src/PVE/API2/Firewall/Cluster.pm

   1 package PVE::API2::Firewall::Cluster;
   2
   3 use strict;
   4 use warnings;
   5 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
   6 use PVE::JSONSchema qw(get_standard_option);
   7
   8 use PVE::Firewall;
   9 use PVE::API2::Firewall::Groups;
  10
  11 #fixme: locking?
  12
  13 use Data::Dumper; # fixme: remove
  14
  15 use base qw(PVE::RESTHandler);
  16
  17 __PACKAGE__->register_method ({
  18     subclass => "PVE::API2::Firewall::Groups",
  19     path => 'groups',
  20 });
  21
  22 __PACKAGE__->register_method({
  23     name => 'index',
  24     path => '',
  25     method => 'GET',
  26     permissions => { user => 'all' },
  27     description => "Directory index.",
  28     parameters => {
  29         additionalProperties => 0,
  30     },
  31     returns => {
  32         type => 'array',
  33         items => {
  34             type => "object",
  35             properties => {},
  36         },
  37         links => [ { rel => 'child', href => "{name}" } ],
  38     },
  39     code => sub {
  40         my ($param) = @_;
  41
  42         my $result = [
  43             { name => 'rules' },
  44             { name => 'options' },
  45             { name => 'groups' },
  46             { name => 'netgroups' },
  47             ];
  48
  49         return $result;
  50     }});
  51
  52 __PACKAGE__->register_method({
  53     name => 'get_options',
  54     path => 'options',
  55     method => 'GET',
  56     description => "Get Firewall options.",
  57     parameters => {
  58         additionalProperties => 0,
  59     },
  60     returns => {
  61         type => "object",
  62         #additionalProperties => 1,
  63         properties => {
  64             enable => {
  65                 type => 'boolean',
  66                 optional => 1,
  67             },
  68         },
  69     },
  70     code => sub {
  71         my ($param) = @_;
  72
  73         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  74
  75         my $options = $cluster_conf->{options};
  76
  77         return $options;
  78     }});
  79
  80 my $option_properties = {
  81     enable => {
  82         type => 'boolean',
  83         optional => 1,
  84     },
  85 };
  86
  87 my $add_option_properties = sub {
  88     my ($properties) = @_;
  89
  90     foreach my $k (keys %$option_properties) {
  91         $properties->{$k} = $option_properties->{$k};
  92     }
  93
  94     return $properties;
  95 };
  96
  97 __PACKAGE__->register_method({
  98     name => 'set_options',
  99     path => 'options',
 100     method => 'PUT',
 101     description => "Set Firewall options.",
 102     parameters => {
 103         additionalProperties => 0,
 104         properties => &$add_option_properties({
 105             delete => {
 106                 type => 'string', format => 'pve-configid-list',
 107                 description => "A list of settings you want to delete.",
 108                 optional => 1,
 109             },
 110         }),
 111     },
 112     returns => { type => "null" },
 113     code => sub {
 114         my ($param) = @_;
 115
 116         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
 117
 118         if ($param->{delete}) {
 119             foreach my $opt (PVE::Tools::split_list($param->{delete})) {
 120                 raise_param_exc({ delete => "no such option '$opt'" })
 121                     if !$option_properties->{$opt};
 122                 delete $cluster_conf->{options}->{$opt};
 123             }
 124         }
 125
 126         if (defined($param->{enable})) {
 127             $cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0;
 128         }
 129
 130
 131         PVE::Firewall::save_clusterfw_conf($cluster_conf);
 132
 133         return undef;
 134     }});