src/PVE/API2/Firewall/Cluster.pm

   1 package PVE::API2::Firewall::Cluster;
   2
   3 use strict;
   4 use warnings;
   5 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
   6 use PVE::JSONSchema qw(get_standard_option);
   7
   8 use PVE::Firewall;
   9 use PVE::API2::Firewall::Rules;
  10 use PVE::API2::Firewall::Groups;
  11
  12 #fixme: locking?
  13
  14 use Data::Dumper; # fixme: remove
  15
  16 use base qw(PVE::RESTHandler);
  17
  18 __PACKAGE__->register_method ({
  19     subclass => "PVE::API2::Firewall::Groups",
  20     path => 'groups',
  21 });
  22
  23 __PACKAGE__->register_method ({
  24     subclass => "PVE::API2::Firewall::ClusterRules",
  25     path => 'rules',
  26 });
  27
  28 __PACKAGE__->register_method({
  29     name => 'index',
  30     path => '',
  31     method => 'GET',
  32     permissions => { user => 'all' },
  33     description => "Directory index.",
  34     parameters => {
  35         additionalProperties => 0,
  36     },
  37     returns => {
  38         type => 'array',
  39         items => {
  40             type => "object",
  41             properties => {},
  42         },
  43         links => [ { rel => 'child', href => "{name}" } ],
  44     },
  45     code => sub {
  46         my ($param) = @_;
  47
  48         my $result = [
  49             { name => 'rules' },
  50             { name => 'options' },
  51             { name => 'groups' },
  52             { name => 'netgroups' },
  53             ];
  54
  55         return $result;
  56     }});
  57
  58 __PACKAGE__->register_method({
  59     name => 'get_options',
  60     path => 'options',
  61     method => 'GET',
  62     description => "Get Firewall options.",
  63     parameters => {
  64         additionalProperties => 0,
  65     },
  66     returns => {
  67         type => "object",
  68         #additionalProperties => 1,
  69         properties => {
  70             enable => {
  71                 type => 'boolean',
  72                 optional => 1,
  73             },
  74         },
  75     },
  76     code => sub {
  77         my ($param) = @_;
  78
  79         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  80
  81         my $options = $cluster_conf->{options};
  82
  83         return $options;
  84     }});
  85
  86 my $option_properties = {
  87     enable => {
  88         type => 'boolean',
  89         optional => 1,
  90     },
  91 };
  92
  93 my $add_option_properties = sub {
  94     my ($properties) = @_;
  95
  96     foreach my $k (keys %$option_properties) {
  97         $properties->{$k} = $option_properties->{$k};
  98     }
  99
 100     return $properties;
 101 };
 102
 103 __PACKAGE__->register_method({
 104     name => 'set_options',
 105     path => 'options',
 106     method => 'PUT',
 107     description => "Set Firewall options.",
 108     parameters => {
 109         additionalProperties => 0,
 110         properties => &$add_option_properties({
 111             delete => {
 112                 type => 'string', format => 'pve-configid-list',
 113                 description => "A list of settings you want to delete.",
 114                 optional => 1,
 115             },
 116         }),
 117     },
 118     returns => { type => "null" },
 119     code => sub {
 120         my ($param) = @_;
 121
 122         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
 123
 124         if ($param->{delete}) {
 125             foreach my $opt (PVE::Tools::split_list($param->{delete})) {
 126                 raise_param_exc({ delete => "no such option '$opt'" })
 127                     if !$option_properties->{$opt};
 128                 delete $cluster_conf->{options}->{$opt};
 129             }
 130         }
 131
 132         if (defined($param->{enable})) {
 133             $cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0;
 134         }
 135
 136
 137         PVE::Firewall::save_clusterfw_conf($cluster_conf);
 138
 139         return undef;
 140     }});