]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Cluster.pm
1 package PVE
::API2
::Firewall
::Cluster
;
5 use PVE
::Exception
qw(raise raise_param_exc raise_perm_exc);
6 use PVE
::JSONSchema
qw(get_standard_option);
9 use PVE
::API2
::Firewall
::Aliases
;
10 use PVE
::API2
::Firewall
::Rules
;
11 use PVE
::API2
::Firewall
::Groups
;
12 use PVE
::API2
::Firewall
::IPSet
;
16 use Data
::Dumper
; # fixme: remove
18 use base
qw(PVE::RESTHandler);
20 __PACKAGE__-
>register_method ({
21 subclass
=> "PVE::API2::Firewall::Groups",
25 __PACKAGE__-
>register_method ({
26 subclass
=> "PVE::API2::Firewall::ClusterRules",
30 __PACKAGE__-
>register_method ({
31 subclass
=> "PVE::API2::Firewall::ClusterIPSetList",
35 __PACKAGE__-
>register_method ({
36 subclass
=> "PVE::API2::Firewall::ClusterAliases",
41 __PACKAGE__-
>register_method({
45 permissions
=> { user
=> 'all' },
46 description
=> "Directory index.",
48 additionalProperties
=> 0,
56 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
62 { name
=> 'aliases' },
64 { name
=> 'options' },
74 my $option_properties = {
80 description
=> "Input policy.",
83 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
86 description
=> "Output policy.",
89 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
93 my $add_option_properties = sub {
94 my ($properties) = @_;
96 foreach my $k (keys %$option_properties) {
97 $properties->{$k} = $option_properties->{$k};
104 __PACKAGE__-
>register_method({
105 name
=> 'get_options',
108 description
=> "Get Firewall options.",
110 check
=> ['perm', '/', [ 'Sys.Audit' ]],
113 additionalProperties
=> 0,
117 #additionalProperties => 1,
118 properties
=> $option_properties,
123 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
125 return PVE
::Firewall
::copy_opject_with_digest
($cluster_conf->{options
});
129 __PACKAGE__-
>register_method({
130 name
=> 'set_options',
133 description
=> "Set Firewall options.",
136 check
=> ['perm', '/', [ 'Sys.Modify' ]],
139 additionalProperties
=> 0,
140 properties
=> &$add_option_properties({
142 type
=> 'string', format
=> 'pve-configid-list',
143 description
=> "A list of settings you want to delete.",
146 digest
=> get_standard_option
('pve-config-digest'),
149 returns
=> { type
=> "null" },
153 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
155 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($cluster_conf->{options
});
156 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
158 if ($param->{delete}) {
159 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
160 raise_param_exc
({ delete => "no such option '$opt'" })
161 if !$option_properties->{$opt};
162 delete $cluster_conf->{options
}->{$opt};
166 if (defined($param->{enable
})) {
167 $param->{enable
} = $param->{enable
} ?
1 : 0;
170 foreach my $k (keys %$option_properties) {
171 next if !defined($param->{$k});
172 $cluster_conf->{options
}->{$k} = $param->{$k};
175 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
180 __PACKAGE__-
>register_method({
181 name
=> 'get_macros',
184 description
=> "List available macros",
185 permissions
=> { user
=> 'all' },
187 additionalProperties
=> 0,
195 description
=> "Macro name.",
199 description
=> "More verbose description (if available).",
210 my ($macros, $descr) = PVE
::Firewall
::get_macros
();
212 foreach my $macro (keys %$macros) {
213 push @$res, { macro => $macro, descr
=> $descr->{$macro} || $macro };
219 __PACKAGE__-
>register_method({
223 description
=> "Lists possible IPSet/Alias reference which are allowed in source/dest properties.",
225 check
=> ['perm', '/', [ 'Sys.Audit' ]],
228 additionalProperties
=> 0,
231 description
=> "Only list references of specified type.",
233 enum
=> ['alias', 'ipset'],
245 enum
=> ['alias', 'ipset'],
263 my $conf = PVE
::Firewall
::load_clusterfw_conf
();
267 if (!$param->{type
} || $param->{type
} eq 'ipset') {
268 foreach my $name (keys %{$conf->{ipset
}}) {
274 if (my $comment = $conf->{ipset_comments
}->{$name}) {
275 $data->{comment
} = $comment;
281 if (!$param->{type
} || $param->{type
} eq 'alias') {
282 foreach my $name (keys %{$conf->{aliases
}}) {
283 my $e = $conf->{aliases
}->{$name};
289 $data->{comment
} = $e->{comment
} if $e->{comment
};