]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Aliases.pm
1 package PVE
::API2
::Firewall
::AliasesBase
;
5 use PVE
::Exception
qw(raise raise_param_exc);
6 use PVE
::JSONSchema
qw(get_standard_option);
10 use base
qw(PVE::RESTHandler);
12 my $api_properties = {
14 description
=> "Network/IP specification in CIDR format.",
15 type
=> 'string', format
=> 'IPorCIDR',
17 name
=> get_standard_option
('pve-fw-alias'),
18 rename => get_standard_option
('pve-fw-alias', {
19 description
=> "Rename an existing alias.",
29 my ($class, $param, $code) = @_;
31 die "implement this in subclass";
35 my ($class, $param) = @_;
37 die "implement this in subclass";
39 #return ($fw_conf, $rules);
43 my ($class, $param, $fw_conf, $aliases) = @_;
45 die "implement this in subclass";
49 my ($class, $param) = @_;
51 die "implement this in subclass";
54 my $additional_param_hash = {};
56 sub additional_parameters
{
57 my ($class, $new_value) = @_;
59 if (defined($new_value)) {
60 $additional_param_hash->{$class} = $new_value;
65 my $org = $additional_param_hash->{$class} || {};
66 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
70 my $aliases_to_list = sub {
74 foreach my $k (sort keys %$aliases) {
75 push @$list, $aliases->{$k};
80 sub register_get_aliases
{
83 my $properties = $class->additional_parameters();
85 $class->register_method({
86 name
=> 'get_aliases',
89 description
=> "List aliases",
90 permissions
=> PVE
::Firewall
::rules_audit_permissions
($class->rule_env()),
92 additionalProperties
=> 0,
93 properties
=> $properties,
100 name
=> { type
=> 'string' },
101 cidr
=> { type
=> 'string' },
106 digest
=> get_standard_option
('pve-config-digest', { optional
=> 0} ),
109 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
114 my ($fw_conf, $aliases) = $class->load_config($param);
116 my $list = &$aliases_to_list($aliases);
118 return PVE
::Firewall
::copy_list_with_digest
($list);
122 sub register_create_alias
{
125 my $properties = $class->additional_parameters();
127 $properties->{name
} = $api_properties->{name
};
128 $properties->{cidr
} = $api_properties->{cidr
};
129 $properties->{comment
} = $api_properties->{comment
};
131 $class->register_method({
132 name
=> 'create_alias',
135 description
=> "Create IP or Network Alias.",
136 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
139 additionalProperties
=> 0,
140 properties
=> $properties,
142 returns
=> { type
=> "null" },
146 my ($fw_conf, $aliases) = $class->load_config($param);
148 my $name = lc($param->{name
});
150 raise_param_exc
({ name
=> "alias '$param->{name}' already exists" })
151 if defined($aliases->{$name});
153 my $data = { name
=> $param->{name
}, cidr
=> $param->{cidr
} };
154 $data->{comment
} = $param->{comment
} if $param->{comment
};
156 $aliases->{$name} = $data;
158 $class->save_aliases($param, $fw_conf, $aliases);
164 sub register_read_alias
{
167 my $properties = $class->additional_parameters();
169 $properties->{name
} = $api_properties->{name
};
171 $class->register_method({
172 name
=> 'read_alias',
175 description
=> "Read alias.",
176 permissions
=> PVE
::Firewall
::rules_audit_permissions
($class->rule_env()),
178 additionalProperties
=> 0,
179 properties
=> $properties,
181 returns
=> { type
=> "object" },
185 my ($fw_conf, $aliases) = $class->load_config($param);
187 my $name = lc($param->{name
});
189 raise_param_exc
({ name
=> "no such alias" })
190 if !defined($aliases->{$name});
192 return $aliases->{$name};
196 sub register_update_alias
{
199 my $properties = $class->additional_parameters();
201 $properties->{name
} = $api_properties->{name
};
202 $properties->{rename} = $api_properties->{rename};
203 $properties->{cidr
} = $api_properties->{cidr
};
204 $properties->{comment
} = $api_properties->{comment
};
205 $properties->{digest
} = get_standard_option
('pve-config-digest');
207 $class->register_method({
208 name
=> 'update_alias',
211 description
=> "Update IP or Network alias.",
212 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
215 additionalProperties
=> 0,
216 properties
=> $properties,
218 returns
=> { type
=> "null" },
222 my ($fw_conf, $aliases) = $class->load_config($param);
