src/PVE/API2/Firewall/Cluster.pm

   1 package PVE::API2::Firewall::Cluster;
   2
   3 use strict;
   4 use warnings;
   5 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
   6 use PVE::JSONSchema qw(get_standard_option);
   7
   8 use PVE::Firewall;
   9 use PVE::API2::Firewall::Rules;
  10 use PVE::API2::Firewall::Groups;
  11 use PVE::API2::Firewall::IPSet;
  12
  13 #fixme: locking?
  14
  15 use Data::Dumper; # fixme: remove
  16
  17 use base qw(PVE::RESTHandler);
  18
  19 __PACKAGE__->register_method ({
  20     subclass => "PVE::API2::Firewall::Groups",
  21     path => 'groups',
  22 });
  23
  24 __PACKAGE__->register_method ({
  25     subclass => "PVE::API2::Firewall::ClusterRules",
  26     path => 'rules',
  27 });
  28
  29 __PACKAGE__->register_method ({
  30     subclass => "PVE::API2::Firewall::ClusterIPSetList",
  31     path => 'ipset',
  32 });
  33
  34 __PACKAGE__->register_method({
  35     name => 'index',
  36     path => '',
  37     method => 'GET',
  38     permissions => { user => 'all' },
  39     description => "Directory index.",
  40     parameters => {
  41         additionalProperties => 0,
  42     },
  43     returns => {
  44         type => 'array',
  45         items => {
  46             type => "object",
  47             properties => {},
  48         },
  49         links => [ { rel => 'child', href => "{name}" } ],
  50     },
  51     code => sub {
  52         my ($param) = @_;
  53
  54         my $result = [
  55             { name => 'rules' },
  56             { name => 'options' },
  57             { name => 'groups' },
  58             { name => 'ipset' },
  59             { name => 'macros' },
  60             ];
  61
  62         return $result;
  63     }});
  64
  65 __PACKAGE__->register_method({
  66     name => 'get_options',
  67     path => 'options',
  68     method => 'GET',
  69     description => "Get Firewall options.",
  70     parameters => {
  71         additionalProperties => 0,
  72     },
  73     returns => {
  74         type => "object",
  75         #additionalProperties => 1,
  76         properties => {
  77             enable => {
  78                 type => 'boolean',
  79                 optional => 1,
  80             },
  81         },
  82     },
  83     code => sub {
  84         my ($param) = @_;
  85
  86         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  87
  88         return PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
  89     }});
  90
  91 my $option_properties = {
  92     enable => {
  93         type => 'boolean',
  94         optional => 1,
  95     },
  96 };
  97
  98 my $add_option_properties = sub {
  99     my ($properties) = @_;
 100
 101     foreach my $k (keys %$option_properties) {
 102         $properties->{$k} = $option_properties->{$k};
 103     }
 104
 105     return $properties;
 106 };
 107
 108 __PACKAGE__->register_method({
 109     name => 'set_options',
 110     path => 'options',
 111     method => 'PUT',
 112     description => "Set Firewall options.",
 113     protected => 1,
 114     parameters => {
 115         additionalProperties => 0,
 116         properties => &$add_option_properties({
 117             delete => {
 118                 type => 'string', format => 'pve-configid-list',
 119                 description => "A list of settings you want to delete.",
 120                 optional => 1,
 121             },
 122             digest => get_standard_option('pve-config-digest'),
 123         }),
 124     },
 125     returns => { type => "null" },
 126     code => sub {
 127         my ($param) = @_;
 128
 129         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
 130
 131         my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
 132         PVE::Tools::assert_if_modified($digest, $param->{digest});
 133
 134         if ($param->{delete}) {
 135             foreach my $opt (PVE::Tools::split_list($param->{delete})) {
 136                 raise_param_exc({ delete => "no such option '$opt'" })
 137                     if !$option_properties->{$opt};
 138                 delete $cluster_conf->{options}->{$opt};
 139             }
 140         }
 141
 142         if (defined($param->{enable})) {
 143             $cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0;
 144         }
 145
 146         PVE::Firewall::save_clusterfw_conf($cluster_conf);
 147
 148         return undef;
 149     }});
 150
 151 __PACKAGE__->register_method({
 152     name => 'get_macros',
 153     path => 'macros',
 154     method => 'GET',
 155     description => "List available macros",
 156     parameters => {
 157         additionalProperties => 0,
 158     },
 159     returns => {
 160         type => 'array',
 161         items => {
 162             type => "object",
 163             properties => {
 164                 macro => {
 165                     description => "Macro name.",
 166                     type => 'string',
 167                 },
 168                 descr => {
 169                     description => "More verbose description (if available).",
 170                     type => 'string',
 171                 }
 172             },
 173         },
 174     },
 175     code => sub {
 176         my ($param) = @_;
 177
 178         my $res = [];
 179
 180         my ($macros, $descr) = PVE::Firewall::get_macros();
 181
 182         foreach my $macro (keys %$macros) {
 183             push @$res, { macro => $macro, descr => $descr->{$macro} || $macro };
 184         }
 185
 186         return $res;
 187     }});
 188
 189 1;