src/PVE/API2/Firewall/Cluster.pm

   1 package PVE::API2::Firewall::Cluster;
   2
   3 use strict;
   4 use warnings;
   5 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
   6 use PVE::JSONSchema qw(get_standard_option);
   7
   8 use PVE::Firewall;
   9 use PVE::API2::Firewall::Rules;
  10 use PVE::API2::Firewall::Groups;
  11
  12 #fixme: locking?
  13
  14 use Data::Dumper; # fixme: remove
  15
  16 use base qw(PVE::RESTHandler);
  17
  18 __PACKAGE__->register_method ({
  19     subclass => "PVE::API2::Firewall::Groups",
  20     path => 'groups',
  21 });
  22
  23 __PACKAGE__->register_method ({
  24     subclass => "PVE::API2::Firewall::ClusterRules",
  25     path => 'rules',
  26 });
  27
  28 __PACKAGE__->register_method({
  29     name => 'index',
  30     path => '',
  31     method => 'GET',
  32     permissions => { user => 'all' },
  33     description => "Directory index.",
  34     parameters => {
  35         additionalProperties => 0,
  36     },
  37     returns => {
  38         type => 'array',
  39         items => {
  40             type => "object",
  41             properties => {},
  42         },
  43         links => [ { rel => 'child', href => "{name}" } ],
  44     },
  45     code => sub {
  46         my ($param) = @_;
  47
  48         my $result = [
  49             { name => 'rules' },
  50             { name => 'options' },
  51             { name => 'groups' },
  52             { name => 'ipset' },
  53             { name => 'macros' },
  54             ];
  55
  56         return $result;
  57     }});
  58
  59 __PACKAGE__->register_method({
  60     name => 'get_options',
  61     path => 'options',
  62     method => 'GET',
  63     description => "Get Firewall options.",
  64     parameters => {
  65         additionalProperties => 0,
  66     },
  67     returns => {
  68         type => "object",
  69         #additionalProperties => 1,
  70         properties => {
  71             enable => {
  72                 type => 'boolean',
  73                 optional => 1,
  74             },
  75         },
  76     },
  77     code => sub {
  78         my ($param) = @_;
  79
  80         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  81
  82         my $options = $cluster_conf->{options};
  83
  84         return $options;
  85     }});
  86
  87 my $option_properties = {
  88     enable => {
  89         type => 'boolean',
  90         optional => 1,
  91     },
  92 };
  93
  94 my $add_option_properties = sub {
  95     my ($properties) = @_;
  96
  97     foreach my $k (keys %$option_properties) {
  98         $properties->{$k} = $option_properties->{$k};
  99     }
 100
 101     return $properties;
 102 };
 103
 104 __PACKAGE__->register_method({
 105     name => 'set_options',
 106     path => 'options',
 107     method => 'PUT',
 108     description => "Set Firewall options.",
 109     protected => 1,
 110     parameters => {
 111         additionalProperties => 0,
 112         properties => &$add_option_properties({
 113             delete => {
 114                 type => 'string', format => 'pve-configid-list',
 115                 description => "A list of settings you want to delete.",
 116                 optional => 1,
 117             },
 118         }),
 119     },
 120     returns => { type => "null" },
 121     code => sub {
 122         my ($param) = @_;
 123
 124         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
 125
 126         if ($param->{delete}) {
 127             foreach my $opt (PVE::Tools::split_list($param->{delete})) {
 128                 raise_param_exc({ delete => "no such option '$opt'" })
 129                     if !$option_properties->{$opt};
 130                 delete $cluster_conf->{options}->{$opt};
 131             }
 132         }
 133
 134         if (defined($param->{enable})) {
 135             $cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0;
 136         }
 137
 138         PVE::Firewall::save_clusterfw_conf($cluster_conf);
 139
 140         return undef;
 141     }});
 142
 143 __PACKAGE__->register_method({
 144     name => 'get_macros',
 145     path => 'macros',
 146     method => 'GET',
 147     description => "List available macros",
 148     parameters => {
 149         additionalProperties => 0,
 150     },
 151     returns => {
 152         type => 'array',
 153         items => {
 154             type => "object",
 155             properties => {
 156                 macro => {
 157                     description => "Macro name.",
 158                     type => 'string',
 159                 },
 160                 descr => {
 161                     description => "More verbose description (if available).",
 162                     type => 'string',
 163                 }
 164             },
 165         },
 166     },
 167     code => sub {
 168         my ($param) = @_;
 169
 170         my $res = [];
 171
 172         my ($macros, $descr) = PVE::Firewall::get_macros();
 173
 174         foreach my $macro (keys %$macros) {
 175             push @$res, { macro => $macro, descr => $descr->{$macro} || $macro };
 176         }
 177
 178         return $res;
 179     }});
 180
 181 1;