]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Rules.pm
65fe8a65e2be48d56beaaa379d09409951553f7b
1 package PVE
::API2
::Firewall
::RulesBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
6 use PVE
::Exception
qw(raise raise_param_exc);
10 use base
qw(PVE::RESTHandler);
12 my $api_properties = {
14 description
=> "Rule position.",
21 my ($class, $param) = @_;
23 die "implement this in subclass";
25 #return ($fw_conf, $rules);
29 my ($class, $param, $fw_conf, $rules) = @_;
31 die "implement this in subclass";
34 my $additional_param_hash = {};
40 sub additional_parameters
{
41 my ($class, $new_value) = @_;
43 if (defined($new_value)) {
44 $additional_param_hash->{$class} = $new_value;
49 my $org = $additional_param_hash->{$class} || {};
50 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
54 sub register_get_rules
{
57 my $properties = $class->additional_parameters();
59 $class->register_method({
63 description
=> "List rules.",
65 additionalProperties
=> 0,
66 properties
=> $properties,
78 links
=> [ { rel
=> 'child', href
=> "{pos}" } ],
83 my ($fw_conf, $rules) = $class->load_config($param);
85 my ($list, $digest) = PVE
::Firewall
::copy_list_with_digest
($rules);
88 foreach my $rule (@$list) {
89 $rule->{pos} = $ind++;
96 sub register_get_rule
{
99 my $properties = $class->additional_parameters();
101 $properties->{pos} = $api_properties->{pos};
103 $class->register_method({
107 description
=> "Get single rule data.",
109 additionalProperties
=> 0,
110 properties
=> $properties,
123 my ($fw_conf, $rules) = $class->load_config($param);
125 my ($list, $digest) = PVE
::Firewall
::copy_list_with_digest
($rules);
127 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$list);
129 my $rule = $list->[$param->{pos}];
130 $rule->{pos} = $param->{pos};
136 sub register_create_rule
{
139 my $properties = $class->additional_parameters();
141 my $create_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
142 $create_rule_properties->{action
}->{optional
} = 0;
143 $create_rule_properties->{type
}->{optional
} = 0;
145 $class->register_method({
146 name
=> 'create_rule',
149 description
=> "Create new rule.",
152 additionalProperties
=> 0,
153 properties
=> $create_rule_properties,
155 returns
=> { type
=> "null" },
159 my ($fw_conf, $rules) = $class->load_config($param);
163 PVE
::Firewall
::copy_rule_data
($rule, $param);
164 PVE
::Firewall
::verify_rule
($rule, $class->allow_groups());
166 $rule->{enable
} = 0 if !defined($param->{enable
});
168 unshift @$rules, $rule;
170 $class->save_rules($param, $fw_conf, $rules);
176 sub register_update_rule
{
179 my $properties = $class->additional_parameters();
181 $properties->{pos} = $api_properties->{pos};
183 $properties->{moveto
} = {
184 description
=> "Move rule to new position <moveto>. Other arguments are ignored.",
190 $properties->{delete} = {
191 type
=> 'string', format
=> 'pve-configid-list',
192 description
=> "A list of settings you want to delete.",
196 my $update_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
198 $class->register_method({
199 name
=> 'update_rule',
202 description
=> "Modify rule data.",
205 additionalProperties
=> 0,
206 properties
=> $update_rule_properties,
208 returns
=> { type
=> "null" },
212 my ($fw_conf, $rules) = $class->load_config($param);
214 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($rules);
215 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
217 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
219 my $rule = $rules->[$param->{pos}];
221 my $moveto = $param->{moveto
};
222 if (defined($moveto) && $moveto != $param->{pos}) {
224 for (my $i = 0; $i < scalar(@$rules); $i++) {
225 next if $i == $param->{pos};
227 push @$newrules, $rule;
229 push @$newrules, $rules->[$i];
