]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Groups.pm
1 package PVE
::API2
::Firewall
::Groups
;
5 use PVE
::JSONSchema
qw(get_standard_option);
10 use Data
::Dumper
; # fixme: remove
12 use base
qw(PVE::RESTHandler);
14 __PACKAGE__-
>register_method({
18 description
=> "List security groups.",
21 additionalProperties
=> 0,
23 node
=> get_standard_option
('pve-node'),
32 description
=> "Security group name.",
37 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
42 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
45 foreach my $group (keys %{$cluster_conf->{rules
}}) {
46 push @$res, { name
=> $group, count
=> scalar(@{$cluster_conf->{rules
}->{$group}}) };
52 __PACKAGE__-
>register_method({
56 description
=> "List security groups rules.",
59 additionalProperties
=> 0,
61 node
=> get_standard_option
('pve-node'),
63 description
=> "Security group name.",
78 links
=> [ { rel
=> 'child', href
=> "{pos}" } ],
83 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
85 my $rules = $cluster_conf->{rules
}->{$param->{group
}};
86 die "no such security group\n" if !defined($rules);
88 my $digest = $cluster_conf->{digest
};
93 foreach my $rule (@$rules) {
94 push @$res, PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $ind++);
100 __PACKAGE__-
>register_method({
102 path
=> '{group}/{pos}',
104 description
=> "Get single rule data.",
107 additionalProperties
=> 0,
109 node
=> get_standard_option
('pve-node'),
111 description
=> "Security group name.",
115 description
=> "Return rule from position <pos>.",
132 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
134 my $rules = $cluster_conf->{rules
}->{$param->{group
}};
135 die "no such security group\n" if !defined($rules);
137 my $digest = $cluster_conf->{digest
};
138 # fixme: check digest
140 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
142 my $rule = $rules->[$param->{pos}];
144 return PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $param->{pos});
148 __PACKAGE__-
>register_method({
149 name
=> 'create_rule',
152 description
=> "Create new rule.",
156 additionalProperties
=> 0,
157 properties
=> PVE
::Firewall
::add_rule_properties
({
158 node
=> get_standard_option
('pve-node'),
160 description
=> "Security group name.",
165 returns
=> { type
=> "null" },
169 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
171 my $rules = $cluster_conf->{rules
}->{$param->{group
}};
172 die "no such security group\n" if !defined($rules);
174 my $digest = $cluster_conf->{digest
};
176 my $rule = { type
=> 'out', action
=> 'ACCEPT', enable
=> 0};
178 PVE
::Firewall
::copy_rule_data
($rule, $param);
180 unshift @$rules, $rule;
182 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
187 __PACKAGE__-
>register_method({
188 name
=> 'update_rule',
189 path
=> '{group}/{pos}',
191 description
=> "Modify rule data.",
195 additionalProperties
=> 0,
196 properties
=> PVE
::Firewall
::add_rule_properties
({
197 node
=> get_standard_option
('pve-node'),
199 description
=> "Security group name.",
203 description
=> "Move rule to new position <moveto>. Other arguments are ignored.",
210 returns
=> { type
=> "null" },
214 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
216 my $rules = $cluster_conf->{rules
}->{$param->{group
}};
217 die "no such security group\n" if !defined($rules);
219 my $digest = $cluster_conf->{digest
};
220 # fixme: check digest
222 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
224 my $rule = $rules->[$param->{pos}];
226 my $moveto = $param->{moveto
};
227 if (defined($moveto) && $moveto != $param->{pos}) {
229 for (my $i = 0; $i < scalar(@$rules); $i++) {
230 next if $i == $param->{pos};
232 push @$newrules, $rule;
234 push @$newrules, $rules->[$i];
236 push @$newrules, $rule if $moveto >= scalar(@$rules);
238 $cluster_conf->{rules
}->{$param->{group
}} = $newrules;
240 PVE
::Firewall
::copy_rule_data
($rule, $param);
243 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
248 __PACKAGE__-
>register_method({
249 name
=> 'delete_rule',
250 path
=> '{group}/{pos}',
252 description
=> "Delete rule.",
256 additionalProperties
=> 0,
258 node
=> get_standard_option
('pve-node'),
260 description
=> "Security group name.",
264 description
=> "Delete rule at position <pos>.",
270 returns
=> { type
=> "null" },
274 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
276 my $rules = $cluster_conf->{rules
}->{$param->{group
}};
277 die "no such security group\n" if !defined($rules);
279 my $digest = $cluster_conf->{digest
};
280 # fixme: check digest
282 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
284 splice(@$rules, $param->{pos}, 1);
286 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);