
	    properties => {
		n => {
		  description=>  "Line number",
		  type=> 'integer',
		},
		t => {
		  description=>  "Line text",
		  type => 'string',
		}
	    }
	}
    },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();
	my $user = $rpcenv->get_user();
	my $node = $param->{node};

	my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit});

	$rpcenv->set_result_attrib('total', $count);
	    
	return $lines; 
    }});

1;
Commit	Line	Data
8b27beb9 DM	1	package PVE::API2::Firewall::Host;
	2
	3	use strict;
	4	use warnings;
f6163c2e TL	5
f6163c2e TL	6	use PVE::Exception qw(raise_param_exc);
8b27beb9	7	use PVE::JSONSchema qw(get_standard_option);
a959126d	8	use PVE::RPCEnvironment;
8b27beb9 DM	9
8b27beb9 DM	10	use PVE::Firewall;
63c91681	11	use PVE::API2::Firewall::Rules;
8b27beb9 DM	12
	13	use Data::Dumper; # fixme: remove
	14
	15	use base qw(PVE::RESTHandler);
	16
63c91681 DM	17	__PACKAGE__->register_method ({
	18	subclass => "PVE::API2::Firewall::HostRules",
	19	path => 'rules',
	20	});
	21
8b27beb9 DM	22	__PACKAGE__->register_method({
	23	name => 'index',
	24	path => '',
	25	method => 'GET',
	26	permissions => { user => 'all' },
	27	description => "Directory index.",
	28	parameters => {
	29	additionalProperties => 0,
	30	properties => {
	31	node => get_standard_option('pve-node'),
	32	},
	33	},
	34	returns => {
	35	type => 'array',
	36	items => {
	37	type => "object",
	38	properties => {},
	39	},
	40	links => [ { rel => 'child', href => "{name}" } ],
	41	},
	42	code => sub {
	43	my ($param) = @_;
	44
	45	my $result = [
	46	{ name => 'rules' },
	47	{ name => 'options' },
a959126d	48	{ name => 'log' },
8b27beb9 DM	49	];
	50
	51	return $result;
	52	}});
	53
e313afe0	54	my $option_properties = $PVE::Firewall::host_option_properties;
6302c41f DM	55
	56	my $add_option_properties = sub {
	57	my ($properties) = @_;
	58
	59	foreach my $k (keys %$option_properties) {
	60	$properties->{$k} = $option_properties->{$k};
	61	}
	62
	63	return $properties;
	64	};
	65
	66
8b27beb9 DM	67	__PACKAGE__->register_method({
	68	name => 'get_options',
	69	path => 'options',
	70	method => 'GET',
	71	description => "Get host firewall options.",
	72	proxyto => 'node',
60c103df DM	73	permissions => {
	74	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
	75	},
8b27beb9 DM	76	parameters => {
	77	additionalProperties => 0,
	78	properties => {
	79	node => get_standard_option('pve-node'),
	80	},
	81	},
	82	returns => {
	83	type => "object",
6302c41f DM	84	#additionalProperties => 1,
6302c41f DM	85	properties => $option_properties,
8b27beb9 DM	86	},
	87	code => sub {
	88	my ($param) = @_;
	89
	90	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
	91
5d38d64f	92	return PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
8b27beb9 DM	93	}});
8b27beb9 DM	94
6302c41f DM	95	__PACKAGE__->register_method({
	96	name => 'set_options',
	97	path => 'options',
	98	method => 'PUT',
	99	description => "Set Firewall options.",
	100	protected => 1,
	101	proxyto => 'node',
60c103df DM	102	permissions => {
	103	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
	104	},
6302c41f DM	105	parameters => {
	106	additionalProperties => 0,
	107	properties => &$add_option_properties({
	108	node => get_standard_option('pve-node'),
	109	delete => {
	110	type => 'string', format => 'pve-configid-list',
	111	description => "A list of settings you want to delete.",
	112	optional => 1,
	113	},
	114	digest => get_standard_option('pve-config-digest'),
	115	}),
	116	},
	117	returns => { type => "null" },
	118	code => sub {
	119	my ($param) = @_;
	120
	121	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
	122
	123	my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
	124	PVE::Tools::assert_if_modified($digest, $param->{digest});
	125
	126	if ($param->{delete}) {
	127	foreach my $opt (PVE::Tools::split_list($param->{delete})) {
	128	raise_param_exc({ delete => "no such option '$opt'" })
	129	if !$option_properties->{$opt};
	130	delete $hostfw_conf->{options}->{$opt};
	131	}
	132	}
	133
	134	if (defined($param->{enable})) {
	135	$param->{enable} = $param->{enable} ? 1 : 0;
	136	}
	137
	138	foreach my $k (keys %$option_properties) {
	139	next if !defined($param->{$k});
	140	$hostfw_conf->{options}->{$k} = $param->{$k};
	141	}
	142
	143	PVE::Firewall::save_hostfw_conf($hostfw_conf);
	144
	145	return undef;
	146	}});
	147
a959126d DM	148	__PACKAGE__->register_method({
	149	name => 'log',
	150	path => 'log',
	151	method => 'GET',
	152	description => "Read firewall log",
	153	proxyto => 'node',
	154	permissions => {
	155	check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
	156	},
	157	protected => 1,
	158	parameters => {
	159	additionalProperties => 0,
	160	properties => {
	161	node => get_standard_option('pve-node'),
	162	start => {
	163	type => 'integer',
	164	minimum => 0,
	165	optional => 1,
	166	},
	167	limit => {
	168	type => 'integer',
	169	minimum => 0,
	170	optional => 1,
	171	},
	172	},
	173	},
	174	returns => {
	175	type => 'array',
	176	items => {
	177	type => "object",
	178	properties => {
	179	n => {
	180	description=> "Line number",
	181	type=> 'integer',
	182	},
	183	t => {
	184	description=> "Line text",
	185	type => 'string',
	186	}
	187	}
	188	}
	189	},
	190	code => sub {
	191	my ($param) = @_;
	192
	193	my $rpcenv = PVE::RPCEnvironment::get();
	194	my $user = $rpcenv->get_user();
	195	my $node = $param->{node};
	196
	197	my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit});
	198
	199	$rpcenv->set_result_attrib('total', $count);
	200
	201	return $lines;
	202	}});
	203
8b27beb9	204	1;