[pve-firewall.git] / src / PVE / API2 / Firewall / Host.pm

package PVE::API2::Firewall::Host;

use strict;
use warnings;
use PVE::JSONSchema qw(get_standard_option);
use PVE::RPCEnvironment;

use PVE::Firewall;
use PVE::API2::Firewall::Rules;

use Data::Dumper; # fixme: remove

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method ({
    subclass => "PVE::API2::Firewall::HostRules",  
    path => 'rules',
});

__PACKAGE__->register_method({
    name => 'index',
    path => '',
    method => 'GET',
    permissions => { user => 'all' },
    description => "Directory index.",
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $result = [
	    { name => 'rules' },
	    { name => 'options' },
	    { name => 'log' },
	    ];

	return $result;
    }});

my $option_properties = $PVE::Firewall::host_option_properties;

my $add_option_properties = sub {
    my ($properties) = @_;

    foreach my $k (keys %$option_properties) {
	$properties->{$k} = $option_properties->{$k};
    }
    
    return $properties;
};


__PACKAGE__->register_method({
    name => 'get_options',
    path => 'options',
    method => 'GET',
    description => "Get host firewall options.",
    proxyto => 'node',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => {
	type => "object",
    	#additionalProperties => 1,
	properties => $option_properties,
    },
    code => sub {
	my ($param) = @_;

	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();

	return PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
    }});

__PACKAGE__->register_method({
    name => 'set_options',
    path => 'options',
    method => 'PUT',
    description => "Set Firewall options.",
    protected => 1,
    proxyto => 'node',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    parameters => {
    	additionalProperties => 0,
	properties => &$add_option_properties({
	    node => get_standard_option('pve-node'),
	    delete => {
		type => 'string', format => 'pve-configid-list',
		description => "A list of settings you want to delete.",
		optional => 1,
	    },
	    digest => get_standard_option('pve-config-digest'),
	}),
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();

	my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
	PVE::Tools::assert_if_modified($digest, $param->{digest});

	if ($param->{delete}) {
	    foreach my $opt (PVE::Tools::split_list($param->{delete})) {
		raise_param_exc({ delete => "no such option '$opt'" }) 
		    if !$option_properties->{$opt};
		delete $hostfw_conf->{options}->{$opt};
	    }
	}

	if (defined($param->{enable})) {
	    $param->{enable} = $param->{enable} ? 1 : 0;
	}

	foreach my $k (keys %$option_properties) {
	    next if !defined($param->{$k});
	    $hostfw_conf->{options}->{$k} = $param->{$k}; 
	}

	PVE::Firewall::save_hostfw_conf($hostfw_conf);

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'log', 
    path => 'log', 
    method => 'GET',
    description => "Read firewall log",
    proxyto => 'node',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
    },
    protected => 1,
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    start => {
		type => 'integer',
		minimum => 0,
		optional => 1,
	    },
	    limit => {
		type => 'integer',
		minimum => 0,
		optional => 1,
	    },
	},
    },
    returns => {
	type => 'array',
	items => { 
	    type => "object",
	    properties => {
		n => {
		  description=>  "Line number",
		  type=> 'integer',
		},
		t => {
		  description=>  "Line text",
		  type => 'string',
		}
	    }
	}
    },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();
	my $user = $rpcenv->get_user();
	my $node = $param->{node};

	my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit});

	$rpcenv->set_result_attrib('total', $count);
	    
	return $lines; 
    }});

