]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Rules.pm
1 package PVE
::API2
::Firewall
::RulesBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
9 use base
qw(PVE::RESTHandler);
11 my $api_properties = {
13 description
=> "Rule position.",
20 my ($class, $param) = @_;
22 die "implement this in subclass";
24 #return ($fw_conf, $rules);
28 my ($class, $param, $fw_conf, $rules) = @_;
30 die "implement this in subclass";
33 my $additional_param_hash = {};
35 sub additional_parameters
{
36 my ($class, $new_value) = @_;
38 if (defined($new_value)) {
39 $additional_param_hash->{$class} = $new_value;
44 my $org = $additional_param_hash->{$class} || {};
45 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
49 sub register_get_rules
{
52 my $properties = $class->additional_parameters();
54 $class->register_method({
58 description
=> "List rules.",
60 additionalProperties
=> 0,
61 properties
=> $properties,
73 links
=> [ { rel
=> 'child', href
=> "{pos}" } ],
78 my ($fw_conf, $rules) = $class->load_config($param);
80 my $digest = $fw_conf->{digest
};
85 foreach my $rule (@$rules) {
86 push @$res, PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $ind++);
93 sub register_get_rule
{
96 my $properties = $class->additional_parameters();
98 $properties->{pos} = $api_properties->{pos};
100 $class->register_method({
104 description
=> "Get single rule data.",
106 additionalProperties
=> 0,
107 properties
=> $properties,
120 my ($fw_conf, $rules) = $class->load_config($param);
122 my $digest = $fw_conf->{digest
};
123 # fixme: check digest
125 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
127 my $rule = $rules->[$param->{pos}];
129 return PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $param->{pos});
133 sub register_create_rule
{
136 my $properties = $class->additional_parameters();
138 my $create_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
139 $create_rule_properties->{action
}->{optional
} = 0;
140 $create_rule_properties->{type
}->{optional
} = 0;
142 $class->register_method({
143 name
=> 'create_rule',
146 description
=> "Create new rule.",
149 additionalProperties
=> 0,
150 properties
=> $create_rule_properties,
152 returns
=> { type
=> "null" },
156 my ($fw_conf, $rules) = $class->load_config($param);
158 my $digest = $fw_conf->{digest
};
162 PVE
::Firewall
::copy_rule_data
($rule, $param);
164 $rule->{enable
} = 0 if !defined($param->{enable
});
166 unshift @$rules, $rule;
168 $class->save_rules($param, $fw_conf, $rules);
174 sub register_update_rule
{
177 my $properties = $class->additional_parameters();
179 $properties->{pos} = $api_properties->{pos};
181 $properties->{moveto
} = {
182 description
=> "Move rule to new position <moveto>. Other arguments are ignored.",
188 my $update_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
190 $class->register_method({
191 name
=> 'update_rule',
194 description
=> "Modify rule data.",
197 additionalProperties
=> 0,
198 properties
=> $update_rule_properties,
200 returns
=> { type
=> "null" },
204 my ($fw_conf, $rules) = $class->load_config($param);
206 my $digest = $fw_conf->{digest
};
207 # fixme: check digest
209 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
211 my $rule = $rules->[$param->{pos}];
213 my $moveto = $param->{moveto
};
214 if (defined($moveto) && $moveto != $param->{pos}) {
216 for (my $i = 0; $i < scalar(@$rules); $i++) {
217 next if $i == $param->{pos};
219 push @$newrules, $rule;
221 push @$newrules, $rules->[$i];
223 push @$newrules, $rule if $moveto >= scalar(@$rules);
226 raise_param_exc
({ type
=> "property is missing"})
227 if !defined($param->{type
});
228 raise_param_exc
({ action
=> "property is missing"})
229 if !defined($param->{action
});
231 PVE
::Firewall
::copy_rule_data
($rule, $param);
234 $class->save_rules($param, $fw_conf, $rules);
240 sub register_delete_rule
{
243 my $properties = $class->additional_parameters();
245 $properties->{pos} = $api_properties->{pos};
247 $class->register_method({
248 name
=> 'delete_rule',
251 description
=> "Delete rule.",
254 additionalProperties
=> 0,
255 properties
=> $properties,
257 returns
=> { type
=> "null" },
261 my ($fw_conf, $rules) = $class->load_config($param);
263 my $digest = $fw_conf->{digest
};
264 # fixme: check digest
266 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
268 splice(@$rules, $param->{pos}, 1);
270 $class->save_rules($param, $fw_conf, $rules);
276 sub register_handlers
{
279 $class->register_get_rules();
280 $class->register_get_rule();
281 $class->register_create_rule();
282 $class->register_update_rule();
283 $class->register_delete_rule();
286 package PVE
::API2
::Firewall
::GroupRules
;
291 use base
qw(PVE::API2::Firewall::RulesBase);
293 __PACKAGE__-
>additional_parameters({ group
=> {
294 description
=> "Security group name.",
296 maxLength
=> 20, # fixme: what length?
300 my ($class, $param) = @_;
302 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
303 my $rules = $fw_conf->{groups
}->{$param->{group
}};
304 die "no such security group '$param->{group}'\n" if !defined($rules);
306 return ($fw_conf, $rules);
310 my ($class, $param, $fw_conf, $rules) = @_;
312 $fw_conf->{groups
}->{$param->{group
}} = $rules;
313 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
316 __PACKAGE__-
>register_handlers();
318 package PVE
::API2
::Firewall
::ClusterRules
;
323 use base
qw(PVE::API2::Firewall::RulesBase);
326 my ($class, $param) = @_;
328 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
329 my $rules = $fw_conf->{rules
};
331 return ($fw_conf, $rules);
335 my ($class, $param, $fw_conf, $rules) = @_;
337 $fw_conf->{rules
} = $rules;
338 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
341 __PACKAGE__-
>register_handlers();
343 package PVE
::API2
::Firewall
::HostRules
;
347 use PVE
::JSONSchema
qw(get_standard_option);
349 use base
qw(PVE::API2::Firewall::RulesBase);
351 __PACKAGE__-
>additional_parameters({ node
=> get_standard_option
('pve-node')});
354 my ($class, $param) = @_;
356 my $fw_conf = PVE
::Firewall
::load_hostfw_conf
();
357 my $rules = $fw_conf->{rules
};
359 return ($fw_conf, $rules);
363 my ($class, $param, $fw_conf, $rules) = @_;
365 $fw_conf->{rules
} = $rules;
366 PVE
::Firewall
::save_hostfw_conf
($fw_conf);
369 __PACKAGE__-
>register_handlers();
371 package PVE
::API2
::Firewall
::VMRules
;
375 use PVE
::JSONSchema
qw(get_standard_option);
377 use base
qw(PVE::API2::Firewall::RulesBase);
379 __PACKAGE__-
>additional_parameters({
380 node
=> get_standard_option
('pve-node'),
381 vmid
=> get_standard_option
('pve-vmid'),
385 my ($class, $param) = @_;
387 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($param->{vmid
});
388 my $rules = $fw_conf->{rules
};
390 return ($fw_conf, $rules);
394 my ($class, $param, $fw_conf, $rules) = @_;
396 $fw_conf->{rules
} = $rules;
397 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
400 __PACKAGE__-
>register_handlers();