[pve-firewall.git] / src / PVE / API2 / Firewall / Host.pm

package PVE::API2::Firewall::Host;

use strict;
use warnings;

use PVE::Exception qw(raise_param_exc);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RPCEnvironment;

use PVE::Firewall;
use PVE::API2::Firewall::Rules;


use base qw(PVE::RESTHandler);

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::HostRules",  
    path => 'rules',
});

__PACKAGE__->register_method({
    name => 'index',
    path => '',
    method => 'GET',
    permissions => { user => 'all' },
    description => "Directory index.",
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $result = [
	    { name => 'rules' },
	    { name => 'options' },
	    { name => 'log' },
	    ];

	return $result;
    }});

my $option_properties = $PVE::Firewall::host_option_properties;

my $add_option_properties = sub {
    my ($properties) = @_;

    foreach my $k (keys %$option_properties) {
	$properties->{$k} = $option_properties->{$k};
    }
    
    return $properties;
};


__PACKAGE__->register_method({
    name => 'get_options',
    path => 'options',
    method => 'GET',
    description => "Get host firewall options.",
    proxyto => 'node',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => {
	type => "object",
    	#additionalProperties => 1,
	properties => $option_properties,
    },
    code => sub {
	my ($param) = @_;

	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();

	return PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
    }});

__PACKAGE__->register_method({
    name => 'set_options',
    path => 'options',
    method => 'PUT',
    description => "Set Firewall options.",
    protected => 1,
    proxyto => 'node',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    parameters => {
    	additionalProperties => 0,
	properties => &$add_option_properties({
	    node => get_standard_option('pve-node'),
	    delete => {
		type => 'string', format => 'pve-configid-list',
		description => "A list of settings you want to delete.",
		optional => 1,
	    },
	    digest => get_standard_option('pve-config-digest'),
	}),
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();

	my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
	PVE::Tools::assert_if_modified($digest, $param->{digest});

	if ($param->{delete}) {
	    foreach my $opt (PVE::Tools::split_list($param->{delete})) {
		raise_param_exc({ delete => "no such option '$opt'" }) 
		    if !$option_properties->{$opt};
		delete $hostfw_conf->{options}->{$opt};
	    }
	}

	if (defined($param->{enable})) {
	    $param->{enable} = $param->{enable} ? 1 : 0;
	}

	foreach my $k (keys %$option_properties) {
	    next if !defined($param->{$k});
	    $hostfw_conf->{options}->{$k} = $param->{$k}; 
	}

	PVE::Firewall::save_hostfw_conf($hostfw_conf);

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'log', 
    path => 'log', 
    method => 'GET',
    description => "Read firewall log",
    proxyto => 'node',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
    },
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    start => {
		type => 'integer',
		minimum => 0,
		optional => 1,
	    },
	    limit => {
		type => 'integer',
		minimum => 0,
		optional => 1,
	    },
	},
    },
    returns => {
	type => 'array',
	items => { 
	    type => "object",
	    properties => {
		n => {
		  description=>  "Line number",
		  type=> 'integer',
		},
		t => {
		  description=>  "Line text",
		  type => 'string',
		}
	    }
	}
    },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();
	my $user = $rpcenv->get_user();
	my $node = $param->{node};

	my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit});

	$rpcenv->set_result_attrib('total', $count);
	    
	return $lines; 
    }});