231 push @$newrules, $rule if $moveto >= scalar(@$rules);
234 raise_param_exc
({ type
=> "property is missing"})
235 if !defined($param->{type
});
236 raise_param_exc
({ action
=> "property is missing"})
237 if !defined($param->{action
});
239 PVE
::Firewall
::copy_rule_data
($rule, $param);
241 PVE
::Firewall
::delete_rule_properties
($rule, $param->{'delete'}) if $param->{'delete'};
243 PVE
::Firewall
::verify_rule
($rule, $class->allow_groups());
246 $class->save_rules($param, $fw_conf, $rules);
252 sub register_delete_rule
{
255 my $properties = $class->additional_parameters();
257 $properties->{pos} = $api_properties->{pos};
259 $properties->{digest
} = get_standard_option
('pve-config-digest');
261 $class->register_method({
262 name
=> 'delete_rule',
265 description
=> "Delete rule.",
268 additionalProperties
=> 0,
269 properties
=> $properties,
271 returns
=> { type
=> "null" },
275 my ($fw_conf, $rules) = $class->load_config($param);
277 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($rules);
278 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
280 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
282 splice(@$rules, $param->{pos}, 1);
284 $class->save_rules($param, $fw_conf, $rules);
290 sub register_handlers
{
293 $class->register_get_rules();
294 $class->register_get_rule();
295 $class->register_create_rule();
296 $class->register_update_rule();
297 $class->register_delete_rule();
300 package PVE
::API2
::Firewall
::GroupRules
;
304 use PVE
::JSONSchema
qw(get_standard_option);
306 use base
qw(PVE::API2::Firewall::RulesBase);
308 __PACKAGE__-
>additional_parameters({ group
=> get_standard_option
('pve-security-group-name') });
315 my ($class, $param) = @_;
317 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
318 my $rules = $fw_conf->{groups
}->{$param->{group
}};
319 die "no such security group '$param->{group}'\n" if !defined($rules);
321 return ($fw_conf, $rules);
325 my ($class, $param, $fw_conf, $rules) = @_;
327 $fw_conf->{groups
}->{$param->{group
}} = $rules;
328 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
331 __PACKAGE__-
>register_handlers();
333 package PVE
::API2
::Firewall
::ClusterRules
;
338 use base
qw(PVE::API2::Firewall::RulesBase);
341 my ($class, $param) = @_;
343 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
344 my $rules = $fw_conf->{rules
};
346 return ($fw_conf, $rules);
350 my ($class, $param, $fw_conf, $rules) = @_;
352 $fw_conf->{rules
} = $rules;
353 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
356 __PACKAGE__-
>register_handlers();
358 package PVE
::API2
::Firewall
::HostRules
;
362 use PVE
::JSONSchema
qw(get_standard_option);
364 use base
qw(PVE::API2::Firewall::RulesBase);
366 __PACKAGE__-
>additional_parameters({ node
=> get_standard_option
('pve-node')});
369 my ($class, $param) = @_;
371 my $fw_conf = PVE
::Firewall
::load_hostfw_conf
();
372 my $rules = $fw_conf->{rules
};
374 return ($fw_conf, $rules);
378 my ($class, $param, $fw_conf, $rules) = @_;
380 $fw_conf->{rules
} = $rules;
381 PVE
::Firewall
::save_hostfw_conf
($fw_conf);
384 __PACKAGE__-
>register_handlers();
386 package PVE
::API2
::Firewall
::VMRules
;
390 use PVE
::JSONSchema
qw(get_standard_option);
392 use base
qw(PVE::API2::Firewall::RulesBase);
394 __PACKAGE__-
>additional_parameters({
395 node
=> get_standard_option
('pve-node'),
396 vmid
=> get_standard_option
('pve-vmid'),
400 my ($class, $param) = @_;
402 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($param->{vmid
});
403 my $rules = $fw_conf->{rules
};
405 return ($fw_conf, $rules);
409 my ($class, $param, $fw_conf, $rules) = @_;
411 $fw_conf->{rules
} = $rules;
412 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
415 __PACKAGE__-
>register_handlers();