]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Rules.pm
4837880974041ee55e035fa0158161065e9a4a10
1 package PVE
::API2
::Firewall
::RulesBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
9 use base
qw(PVE::RESTHandler);
11 my $api_properties = {
13 description
=> "Rule position.",
20 my ($class, $param) = @_;
22 die "implement this in subclass";
24 #return ($fw_conf, $rules);
28 my ($class, $param, $fw_conf, $rules) = @_;
30 die "implement this in subclass";
33 my $additional_param_hash = {};
39 sub additional_parameters
{
40 my ($class, $new_value) = @_;
42 if (defined($new_value)) {
43 $additional_param_hash->{$class} = $new_value;
48 my $org = $additional_param_hash->{$class} || {};
49 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
53 sub register_get_rules
{
56 my $properties = $class->additional_parameters();
58 $class->register_method({
62 description
=> "List rules.",
64 additionalProperties
=> 0,
65 properties
=> $properties,
77 links
=> [ { rel
=> 'child', href
=> "{pos}" } ],
82 my ($fw_conf, $rules) = $class->load_config($param);
84 my $digest = $fw_conf->{digest
};
89 foreach my $rule (@$rules) {
90 push @$res, PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $ind++);
97 sub register_get_rule
{
100 my $properties = $class->additional_parameters();
102 $properties->{pos} = $api_properties->{pos};
104 $class->register_method({
108 description
=> "Get single rule data.",
110 additionalProperties
=> 0,
111 properties
=> $properties,
124 my ($fw_conf, $rules) = $class->load_config($param);
126 my $digest = $fw_conf->{digest
};
127 # fixme: check digest
129 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
131 my $rule = $rules->[$param->{pos}];
133 return PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $param->{pos});
137 sub register_create_rule
{
140 my $properties = $class->additional_parameters();
142 my $create_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
143 $create_rule_properties->{action
}->{optional
} = 0;
144 $create_rule_properties->{type
}->{optional
} = 0;
146 $class->register_method({
147 name
=> 'create_rule',
150 description
=> "Create new rule.",
153 additionalProperties
=> 0,
154 properties
=> $create_rule_properties,
156 returns
=> { type
=> "null" },
160 my ($fw_conf, $rules) = $class->load_config($param);
162 my $digest = $fw_conf->{digest
};
166 PVE
::Firewall
::copy_rule_data
($rule, $param);
167 PVE
::Firewall
::verify_rule
($rule, $class->allow_groups());
169 $rule->{enable
} = 0 if !defined($param->{enable
});
171 unshift @$rules, $rule;
173 $class->save_rules($param, $fw_conf, $rules);
179 sub register_update_rule
{
182 my $properties = $class->additional_parameters();
184 $properties->{pos} = $api_properties->{pos};
186 $properties->{moveto
} = {
187 description
=> "Move rule to new position <moveto>. Other arguments are ignored.",
193 $properties->{delete} = {
194 type
=> 'string', format
=> 'pve-configid-list',
195 description
=> "A list of settings you want to delete.",
199 my $update_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
201 $class->register_method({
202 name
=> 'update_rule',
205 description
=> "Modify rule data.",
208 additionalProperties
=> 0,
209 properties
=> $update_rule_properties,
211 returns
=> { type
=> "null" },
215 my ($fw_conf, $rules) = $class->load_config($param);
217 my $digest = $fw_conf->{digest
};
218 # fixme: check digest
220 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
222 my $rule = $rules->[$param->{pos}];
224 my $moveto = $param->{moveto
};
225 if (defined($moveto) && $moveto != $param->{pos}) {
227 for (my $i = 0; $i < scalar(@$rules); $i++) {
228 next if $i == $param->{pos};