1;
Commit	Line	Data
8b27beb9 DM	1	package PVE::API2::Firewall::Host;
	2
	3	use strict;
	4	use warnings;
f6163c2e TL	5
f6163c2e TL	6	use PVE::Exception qw(raise_param_exc);
8b27beb9	7	use PVE::JSONSchema qw(get_standard_option);
a959126d	8	use PVE::RPCEnvironment;
8b27beb9 DM	9
8b27beb9 DM	10	use PVE::Firewall;
63c91681	11	use PVE::API2::Firewall::Rules;
8b27beb9	12
8b27beb9 DM	13
	14	use base qw(PVE::RESTHandler);
	15
63c91681 DM	16	__PACKAGE__->register_method ({
	17	subclass => "PVE::API2::Firewall::HostRules",
	18	path => 'rules',
	19	});
	20
8b27beb9 DM	21	__PACKAGE__->register_method({
	22	name => 'index',
	23	path => '',
	24	method => 'GET',
	25	permissions => { user => 'all' },
	26	description => "Directory index.",
	27	parameters => {
	28	additionalProperties => 0,
	29	properties => {
	30	node => get_standard_option('pve-node'),
	31	},
	32	},
	33	returns => {
	34	type => 'array',
	35	items => {
	36	type => "object",
	37	properties => {},
	38	},
	39	links => [ { rel => 'child', href => "{name}" } ],
	40	},
	41	code => sub {
	42	my ($param) = @_;
	43
	44	my $result = [
	45	{ name => 'rules' },
	46	{ name => 'options' },
a959126d	47	{ name => 'log' },
8b27beb9 DM	48	];
	49
	50	return $result;
	51	}});
	52
e313afe0	53	my $option_properties = $PVE::Firewall::host_option_properties;
6302c41f DM	54
	55	my $add_option_properties = sub {
	56	my ($properties) = @_;
	57
	58	foreach my $k (keys %$option_properties) {
	59	$properties->{$k} = $option_properties->{$k};
	60	}
	61
	62	return $properties;
	63	};
	64
	65
8b27beb9 DM	66	__PACKAGE__->register_method({
	67	name => 'get_options',
	68	path => 'options',
	69	method => 'GET',
	70	description => "Get host firewall options.",
	71	proxyto => 'node',
60c103df DM	72	permissions => {
	73	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
	74	},
8b27beb9 DM	75	parameters => {
	76	additionalProperties => 0,
	77	properties => {
	78	node => get_standard_option('pve-node'),
	79	},
	80	},
	81	returns => {
	82	type => "object",
6302c41f DM	83	#additionalProperties => 1,
6302c41f DM	84	properties => $option_properties,
8b27beb9 DM	85	},
	86	code => sub {
	87	my ($param) = @_;
	88
	89	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
	90
5d38d64f	91	return PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
8b27beb9 DM	92	}});
8b27beb9 DM	93
6302c41f DM	94	__PACKAGE__->register_method({
	95	name => 'set_options',
	96	path => 'options',
	97	method => 'PUT',
	98	description => "Set Firewall options.",
	99	protected => 1,
	100	proxyto => 'node',
60c103df DM	101	permissions => {
	102	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
	103	},
6302c41f DM	104	parameters => {
	105	additionalProperties => 0,
	106	properties => &$add_option_properties({
	107	node => get_standard_option('pve-node'),
	108	delete => {
	109	type => 'string', format => 'pve-configid-list',
	110	description => "A list of settings you want to delete.",
	111	optional => 1,
	112	},
	113	digest => get_standard_option('pve-config-digest'),
	114	}),
	115	},
	116	returns => { type => "null" },
	117	code => sub {
	118	my ($param) = @_;
	119
	120	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
	121
	122	my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
	123	PVE::Tools::assert_if_modified($digest, $param->{digest});
	124
	125	if ($param->{delete}) {
	126	foreach my $opt (PVE::Tools::split_list($param->{delete})) {
	127	raise_param_exc({ delete => "no such option '$opt'" })
	128	if !$option_properties->{$opt};
	129	delete $hostfw_conf->{options}->{$opt};
	130	}
	131	}
	132
	133	if (defined($param->{enable})) {
	134	$param->{enable} = $param->{enable} ? 1 : 0;
	135	}
	136
	137	foreach my $k (keys %$option_properties) {
	138	next if !defined($param->{$k});
	139	$hostfw_conf->{options}->{$k} = $param->{$k};
	140	}
	141
	142	PVE::Firewall::save_hostfw_conf($hostfw_conf);
	143
	144	return undef;
	145	}});
	146
a959126d DM	147	__PACKAGE__->register_method({
	148	name => 'log',
	149	path => 'log',
	150	method => 'GET',
	151	description => "Read firewall log",
	152	proxyto => 'node',
	153	permissions => {
	154	check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
	155	},
	156	protected => 1,
	157	parameters => {
	158	additionalProperties => 0,
	159	properties => {
	160	node => get_standard_option('pve-node'),
	161	start => {
	162	type => 'integer',
	163	minimum => 0,
	164	optional => 1,
	165	},
	166	limit => {
	167	type => 'integer',
	168	minimum => 0,
	169	optional => 1,
	170	},
	171	},
	172	},
	173	returns => {
	174	type => 'array',
	175	items => {
	176	type => "object",
	177	properties => {
	178	n => {
	179	description=> "Line number",
	180	type=> 'integer',
	181	},
	182	t => {
	183	description=> "Line text",
	184	type => 'string',
	185	}
	186	}
	187	}
	188	},
	189	code => sub {
	190	my ($param) = @_;
	191
	192	my $rpcenv = PVE::RPCEnvironment::get();
	193	my $user = $rpcenv->get_user();
	194	my $node = $param->{node};
	195
	196	my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit});
	197
	198	$rpcenv->set_result_attrib('total', $count);
	199
	200	return $lines;
	201	}});
	202
8b27beb9	203	1;