]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Groups.pm
6a07fd09d1a294c96deff43075ad937d4feab9d2
1 package PVE
::API2
::Firewall
::Groups
;
5 use PVE
::JSONSchema
qw(get_standard_option);
10 use Data
::Dumper
; # fixme: remove
12 use base
qw(PVE::RESTHandler);
14 __PACKAGE__-
>register_method({
18 description
=> "List security groups.",
20 additionalProperties
=> 0,
28 description
=> "Security group name.",
33 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
38 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
41 foreach my $group (keys %{$cluster_conf->{groups
}}) {
42 push @$res, { name
=> $group, count
=> scalar(@{$cluster_conf->{groups
}->{$group}}) };
48 __PACKAGE__-
>register_method({
52 description
=> "List security groups rules.",
54 additionalProperties
=> 0,
57 description
=> "Security group name.",
72 links
=> [ { rel
=> 'child', href
=> "{pos}" } ],
77 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
79 my $rules = $cluster_conf->{groups
}->{$param->{group
}};
80 die "no such security group\n" if !defined($rules);
82 my $digest = $cluster_conf->{digest
};
87 foreach my $rule (@$rules) {
88 push @$res, PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $ind++);
94 __PACKAGE__-
>register_method({
96 path
=> '{group}/{pos}',
98 description
=> "Get single rule data.",
100 additionalProperties
=> 0,
103 description
=> "Security group name.",
107 description
=> "Return rule from position <pos>.",
124 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
126 my $rules = $cluster_conf->{groups
}->{$param->{group
}};
127 die "no such security group\n" if !defined($rules);
129 my $digest = $cluster_conf->{digest
};
130 # fixme: check digest
132 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
134 my $rule = $rules->[$param->{pos}];
136 return PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $param->{pos});
140 __PACKAGE__-
>register_method({
141 name
=> 'create_rule',
144 description
=> "Create new rule.",
147 additionalProperties
=> 0,
148 properties
=> PVE
::Firewall
::add_rule_properties
({
150 description
=> "Security group name.",
155 returns
=> { type
=> "null" },
159 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
161 my $rules = $cluster_conf->{groups
}->{$param->{group
}};
162 die "no such security group\n" if !defined($rules);
164 my $digest = $cluster_conf->{digest
};
166 my $rule = { type
=> 'out', action
=> 'ACCEPT', enable
=> 0};
168 PVE
::Firewall
::copy_rule_data
($rule, $param);
170 unshift @$rules, $rule;
172 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
177 __PACKAGE__-
>register_method({
178 name
=> 'update_rule',
179 path
=> '{group}/{pos}',
181 description
=> "Modify rule data.",
184 additionalProperties
=> 0,
185 properties
=> PVE
::Firewall
::add_rule_properties
({
187 description
=> "Security group name.",
191 description
=> "Move rule to new position <moveto>. Other arguments are ignored.",
198 returns
=> { type
=> "null" },
202 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
204 my $rules = $cluster_conf->{groups
}->{$param->{group
}};
205 die "no such security group\n" if !defined($rules);
207 my $digest = $cluster_conf->{digest
};
208 # fixme: check digest
210 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
212 my $rule = $rules->[$param->{pos}];
214 my $moveto = $param->{moveto
};
215 if (defined($moveto) && $moveto != $param->{pos}) {
217 for (my $i = 0; $i < scalar(@$rules); $i++) {
218 next if $i == $param->{pos};
220 push @$newrules, $rule;
222 push @$newrules, $rules->[$i];
224 push @$newrules, $rule if $moveto >= scalar(@$rules);
226 $cluster_conf->{groups
}->{$param->{group
}} = $newrules;
228 PVE
::Firewall
::copy_rule_data
($rule, $param);
231 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
236 __PACKAGE__-
>register_method({
237 name
=> 'delete_rule',
238 path
=> '{group}/{pos}',
240 description
=> "Delete rule.",
243 additionalProperties
=> 0,
246 description
=> "Security group name.",
250 description
=> "Delete rule at position <pos>.",
256 returns
=> { type
=> "null" },
260 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
262 my $rules = $cluster_conf->{groups
}->{$param->{group
}};
263 die "no such security group\n" if !defined($rules);
265 my $digest = $cluster_conf->{digest
};
266 # fixme: check digest
268 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
270 splice(@$rules, $param->{pos}, 1);
272 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);