]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Rules.pm
1 package PVE
::API2
::Firewall
::RulesBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
9 use base
qw(PVE::RESTHandler);
11 my $api_properties = {
13 description
=> "Security group name.",
15 maxLength
=> 20, # fixme: what length?
18 description
=> "Rule position.",
25 my ($class, $param) = @_;
27 die "implement this in subclass";
29 #return ($fw_conf, $rules);
33 my ($class, $param, $fw_conf, $rules) = @_;
35 die "implement this in subclass";
38 my $need_group_param_hash = {};
40 sub need_group_param
{
41 my ($class, $new_value) = @_;
43 $need_group_param_hash->{$class} = $new_value if defined($new_value);
45 return $need_group_param_hash->{$class};
48 sub register_get_rules
{
53 if ($class->need_group_param()) {
54 $properties->{group
} = $api_properties->{group
};
57 $class->register_method({
61 description
=> "List rules.",
63 additionalProperties
=> 0,
64 properties
=> $properties,
76 links
=> [ { rel
=> 'child', href
=> "{pos}" } ],
81 my ($fw_conf, $rules) = $class->load_config($param);
83 my $digest = $fw_conf->{digest
};
88 foreach my $rule (@$rules) {
89 push @$res, PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $ind++);
96 sub register_get_rule
{
101 $properties->{pos} = $api_properties->{pos};
103 if ($class->need_group_param()) {
104 $properties->{group
} = $api_properties->{group
};
107 $class->register_method({
111 description
=> "Get single rule data.",
113 additionalProperties
=> 0,
114 properties
=> $properties,
127 my ($fw_conf, $rules) = $class->load_config($param);
129 my $digest = $fw_conf->{digest
};
130 # fixme: check digest
132 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
134 my $rule = $rules->[$param->{pos}];
136 return PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $param->{pos});
140 sub register_create_rule
{
145 if ($class->need_group_param()) {
146 $properties->{group
} = $api_properties->{group
};
149 my $create_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
151 $class->register_method({
152 name
=> 'create_rule',
155 description
=> "Create new rule.",
158 additionalProperties
=> 0,
159 properties
=> $create_rule_properties,
161 returns
=> { type
=> "null" },
165 my ($fw_conf, $rules) = $class->load_config($param);
167 my $digest = $fw_conf->{digest
};
169 my $rule = { type
=> 'out', action
=> 'ACCEPT', enable
=> 0};
171 PVE
::Firewall
::copy_rule_data
($rule, $param);
173 unshift @$rules, $rule;
175 $class->save_rules($param, $fw_conf, $rules);
181 sub register_update_rule
{
186 $properties->{pos} = $api_properties->{pos};
188 if ($class->need_group_param()) {
189 $properties->{group
} = $api_properties->{group
};
192 $properties->{moveto
} = {
193 description
=> "Move rule to new position <moveto>. Other arguments are ignored.",
199 my $update_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
201 $class->register_method({
202 name
=> 'update_rule',
205 description
=> "Modify rule data.",
208 additionalProperties
=> 0,
209 properties
=> $update_rule_properties,
211 returns
=> { type
=> "null" },
215 my ($fw_conf, $rules) = $class->load_config($param);
217 my $digest = $fw_conf->{digest
};
218 # fixme: check digest
220 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
222 my $rule = $rules->[$param->{pos}];
224 my $moveto = $param->{moveto
};
225 if (defined($moveto) && $moveto != $param->{pos}) {
227 for (my $i = 0; $i < scalar(@$rules); $i++) {
228 next if $i == $param->{pos};
230 push @$newrules, $rule;
232 push @$newrules, $rules->[$i];
234 push @$newrules, $rule if $moveto >= scalar(@$rules);
237 PVE
::Firewall
::copy_rule_data
($rule, $param);
240 $class->save_rules($param, $fw_conf, $rules);
246 sub register_delete_rule
{
251 $properties->{pos} = $api_properties->{pos};
253 if ($class->need_group_param()) {
254 $properties->{group
} = $api_properties->{group
};
257 $class->register_method({
258 name
=> 'delete_rule',
261 description
=> "Delete rule.",
264 additionalProperties
=> 0,
265 properties
=> $properties,
267 returns
=> { type
=> "null" },
271 my ($fw_conf, $rules) = $class->load_config($param);
273 my $digest = $fw_conf->{digest
};
274 # fixme: check digest
276 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
278 splice(@$rules, $param->{pos}, 1);
280 $class->save_rules($param, $fw_conf, $rules);
286 sub register_handlers
{
289 $class->register_get_rules();
290 $class->register_get_rule();
291 $class->register_create_rule();
292 $class->register_update_rule();
293 $class->register_delete_rule();
296 package PVE
::API2
::Firewall
::GroupRules
;
301 use base
qw(PVE::API2::Firewall::RulesBase);
303 __PACKAGE__-
>need_group_param(1);
306 my ($class, $param) = @_;
308 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
309 my $rules = $fw_conf->{groups
}->{$param->{group
}};
310 die "no such security group '$param->{group}'\n" if !defined($rules);
312 return ($fw_conf, $rules);
316 my ($class, $param, $fw_conf, $rules) = @_;
318 $fw_conf->{groups
}->{$param->{group
}} = $rules;
319 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
322 __PACKAGE__-
>register_handlers('groups');
324 package PVE
::API2
::Firewall
::ClusterRules
;
329 use base
qw(PVE::API2::Firewall::RulesBase);
332 my ($class, $param) = @_;
334 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
335 my $rules = $fw_conf->{rules
};
337 return ($fw_conf, $rules);
341 my ($class, $param, $fw_conf, $rules) = @_;
343 $fw_conf->{rules
} = $rules;
344 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
347 __PACKAGE__-
>register_handlers('cluster');