]> git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Cluster.pm
projects / pve-firewall.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipset: implement delete API, improve parameter verification
[pve-firewall.git] / src / PVE / API2 / Firewall / Cluster.pm
1 package PVE::API2::Firewall::Cluster;
2
3 use strict;
4 use warnings;
5 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
6 use PVE::JSONSchema qw(get_standard_option);
7
8 use PVE::Firewall;
9 use PVE::API2::Firewall::Rules;
10 use PVE::API2::Firewall::Groups;
11 use PVE::API2::Firewall::IPSet;
12
13 #fixme: locking?
14
15 use Data::Dumper; # fixme: remove
16
17 use base qw(PVE::RESTHandler);
18
19 __PACKAGE__->register_method ({
20 subclass => "PVE::API2::Firewall::Groups",
21 path => 'groups',
22 });
23
24 __PACKAGE__->register_method ({
25 subclass => "PVE::API2::Firewall::ClusterRules",
26 path => 'rules',
27 });
28
29 __PACKAGE__->register_method({
30 name => 'index',
31 path => '',
32 method => 'GET',
33 permissions => { user => 'all' },
34 description => "Directory index.",
35 parameters => {
36 additionalProperties => 0,
37 },
38 returns => {
39 type => 'array',
40 items => {
41 type => "object",
42 properties => {},
43 },
44 links => [ { rel => 'child', href => "{name}" } ],
45 },
46 code => sub {
47 my ($param) = @_;
48
49 my $result = [
50 { name => 'rules' },
51 { name => 'options' },
52 { name => 'groups' },
53 { name => 'ipset' },
54 { name => 'macros' },
55 ];
56
57 return $result;
58 }});
59
60 __PACKAGE__->register_method({
61 name => 'get_options',
62 path => 'options',
63 method => 'GET',
64 description => "Get Firewall options.",
65 parameters => {
66 additionalProperties => 0,
67 },
68 returns => {
69 type => "object",
70 #additionalProperties => 1,
71 properties => {
72 enable => {
73 type => 'boolean',
74 optional => 1,
75 },
76 },
77 },
78 code => sub {
79 my ($param) = @_;
80
81 my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
82
83 my $options = $cluster_conf->{options};
84
85 return $options;
86 }});
87
88 my $option_properties = {
89 enable => {
90 type => 'boolean',
91 optional => 1,
92 },
93 };
94
95 my $add_option_properties = sub {
96 my ($properties) = @_;
97
98 foreach my $k (keys %$option_properties) {
99 $properties->{$k} = $option_properties->{$k};
100 }
101
102 return $properties;
103 };
104
105 __PACKAGE__->register_method({
106 name => 'set_options',
107 path => 'options',
108 method => 'PUT',
109 description => "Set Firewall options.",
110 protected => 1,
111 parameters => {
112 additionalProperties => 0,
113 properties => &$add_option_properties({
114 delete => {
115 type => 'string', format => 'pve-configid-list',
116 description => "A list of settings you want to delete.",
117 optional => 1,
118 },
119 }),
120 },
121 returns => { type => "null" },
122 code => sub {
123 my ($param) = @_;
124
125 my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
126
127 if ($param->{delete}) {
128 foreach my $opt (PVE::Tools::split_list($param->{delete})) {
129 raise_param_exc({ delete => "no such option '$opt'" })
130 if !$option_properties->{$opt};
131 delete $cluster_conf->{options}->{$opt};
132 }
133 }
134
135 if (defined($param->{enable})) {
136 $cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0;
137 }
138
139 PVE::Firewall::save_clusterfw_conf($cluster_conf);
140
141 return undef;
142 }});
143
144 __PACKAGE__->register_method({
145 name => 'get_macros',
146 path => 'macros',
147 method => 'GET',
148 description => "List available macros",
149 parameters => {
150 additionalProperties => 0,
151 },
152 returns => {
153 type => 'array',
154 items => {
155 type => "object",
156 properties => {
157 macro => {
158 description => "Macro name.",
159 type => 'string',
160 },
161 descr => {
162 description => "More verbose description (if available).",
163 type => 'string',
164 }
165 },
166 },
167 },
168 code => sub {
169 my ($param) = @_;
170
171 my $res = [];
172
173 my ($macros, $descr) = PVE::Firewall::get_macros();
174
175 foreach my $macro (keys %$macros) {
176 push @$res, { macro => $macro, descr => $descr->{$macro} || $macro };
177 }
178
179 return $res;
180 }});
181
182 __PACKAGE__->register_method({
183 name => 'ipset',
184 path => 'ipset',
185 method => 'GET',
186 description => "List IPSets",
187 parameters => {
188 additionalProperties => 0,
189 },
190 returns => {
191 type => 'array',
192 items => {
193 type => "object",
194 properties => {
195 name => {
196 description => "IPSet name.",
197 type => 'string',
198 },
199 },
200 },
201 links => [ { rel => 'child', href => "{name}" } ],
202 },
203 code => sub {
204 my ($param) = @_;
205
206 my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
207
208 my $res = [];
209 foreach my $name (keys %{$cluster_conf->{ipset}}) {
210 push @$res, { name => $name, count => scalar(@{$cluster_conf->{ipset}->{$name}}) };
211 }
212
213 return $res;
214 }});
215
216 __PACKAGE__->register_method ({
217 subclass => "PVE::API2::Firewall::ClusterIPset",
218 path => 'ipset/{name}',
219 # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/'
220 fragmentDelimiter => '',
221 });
222
223 1;
Firewall test scripts