]>
Commit | Line | Data |
---|---|---|
8b27beb9 DM |
1 | package PVE::API2::Firewall::Host; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
f6163c2e TL |
5 | |
6 | use PVE::Exception qw(raise_param_exc); | |
8b27beb9 | 7 | use PVE::JSONSchema qw(get_standard_option); |
a959126d | 8 | use PVE::RPCEnvironment; |
8b27beb9 DM |
9 | |
10 | use PVE::Firewall; | |
63c91681 | 11 | use PVE::API2::Firewall::Rules; |
8b27beb9 | 12 | |
8b27beb9 DM |
13 | |
14 | use base qw(PVE::RESTHandler); | |
15 | ||
63c91681 DM |
16 | __PACKAGE__->register_method ({ |
17 | subclass => "PVE::API2::Firewall::HostRules", | |
18 | path => 'rules', | |
19 | }); | |
20 | ||
8b27beb9 DM |
21 | __PACKAGE__->register_method({ |
22 | name => 'index', | |
23 | path => '', | |
24 | method => 'GET', | |
25 | permissions => { user => 'all' }, | |
26 | description => "Directory index.", | |
27 | parameters => { | |
28 | additionalProperties => 0, | |
29 | properties => { | |
30 | node => get_standard_option('pve-node'), | |
31 | }, | |
32 | }, | |
33 | returns => { | |
34 | type => 'array', | |
35 | items => { | |
36 | type => "object", | |
37 | properties => {}, | |
38 | }, | |
39 | links => [ { rel => 'child', href => "{name}" } ], | |
40 | }, | |
41 | code => sub { | |
42 | my ($param) = @_; | |
43 | ||
44 | my $result = [ | |
45 | { name => 'rules' }, | |
46 | { name => 'options' }, | |
a959126d | 47 | { name => 'log' }, |
8b27beb9 DM |
48 | ]; |
49 | ||
50 | return $result; | |
51 | }}); | |
52 | ||
e313afe0 | 53 | my $option_properties = $PVE::Firewall::host_option_properties; |
6302c41f DM |
54 | |
55 | my $add_option_properties = sub { | |
56 | my ($properties) = @_; | |
57 | ||
58 | foreach my $k (keys %$option_properties) { | |
59 | $properties->{$k} = $option_properties->{$k}; | |
60 | } | |
61 | ||
62 | return $properties; | |
63 | }; | |
64 | ||
65 | ||
8b27beb9 DM |
66 | __PACKAGE__->register_method({ |
67 | name => 'get_options', | |
68 | path => 'options', | |
69 | method => 'GET', | |
70 | description => "Get host firewall options.", | |
71 | proxyto => 'node', | |
60c103df DM |
72 | permissions => { |
73 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], | |
74 | }, | |
8b27beb9 DM |
75 | parameters => { |
76 | additionalProperties => 0, | |
77 | properties => { | |
78 | node => get_standard_option('pve-node'), | |
79 | }, | |
80 | }, | |
81 | returns => { | |
82 | type => "object", | |
6302c41f DM |
83 | #additionalProperties => 1, |
84 | properties => $option_properties, | |
8b27beb9 DM |
85 | }, |
86 | code => sub { | |
87 | my ($param) = @_; | |
88 | ||
89 | my $hostfw_conf = PVE::Firewall::load_hostfw_conf(); | |
90 | ||
5d38d64f | 91 | return PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options}); |
8b27beb9 DM |
92 | }}); |
93 | ||
6302c41f DM |
94 | __PACKAGE__->register_method({ |
95 | name => 'set_options', | |
96 | path => 'options', | |
97 | method => 'PUT', | |
98 | description => "Set Firewall options.", | |
99 | protected => 1, | |
100 | proxyto => 'node', | |
60c103df DM |
101 | permissions => { |
102 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
103 | }, | |
6302c41f DM |
104 | parameters => { |
105 | additionalProperties => 0, | |
106 | properties => &$add_option_properties({ | |
107 | node => get_standard_option('pve-node'), | |
108 | delete => { | |
109 | type => 'string', format => 'pve-configid-list', | |
110 | description => "A list of settings you want to delete.", | |
111 | optional => 1, | |
112 | }, | |
113 | digest => get_standard_option('pve-config-digest'), | |
114 | }), | |
115 | }, | |
116 | returns => { type => "null" }, | |
117 | code => sub { | |
118 | my ($param) = @_; | |
119 | ||
120 | my $hostfw_conf = PVE::Firewall::load_hostfw_conf(); | |
121 | ||
122 | my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options}); | |
123 | PVE::Tools::assert_if_modified($digest, $param->{digest}); | |
124 | ||
125 | if ($param->{delete}) { | |
126 | foreach my $opt (PVE::Tools::split_list($param->{delete})) { | |
127 | raise_param_exc({ delete => "no such option '$opt'" }) | |
128 | if !$option_properties->{$opt}; | |
129 | delete $hostfw_conf->{options}->{$opt}; | |
130 | } | |
131 | } | |
132 | ||
133 | if (defined($param->{enable})) { | |
134 | $param->{enable} = $param->{enable} ? 1 : 0; | |
135 | } | |
136 | ||
137 | foreach my $k (keys %$option_properties) { | |
138 | next if !defined($param->{$k}); | |
139 | $hostfw_conf->{options}->{$k} = $param->{$k}; | |
140 | } | |
141 | ||
142 | PVE::Firewall::save_hostfw_conf($hostfw_conf); | |
143 | ||
144 | return undef; | |
145 | }}); | |
146 | ||
a959126d DM |
147 | __PACKAGE__->register_method({ |
148 | name => 'log', | |
149 | path => 'log', | |
150 | method => 'GET', | |
151 | description => "Read firewall log", | |
152 | proxyto => 'node', | |
153 | permissions => { | |
154 | check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]], | |
155 | }, | |
156 | protected => 1, | |
157 | parameters => { | |
158 | additionalProperties => 0, | |
159 | properties => { | |
160 | node => get_standard_option('pve-node'), | |
161 | start => { | |
162 | type => 'integer', | |
163 | minimum => 0, | |
164 | optional => 1, | |
165 | }, | |
166 | limit => { | |
167 | type => 'integer', | |
168 | minimum => 0, | |
169 | optional => 1, | |
170 | }, | |
171 | }, | |
172 | }, | |
173 | returns => { | |
174 | type => 'array', | |
175 | items => { | |
176 | type => "object", | |
177 | properties => { | |
178 | n => { | |
179 | description=> "Line number", | |
180 | type=> 'integer', | |
181 | }, | |
182 | t => { | |
183 | description=> "Line text", | |
184 | type => 'string', | |
185 | } | |
186 | } | |
187 | } | |
188 | }, | |
189 | code => sub { | |
190 | my ($param) = @_; | |
191 | ||
192 | my $rpcenv = PVE::RPCEnvironment::get(); | |
193 | my $user = $rpcenv->get_user(); | |
194 | my $node = $param->{node}; | |
195 | ||
196 | my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit}); | |
197 | ||
198 | $rpcenv->set_result_attrib('total', $count); | |
199 | ||
200 | return $lines; | |
201 | }}); | |
202 | ||
8b27beb9 | 203 | 1; |