src/PVE/API2/Firewall/Groups.pm

   1 package PVE::API2::Firewall::Groups;
   2
   3 use strict;
   4 use warnings;
   5 use PVE::JSONSchema qw(get_standard_option);
   6
   7 use PVE::Firewall;
   8
   9
  10 use Data::Dumper; # fixme: remove
  11
  12 use base qw(PVE::RESTHandler);
  13
  14 __PACKAGE__->register_method({
  15     name => 'list',
  16     path => '',
  17     method => 'GET',
  18     description => "List security groups.",
  19     proxyto => 'node',
  20     parameters => {
  21         additionalProperties => 0,
  22         properties => {
  23             node => get_standard_option('pve-node'),
  24         },
  25     },
  26     returns => {
  27         type => 'array',
  28         items => {
  29             type => "object",
  30             properties => {
  31                 name => {
  32                     description => "Security group name.",
  33                     type => 'string',
  34                 },
  35             },
  36         },
  37         links => [ { rel => 'child', href => "{name}" } ],
  38     },
  39     code => sub {
  40         my ($param) = @_;
  41
  42         my $groups_conf = PVE::Firewall::load_security_groups();
  43
  44         my $res = [];
  45         foreach my $group (keys %{$groups_conf->{rules}}) {
  46             push @$res, { name => $group, count => scalar(@{$groups_conf->{rules}->{$group}}) };
  47         }
  48
  49         return $res;
  50     }});
  51
  52 __PACKAGE__->register_method({
  53     name => 'get_rules',
  54     path => '{group}',
  55     method => 'GET',
  56     description => "List security groups rules.",
  57     proxyto => 'node',
  58     parameters => {
  59         additionalProperties => 0,
  60         properties => {
  61             node => get_standard_option('pve-node'),
  62             group => {
  63                 description => "Security group name.",
  64                 type => 'string',
  65             },
  66         },
  67     },
  68     returns => {
  69         type => 'array',
  70         items => {
  71             type => "object",
  72             properties => {},
  73         },
  74     },
  75     code => sub {
  76         my ($param) = @_;
  77
  78         my $groups_conf = PVE::Firewall::load_security_groups();
  79
  80         my $rules = $groups_conf->{rules}->{$param->{group}};
  81         die "no such security group\n" if !defined($rules);
  82
  83         my $digest = $groups_conf->{digest};
  84
  85         my $res = [];
  86
  87         my $ind = 0;
  88         foreach my $rule (@$rules) {
  89             push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++);
  90         }
  91
  92         return $res;
  93     }});
  94
  95 1;