]>
Commit | Line | Data |
---|---|---|
8b27beb9 DM |
1 | package PVE::API2::Firewall::Host; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use PVE::JSONSchema qw(get_standard_option); | |
a959126d | 6 | use PVE::RPCEnvironment; |
8b27beb9 DM |
7 | |
8 | use PVE::Firewall; | |
63c91681 | 9 | use PVE::API2::Firewall::Rules; |
8b27beb9 DM |
10 | |
11 | use Data::Dumper; # fixme: remove | |
12 | ||
13 | use base qw(PVE::RESTHandler); | |
14 | ||
63c91681 DM |
15 | __PACKAGE__->register_method ({ |
16 | subclass => "PVE::API2::Firewall::HostRules", | |
17 | path => 'rules', | |
18 | }); | |
19 | ||
8b27beb9 DM |
20 | __PACKAGE__->register_method({ |
21 | name => 'index', | |
22 | path => '', | |
23 | method => 'GET', | |
24 | permissions => { user => 'all' }, | |
25 | description => "Directory index.", | |
26 | parameters => { | |
27 | additionalProperties => 0, | |
28 | properties => { | |
29 | node => get_standard_option('pve-node'), | |
30 | }, | |
31 | }, | |
32 | returns => { | |
33 | type => 'array', | |
34 | items => { | |
35 | type => "object", | |
36 | properties => {}, | |
37 | }, | |
38 | links => [ { rel => 'child', href => "{name}" } ], | |
39 | }, | |
40 | code => sub { | |
41 | my ($param) = @_; | |
42 | ||
43 | my $result = [ | |
44 | { name => 'rules' }, | |
45 | { name => 'options' }, | |
a959126d | 46 | { name => 'log' }, |
8b27beb9 DM |
47 | ]; |
48 | ||
49 | return $result; | |
50 | }}); | |
51 | ||
e313afe0 | 52 | my $option_properties = $PVE::Firewall::host_option_properties; |
6302c41f DM |
53 | |
54 | my $add_option_properties = sub { | |
55 | my ($properties) = @_; | |
56 | ||
57 | foreach my $k (keys %$option_properties) { | |
58 | $properties->{$k} = $option_properties->{$k}; | |
59 | } | |
60 | ||
61 | return $properties; | |
62 | }; | |
63 | ||
64 | ||
8b27beb9 DM |
65 | __PACKAGE__->register_method({ |
66 | name => 'get_options', | |
67 | path => 'options', | |
68 | method => 'GET', | |
69 | description => "Get host firewall options.", | |
70 | proxyto => 'node', | |
60c103df DM |
71 | permissions => { |
72 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], | |
73 | }, | |
8b27beb9 DM |
74 | parameters => { |
75 | additionalProperties => 0, | |
76 | properties => { | |
77 | node => get_standard_option('pve-node'), | |
78 | }, | |
79 | }, | |
80 | returns => { | |
81 | type => "object", | |
6302c41f DM |
82 | #additionalProperties => 1, |
83 | properties => $option_properties, | |
8b27beb9 DM |
84 | }, |
85 | code => sub { | |
86 | my ($param) = @_; | |
87 | ||
88 | my $hostfw_conf = PVE::Firewall::load_hostfw_conf(); | |
89 | ||
5d38d64f | 90 | return PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options}); |
8b27beb9 DM |
91 | }}); |
92 | ||
6302c41f DM |
93 | __PACKAGE__->register_method({ |
94 | name => 'set_options', | |
95 | path => 'options', | |
96 | method => 'PUT', | |
97 | description => "Set Firewall options.", | |
98 | protected => 1, | |
99 | proxyto => 'node', | |
60c103df DM |
100 | permissions => { |
101 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
102 | }, | |
6302c41f DM |
103 | parameters => { |
104 | additionalProperties => 0, | |
105 | properties => &$add_option_properties({ | |
106 | node => get_standard_option('pve-node'), | |
107 | delete => { | |
108 | type => 'string', format => 'pve-configid-list', | |
109 | description => "A list of settings you want to delete.", | |
110 | optional => 1, | |
111 | }, | |
112 | digest => get_standard_option('pve-config-digest'), | |
113 | }), | |
114 | }, | |
115 | returns => { type => "null" }, | |
116 | code => sub { | |
117 | my ($param) = @_; | |
118 | ||
119 | my $hostfw_conf = PVE::Firewall::load_hostfw_conf(); | |
120 | ||
121 | my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options}); | |
122 | PVE::Tools::assert_if_modified($digest, $param->{digest}); | |
123 | ||
124 | if ($param->{delete}) { | |
125 | foreach my $opt (PVE::Tools::split_list($param->{delete})) { | |
126 | raise_param_exc({ delete => "no such option '$opt'" }) | |
127 | if !$option_properties->{$opt}; | |
128 | delete $hostfw_conf->{options}->{$opt}; | |
129 | } | |
130 | } | |
131 | ||
132 | if (defined($param->{enable})) { | |
133 | $param->{enable} = $param->{enable} ? 1 : 0; | |
134 | } | |
135 | ||
136 | foreach my $k (keys %$option_properties) { | |
137 | next if !defined($param->{$k}); | |
138 | $hostfw_conf->{options}->{$k} = $param->{$k}; | |
139 | } | |
140 | ||
141 | PVE::Firewall::save_hostfw_conf($hostfw_conf); | |
142 | ||
143 | return undef; | |
144 | }}); | |
145 | ||
a959126d DM |
146 | __PACKAGE__->register_method({ |
147 | name => 'log', | |
148 | path => 'log', | |
149 | method => 'GET', | |
150 | description => "Read firewall log", | |
151 | proxyto => 'node', | |
152 | permissions => { | |
153 | check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]], | |
154 | }, | |
155 | protected => 1, | |
156 | parameters => { | |
157 | additionalProperties => 0, | |
158 | properties => { | |
159 | node => get_standard_option('pve-node'), | |
160 | start => { | |
161 | type => 'integer', | |
162 | minimum => 0, | |
163 | optional => 1, | |
164 | }, | |
165 | limit => { | |
166 | type => 'integer', | |
167 | minimum => 0, | |
168 | optional => 1, | |
169 | }, | |
170 | }, | |
171 | }, | |
172 | returns => { | |
173 | type => 'array', | |
174 | items => { | |
175 | type => "object", | |
176 | properties => { | |
177 | n => { | |
178 | description=> "Line number", | |
179 | type=> 'integer', | |
180 | }, | |
181 | t => { | |
182 | description=> "Line text", | |
183 | type => 'string', | |
184 | } | |
185 | } | |
186 | } | |
187 | }, | |
188 | code => sub { | |
189 | my ($param) = @_; | |
190 | ||
191 | my $rpcenv = PVE::RPCEnvironment::get(); | |
192 | my $user = $rpcenv->get_user(); | |
193 | my $node = $param->{node}; | |
194 | ||
195 | my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit}); | |
196 | ||
197 | $rpcenv->set_result_attrib('total', $count); | |
198 | ||
199 | return $lines; | |
200 | }}); | |
201 | ||
8b27beb9 | 202 | 1; |