224 my $list = &$aliases_to_list($aliases);
226 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($list);
228 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
230 my $name = lc($param->{name
});
232 raise_param_exc
({ name
=> "no such alias" }) if !$aliases->{$name};
234 my $data = { name
=> $param->{name
}, cidr
=> $param->{cidr
} };
235 $data->{comment
} = $param->{comment
} if $param->{comment
};
237 $aliases->{$name} = $data;
239 my $rename = $param->{rename};
240 $rename = lc($rename) if $rename;
242 if ($rename && ($name ne $rename)) {
243 raise_param_exc
({ name
=> "alias '$param->{rename}' already exists" })
244 if defined($aliases->{$rename});
245 $aliases->{$name}->{name
} = $param->{rename};
246 $aliases->{$rename} = $aliases->{$name};
247 delete $aliases->{$name};
250 $class->save_aliases($param, $fw_conf, $aliases);
256 sub register_delete_alias
{
259 my $properties = $class->additional_parameters();
261 $properties->{name
} = $api_properties->{name
};
262 $properties->{digest
} = get_standard_option
('pve-config-digest');
264 $class->register_method({
265 name
=> 'remove_alias',
268 description
=> "Remove IP or Network alias.",
269 permissions
=> PVE
::Firewall
::rules_modify_permissions
($class->rule_env()),
272 additionalProperties
=> 0,
273 properties
=> $properties,
275 returns
=> { type
=> "null" },
279 my ($fw_conf, $aliases) = $class->load_config($param);
281 my $list = &$aliases_to_list($aliases);
282 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($list);
283 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
285 my $name = lc($param->{name
});
286 delete $aliases->{$name};
288 $class->save_aliases($param, $fw_conf, $aliases);
294 sub register_handlers
{
297 $class->register_get_aliases();
298 $class->register_create_alias();
299 $class->register_read_alias();
300 $class->register_update_alias();
301 $class->register_delete_alias();
304 package PVE
::API2
::Firewall
::ClusterAliases
;
309 use base
qw(PVE::API2::Firewall::AliasesBase);
312 my ($class, $param) = @_;
318 my ($class, $param, $code) = @_;
320 PVE
::Firewall
::lock_clusterfw_conf
(10, $code, $param);
324 my ($class, $param) = @_;
326 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
327 my $aliases = $fw_conf->{aliases
};
329 return ($fw_conf, $aliases);
333 my ($class, $param, $fw_conf, $aliases) = @_;
335 $fw_conf->{aliases
} = $aliases;
336 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
339 __PACKAGE__-
>register_handlers();
341 package PVE
::API2
::Firewall
::VMAliases
;
345 use PVE
::JSONSchema
qw(get_standard_option);
347 use base
qw(PVE::API2::Firewall::AliasesBase);
350 my ($class, $param) = @_;
355 __PACKAGE__-
>additional_parameters({
356 node
=> get_standard_option
('pve-node'),
357 vmid
=> get_standard_option
('pve-vmid'),
361 my ($class, $param, $code) = @_;
363 PVE
::Firewall
::lock_vmfw_conf
($param->{vmid
}, 10, $code, $param);
367 my ($class, $param) = @_;
369 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
370 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'vm', $param->{vmid
});
371 my $aliases = $fw_conf->{aliases
};
373 return ($fw_conf, $aliases);
377 my ($class, $param, $fw_conf, $aliases) = @_;
379 $fw_conf->{aliases
} = $aliases;
380 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
383 __PACKAGE__-
>register_handlers();
385 package PVE
::API2
::Firewall
::CTAliases
;
389 use PVE
::JSONSchema
qw(get_standard_option);
391 use base
qw(PVE::API2::Firewall::AliasesBase);
394 my ($class, $param) = @_;
399 __PACKAGE__-
>additional_parameters({
400 node
=> get_standard_option
('pve-node'),
401 vmid
=> get_standard_option
('pve-vmid'),
405 my ($class, $param, $code) = @_;
407 PVE
::Firewall
::lock_vmfw_conf
($param->{vmid
}, 10, $code, $param);
411 my ($class, $param) = @_;
413 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
414 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'ct', $param->{vmid
});
415 my $aliases = $fw_conf->{aliases
};
417 return ($fw_conf, $aliases);
421 my ($class, $param, $fw_conf, $aliases) = @_;
423 $fw_conf->{aliases
} = $aliases;
424 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
427 __PACKAGE__-
>register_handlers();