230 push @$newrules, $rule;
232 push @$newrules, $rules->[$i];
234 push @$newrules, $rule if $moveto >= scalar(@$rules);
237 raise_param_exc
({ type
=> "property is missing"})
238 if !defined($param->{type
});
239 raise_param_exc
({ action
=> "property is missing"})
240 if !defined($param->{action
});
242 PVE
::Firewall
::copy_rule_data
($rule, $param);
244 PVE
::Firewall
::delete_rule_properties
($rule, $param->{'delete'}) if $param->{'delete'};
246 PVE
::Firewall
::verify_rule
($rule, $class->allow_groups());
249 $class->save_rules($param, $fw_conf, $rules);
255 sub register_delete_rule
{
258 my $properties = $class->additional_parameters();
260 $properties->{pos} = $api_properties->{pos};
262 $class->register_method({
263 name
=> 'delete_rule',
266 description
=> "Delete rule.",
269 additionalProperties
=> 0,
270 properties
=> $properties,
272 returns
=> { type
=> "null" },
276 my ($fw_conf, $rules) = $class->load_config($param);
278 my $digest = $fw_conf->{digest
};
279 # fixme: check digest
281 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
283 splice(@$rules, $param->{pos}, 1);
285 $class->save_rules($param, $fw_conf, $rules);
291 sub register_handlers
{
294 $class->register_get_rules();
295 $class->register_get_rule();
296 $class->register_create_rule();
297 $class->register_update_rule();
298 $class->register_delete_rule();
301 package PVE
::API2
::Firewall
::GroupRules
;
305 use PVE
::JSONSchema
qw(get_standard_option);
307 use base
qw(PVE::API2::Firewall::RulesBase);
309 __PACKAGE__-
>additional_parameters({ group
=> get_standard_option
('pve-security-group-name') });
316 my ($class, $param) = @_;
318 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
319 my $rules = $fw_conf->{groups
}->{$param->{group
}};
320 die "no such security group '$param->{group}'\n" if !defined($rules);
322 return ($fw_conf, $rules);
326 my ($class, $param, $fw_conf, $rules) = @_;
328 $fw_conf->{groups
}->{$param->{group
}} = $rules;
329 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
332 __PACKAGE__-
>register_handlers();
334 package PVE
::API2
::Firewall
::ClusterRules
;
339 use base
qw(PVE::API2::Firewall::RulesBase);
342 my ($class, $param) = @_;
344 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
345 my $rules = $fw_conf->{rules
};
347 return ($fw_conf, $rules);
351 my ($class, $param, $fw_conf, $rules) = @_;
353 $fw_conf->{rules
} = $rules;
354 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
357 __PACKAGE__-
>register_handlers();
359 package PVE
::API2
::Firewall
::HostRules
;
363 use PVE
::JSONSchema
qw(get_standard_option);
365 use base
qw(PVE::API2::Firewall::RulesBase);
367 __PACKAGE__-
>additional_parameters({ node
=> get_standard_option
('pve-node')});
370 my ($class, $param) = @_;
372 my $fw_conf = PVE
::Firewall
::load_hostfw_conf
();
373 my $rules = $fw_conf->{rules
};
375 return ($fw_conf, $rules);
379 my ($class, $param, $fw_conf, $rules) = @_;
381 $fw_conf->{rules
} = $rules;
382 PVE
::Firewall
::save_hostfw_conf
($fw_conf);
385 __PACKAGE__-
>register_handlers();
387 package PVE
::API2
::Firewall
::VMRules
;
391 use PVE
::JSONSchema
qw(get_standard_option);
393 use base
qw(PVE::API2::Firewall::RulesBase);
395 __PACKAGE__-
>additional_parameters({
396 node
=> get_standard_option
('pve-node'),
397 vmid
=> get_standard_option
('pve-vmid'),
401 my ($class, $param) = @_;
403 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($param->{vmid
});
404 my $rules = $fw_conf->{rules
};
406 return ($fw_conf, $rules);
410 my ($class, $param, $fw_conf, $rules) = @_;
412 $fw_conf->{rules
} = $rules;
413 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
416 __PACKAGE__-
>register_handlers();