]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Rules.pm
df9f5621dd4612a6f15d6c00796fb4e0ef35e574
1 package PVE
::API2
::Firewall
::RulesBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
6 use PVE
::Exception
qw(raise raise_param_exc);
10 use base
qw(PVE::RESTHandler);
12 my $api_properties = {
14 description
=> "Rule position.",
21 my ($class, $param) = @_;
23 die "implement this in subclass";
25 #return ($cluster_conf, $fw_conf, $rules);
29 my ($class, $param, $fw_conf, $rules) = @_;
31 die "implement this in subclass";
34 my $additional_param_hash = {};
37 my ($class, $param) = @_;
39 die "implement this in subclass";
42 sub additional_parameters
{
43 my ($class, $new_value) = @_;
45 if (defined($new_value)) {
46 $additional_param_hash->{$class} = $new_value;
51 my $org = $additional_param_hash->{$class} || {};
52 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
56 sub register_get_rules
{
59 my $properties = $class->additional_parameters();
61 $class->register_method({
65 description
=> "List rules.",
67 additionalProperties
=> 0,
68 properties
=> $properties,
80 links
=> [ { rel
=> 'child', href
=> "{pos}" } ],
85 my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
87 my ($list, $digest) = PVE
::Firewall
::copy_list_with_digest
($rules);
90 foreach my $rule (@$list) {
91 $rule->{pos} = $ind++;
98 sub register_get_rule
{
101 my $properties = $class->additional_parameters();
103 $properties->{pos} = $api_properties->{pos};
105 $class->register_method({
109 description
=> "Get single rule data.",
111 additionalProperties
=> 0,
112 properties
=> $properties,
125 my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
127 my ($list, $digest) = PVE
::Firewall
::copy_list_with_digest
($rules);
129 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$list);
131 my $rule = $list->[$param->{pos}];
132 $rule->{pos} = $param->{pos};
138 sub register_create_rule
{
141 my $properties = $class->additional_parameters();
143 my $create_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
144 $create_rule_properties->{action
}->{optional
} = 0;
145 $create_rule_properties->{type
}->{optional
} = 0;
147 $class->register_method({
148 name
=> 'create_rule',
151 description
=> "Create new rule.",
154 additionalProperties
=> 0,
155 properties
=> $create_rule_properties,
157 returns
=> { type
=> "null" },
161 my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
165 PVE
::Firewall
::copy_rule_data
($rule, $param);
166 PVE
::Firewall
::verify_rule
($rule, $cluster_conf, $fw_conf, $class->rule_env());
168 $rule->{enable
} = 0 if !defined($param->{enable
});
170 unshift @$rules, $rule;
172 $class->save_rules($param, $fw_conf, $rules);
178 sub register_update_rule
{
181 my $properties = $class->additional_parameters();
183 $properties->{pos} = $api_properties->{pos};
185 $properties->{moveto
} = {
186 description
=> "Move rule to new position <moveto>. Other arguments are ignored.",
192 $properties->{delete} = {
193 type
=> 'string', format
=> 'pve-configid-list',
194 description
=> "A list of settings you want to delete.",
198 my $update_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
200 $class->register_method({
201 name
=> 'update_rule',
204 description
=> "Modify rule data.",
207 additionalProperties
=> 0,
208 properties
=> $update_rule_properties,
210 returns
=> { type
=> "null" },
214 my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
216 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($rules);
217 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
219 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
221 my $rule = $rules->[$param->{pos}];
223 my $moveto = $param->{moveto
};
224 if (defined($moveto) && $moveto != $param->{pos}) {
226 for (my $i = 0; $i < scalar(@$rules); $i++) {
227 next if $i == $param->{pos};
229 push @$newrules, $rule;
231 push @$newrules, $rules->[$i];
233 push @$newrules, $rule if $moveto >= scalar(@$rules);
236 PVE
::Firewall
::copy_rule_data
($rule, $param);
238 PVE
::Firewall
::delete_rule_properties
($rule, $param->{'delete'}) if $param->{'delete'};
240 PVE
::Firewall
::verify_rule
($rule, $cluster_conf, $fw_conf, $class->rule_env());
243 $class->save_rules($param, $fw_conf, $rules);
249 sub register_delete_rule
{
252 my $properties = $class->additional_parameters();
254 $properties->{pos} = $api_properties->{pos};
256 $properties->{digest
} = get_standard_option
('pve-config-digest');
258 $class->register_method({
259 name
=> 'delete_rule',
262 description
=> "Delete rule.",