1;
Commit	Line	Data
8b27beb9 DM	1	package PVE::API2::Firewall::Host;
	2
	3	use strict;
	4	use warnings;
	5	use PVE::JSONSchema qw(get_standard_option);
a959126d	6	use PVE::RPCEnvironment;
8b27beb9 DM	7
8b27beb9 DM	8	use PVE::Firewall;
63c91681	9	use PVE::API2::Firewall::Rules;
8b27beb9 DM	10
	11	use Data::Dumper; # fixme: remove
	12
	13	use base qw(PVE::RESTHandler);
	14
63c91681 DM	15	__PACKAGE__->register_method ({
	16	subclass => "PVE::API2::Firewall::HostRules",
	17	path => 'rules',
	18	});
	19
8b27beb9 DM	20	__PACKAGE__->register_method({
	21	name => 'index',
	22	path => '',
	23	method => 'GET',
	24	permissions => { user => 'all' },
	25	description => "Directory index.",
	26	parameters => {
	27	additionalProperties => 0,
	28	properties => {
	29	node => get_standard_option('pve-node'),
	30	},
	31	},
	32	returns => {
	33	type => 'array',
	34	items => {
	35	type => "object",
	36	properties => {},
	37	},
	38	links => [ { rel => 'child', href => "{name}" } ],
	39	},
	40	code => sub {
	41	my ($param) = @_;
	42
	43	my $result = [
	44	{ name => 'rules' },
	45	{ name => 'options' },
a959126d	46	{ name => 'log' },
8b27beb9 DM	47	];
	48
	49	return $result;
	50	}});
	51
e313afe0	52	my $option_properties = $PVE::Firewall::host_option_properties;
6302c41f DM	53
	54	my $add_option_properties = sub {
	55	my ($properties) = @_;
	56
	57	foreach my $k (keys %$option_properties) {
	58	$properties->{$k} = $option_properties->{$k};
	59	}
	60
	61	return $properties;
	62	};
	63
	64
8b27beb9 DM	65	__PACKAGE__->register_method({
	66	name => 'get_options',
	67	path => 'options',
	68	method => 'GET',
	69	description => "Get host firewall options.",
	70	proxyto => 'node',
60c103df DM	71	permissions => {
	72	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
	73	},
8b27beb9 DM	74	parameters => {
	75	additionalProperties => 0,
	76	properties => {
	77	node => get_standard_option('pve-node'),
	78	},
	79	},
	80	returns => {
	81	type => "object",
6302c41f DM	82	#additionalProperties => 1,
6302c41f DM	83	properties => $option_properties,
8b27beb9 DM	84	},
	85	code => sub {
	86	my ($param) = @_;
	87
	88	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
	89
5d38d64f	90	return PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
8b27beb9 DM	91	}});
8b27beb9 DM	92
6302c41f DM	93	__PACKAGE__->register_method({
	94	name => 'set_options',
	95	path => 'options',
	96	method => 'PUT',
	97	description => "Set Firewall options.",
	98	protected => 1,
	99	proxyto => 'node',
60c103df DM	100	permissions => {
	101	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
	102	},
6302c41f DM	103	parameters => {
	104	additionalProperties => 0,
	105	properties => &$add_option_properties({
	106	node => get_standard_option('pve-node'),
	107	delete => {
	108	type => 'string', format => 'pve-configid-list',
	109	description => "A list of settings you want to delete.",
	110	optional => 1,
	111	},
	112	digest => get_standard_option('pve-config-digest'),
	113	}),
	114	},
	115	returns => { type => "null" },
	116	code => sub {
	117	my ($param) = @_;
	118
	119	my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
	120
	121	my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($hostfw_conf->{options});
	122	PVE::Tools::assert_if_modified($digest, $param->{digest});
	123
	124	if ($param->{delete}) {
	125	foreach my $opt (PVE::Tools::split_list($param->{delete})) {
	126	raise_param_exc({ delete => "no such option '$opt'" })
	127	if !$option_properties->{$opt};
	128	delete $hostfw_conf->{options}->{$opt};
	129	}
	130	}
	131
	132	if (defined($param->{enable})) {
	133	$param->{enable} = $param->{enable} ? 1 : 0;
	134	}
	135
	136	foreach my $k (keys %$option_properties) {
	137	next if !defined($param->{$k});
	138	$hostfw_conf->{options}->{$k} = $param->{$k};
	139	}
	140
	141	PVE::Firewall::save_hostfw_conf($hostfw_conf);
	142
	143	return undef;
	144	}});
	145
a959126d DM	146	__PACKAGE__->register_method({
	147	name => 'log',
	148	path => 'log',
	149	method => 'GET',
	150	description => "Read firewall log",
	151	proxyto => 'node',
	152	permissions => {
	153	check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
	154	},
	155	protected => 1,
	156	parameters => {
	157	additionalProperties => 0,
	158	properties => {
	159	node => get_standard_option('pve-node'),
	160	start => {
	161	type => 'integer',
	162	minimum => 0,
	163	optional => 1,
	164	},
	165	limit => {
	166	type => 'integer',
	167	minimum => 0,
	168	optional => 1,
	169	},
	170	},
	171	},
	172	returns => {
	173	type => 'array',
	174	items => {
	175	type => "object",
	176	properties => {
	177	n => {
	178	description=> "Line number",
	179	type=> 'integer',
	180	},
	181	t => {
	182	description=> "Line text",
	183	type => 'string',
	184	}
	185	}
	186	}
	187	},
	188	code => sub {
	189	my ($param) = @_;
	190
	191	my $rpcenv = PVE::RPCEnvironment::get();
	192	my $user = $rpcenv->get_user();
	193	my $node = $param->{node};
	194
	195	my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit});
	196
	197	$rpcenv->set_result_attrib('total', $count);
	198
	199	return $lines;
	200	}});
	201
8b27beb9	202	1;