265 additionalProperties
=> 0,
266 properties
=> $properties,
268 returns
=> { type
=> "null" },
272 my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
274 my (undef, $digest) = PVE
::Firewall
::copy_list_with_digest
($rules);
275 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
277 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
279 splice(@$rules, $param->{pos}, 1);
281 $class->save_rules($param, $fw_conf, $rules);
287 sub register_handlers
{
290 $class->register_get_rules();
291 $class->register_get_rule();
292 $class->register_create_rule();
293 $class->register_update_rule();
294 $class->register_delete_rule();
297 package PVE
::API2
::Firewall
::GroupRules
;
301 use PVE
::JSONSchema
qw(get_standard_option);
303 use base
qw(PVE::API2::Firewall::RulesBase);
305 __PACKAGE__-
>additional_parameters({ group
=> get_standard_option
('pve-security-group-name') });
309 my ($class, $param) = @_;
315 my ($class, $param) = @_;
317 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
318 my $rules = $fw_conf->{groups
}->{$param->{group
}};
319 die "no such security group '$param->{group}'\n" if !defined($rules);
321 return (undef, $fw_conf, $rules);
325 my ($class, $param, $fw_conf, $rules) = @_;
327 if (!defined($rules)) {
328 delete $fw_conf->{groups
}->{$param->{group
}};
330 $fw_conf->{groups
}->{$param->{group
}} = $rules;
333 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
336 __PACKAGE__-
>register_method({
337 name
=> 'delete_security_group',
340 description
=> "Delete security group.",
343 additionalProperties
=> 0,
345 group
=> get_standard_option
('pve-security-group-name'),
348 returns
=> { type
=> 'null' },
352 my (undef, $cluster_conf, $rules) = __PACKAGE__-
>load_config($param);
354 die "Security group '$param->{group}' is not empty\n"
357 __PACKAGE__-
>save_rules($param, $cluster_conf, undef);
362 __PACKAGE__-
>register_handlers();
364 package PVE
::API2
::Firewall
::ClusterRules
;
369 use base
qw(PVE::API2::Firewall::RulesBase);
372 my ($class, $param) = @_;
378 my ($class, $param) = @_;
380 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
381 my $rules = $fw_conf->{rules
};
383 return (undef, $fw_conf, $rules);
387 my ($class, $param, $fw_conf, $rules) = @_;
389 $fw_conf->{rules
} = $rules;
390 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
393 __PACKAGE__-
>register_handlers();
395 package PVE
::API2
::Firewall
::HostRules
;
399 use PVE
::JSONSchema
qw(get_standard_option);
401 use base
qw(PVE::API2::Firewall::RulesBase);
403 __PACKAGE__-
>additional_parameters({ node
=> get_standard_option
('pve-node')});
406 my ($class, $param) = @_;
412 my ($class, $param) = @_;
414 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
415 my $fw_conf = PVE
::Firewall
::load_hostfw_conf
($cluster_conf);
416 my $rules = $fw_conf->{rules
};
418 return ($cluster_conf, $fw_conf, $rules);
422 my ($class, $param, $fw_conf, $rules) = @_;
424 $fw_conf->{rules
} = $rules;
425 PVE
::Firewall
::save_hostfw_conf
($fw_conf);
428 __PACKAGE__-
>register_handlers();
430 package PVE
::API2
::Firewall
::VMRules
;
434 use PVE
::JSONSchema
qw(get_standard_option);
436 use base
qw(PVE::API2::Firewall::RulesBase);
438 __PACKAGE__-
>additional_parameters({
439 node
=> get_standard_option
('pve-node'),
440 vmid
=> get_standard_option
('pve-vmid'),
444 my ($class, $param) = @_;
450 my ($class, $param) = @_;
452 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
453 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'vm', $param->{vmid
});
454 my $rules = $fw_conf->{rules
};
456 return ($cluster_conf, $fw_conf, $rules);
460 my ($class, $param, $fw_conf, $rules) = @_;
462 $fw_conf->{rules
} = $rules;
463 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
466 __PACKAGE__-
>register_handlers();
468 package PVE
::API2
::Firewall
::CTRules
;
472 use PVE
::JSONSchema
qw(get_standard_option);
474 use base
qw(PVE::API2::Firewall::RulesBase);
476 __PACKAGE__-
>additional_parameters({
477 node
=> get_standard_option
('pve-node'),
478 vmid
=> get_standard_option
('pve-vmid'),
482 my ($class, $param) = @_;
488 my ($class, $param) = @_;
490 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
491 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, 'ct', $param->{vmid
});
492 my $rules = $fw_conf->{rules
};
494 return ($cluster_conf, $fw_conf, $rules);
498 my ($class, $param, $fw_conf, $rules) = @_;
500 $fw_conf->{rules
} = $rules;
501 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
504 __PACKAGE__-
>register_handlers();