]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Rules.pm
1 package PVE
::API2
::Firewall
::RulesBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
6 use PVE
::Exception
qw(raise raise_param_exc);
10 use base
qw(PVE::RESTHandler);
12 my $api_properties = {
14 description
=> "Rule position.",
21 my ($class, $param) = @_;
23 die "implement this in subclass";
25 #return ($fw_conf, $rules);
29 my ($class, $param, $fw_conf, $rules) = @_;
31 die "implement this in subclass";
34 my $additional_param_hash = {};
40 sub additional_parameters
{
41 my ($class, $new_value) = @_;
43 if (defined($new_value)) {
44 $additional_param_hash->{$class} = $new_value;
49 my $org = $additional_param_hash->{$class} || {};
50 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
54 sub register_get_rules
{
57 my $properties = $class->additional_parameters();
59 $class->register_method({
63 description
=> "List rules.",
65 additionalProperties
=> 0,
66 properties
=> $properties,
78 links
=> [ { rel
=> 'child', href
=> "{pos}" } ],
83 my ($fw_conf, $rules) = $class->load_config($param);
85 my $digest = $fw_conf->{digest
};
90 foreach my $rule (@$rules) {
91 push @$res, PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $ind++);
98 sub register_get_rule
{
101 my $properties = $class->additional_parameters();
103 $properties->{pos} = $api_properties->{pos};
105 $class->register_method({
109 description
=> "Get single rule data.",
111 additionalProperties
=> 0,
112 properties
=> $properties,
125 my ($fw_conf, $rules) = $class->load_config($param);
127 my $digest = $fw_conf->{digest
};
128 # fixme: check digest
130 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
132 my $rule = $rules->[$param->{pos}];
134 return PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $param->{pos});
138 sub register_create_rule
{
141 my $properties = $class->additional_parameters();
143 my $create_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
144 $create_rule_properties->{action
}->{optional
} = 0;
145 $create_rule_properties->{type
}->{optional
} = 0;
147 $class->register_method({
148 name
=> 'create_rule',
151 description
=> "Create new rule.",
154 additionalProperties
=> 0,
155 properties
=> $create_rule_properties,
157 returns
=> { type
=> "null" },
161 my ($fw_conf, $rules) = $class->load_config($param);
163 my $digest = $fw_conf->{digest
};
167 PVE
::Firewall
::copy_rule_data
($rule, $param);
168 PVE
::Firewall
::verify_rule
($rule, $class->allow_groups());
170 $rule->{enable
} = 0 if !defined($param->{enable
});
172 unshift @$rules, $rule;
174 $class->save_rules($param, $fw_conf, $rules);
180 sub register_update_rule
{
183 my $properties = $class->additional_parameters();
185 $properties->{pos} = $api_properties->{pos};
187 $properties->{moveto
} = {
188 description
=> "Move rule to new position <moveto>. Other arguments are ignored.",
194 $properties->{delete} = {
195 type
=> 'string', format
=> 'pve-configid-list',
196 description
=> "A list of settings you want to delete.",
200 my $update_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
202 $class->register_method({
203 name
=> 'update_rule',
206 description
=> "Modify rule data.",
209 additionalProperties
=> 0,
210 properties
=> $update_rule_properties,
212 returns
=> { type
=> "null" },
216 my ($fw_conf, $rules) = $class->load_config($param);
218 my $digest = $fw_conf->{digest
};
219 # fixme: check digest
221 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
223 my $rule = $rules->[$param->{pos}];
225 my $moveto = $param->{moveto
};
226 if (defined($moveto) && $moveto != $param->{pos}) {
228 for (my $i = 0; $i < scalar(@$rules); $i++) {
229 next if $i == $param->{pos};
231 push @$newrules, $rule;
233 push @$newrules, $rules->[$i];
235 push @$newrules, $rule if $moveto >= scalar(@$rules);
238 raise_param_exc
({ type
=> "property is missing"})
239 if !defined($param->{type
});
240 raise_param_exc
({ action
=> "property is missing"})
241 if !defined($param->{action
});
243 PVE
::Firewall
::copy_rule_data
($rule, $param);
245 PVE
::Firewall
::delete_rule_properties
($rule, $param->{'delete'}) if $param->{'delete'};
247 PVE
::Firewall
::verify_rule
($rule, $class->allow_groups());
250 $class->save_rules($param, $fw_conf, $rules);
256 sub register_delete_rule
{
259 my $properties = $class->additional_parameters();
261 $properties->{pos} = $api_properties->{pos};
263 $class->register_method({
264 name
=> 'delete_rule',
267 description
=> "Delete rule.",
270 additionalProperties
=> 0,
271 properties
=> $properties,
273 returns
=> { type
=> "null" },
277 my ($fw_conf, $rules) = $class->load_config($param);
279 my $digest = $fw_conf->{digest
};
280 # fixme: check digest
282 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
284 splice(@$rules, $param->{pos}, 1);
286 $class->save_rules($param, $fw_conf, $rules);
292 sub register_handlers
{
295 $class->register_get_rules();
296 $class->register_get_rule();
297 $class->register_create_rule();
298 $class->register_update_rule();
299 $class->register_delete_rule();
302 package PVE
::API2
::Firewall
::GroupRules
;
306 use PVE
::JSONSchema
qw(get_standard_option);
308 use base
qw(PVE::API2::Firewall::RulesBase);
310 __PACKAGE__-
>additional_parameters({ group
=> get_standard_option
('pve-security-group-name') });
317 my ($class, $param) = @_;
319 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
320 my $rules = $fw_conf->{groups
}->{$param->{group
}};
321 die "no such security group '$param->{group}'\n" if !defined($rules);
323 return ($fw_conf, $rules);
327 my ($class, $param, $fw_conf, $rules) = @_;
329 $fw_conf->{groups
}->{$param->{group
}} = $rules;
330 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
333 __PACKAGE__-
>register_handlers();
335 package PVE
::API2
::Firewall
::ClusterRules
;
340 use base
qw(PVE::API2::Firewall::RulesBase);
343 my ($class, $param) = @_;
345 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
346 my $rules = $fw_conf->{rules
};
348 return ($fw_conf, $rules);
352 my ($class, $param, $fw_conf, $rules) = @_;
354 $fw_conf->{rules
} = $rules;
355 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
358 __PACKAGE__-
>register_handlers();
360 package PVE
::API2
::Firewall
::HostRules
;
364 use PVE
::JSONSchema
qw(get_standard_option);
366 use base
qw(PVE::API2::Firewall::RulesBase);
368 __PACKAGE__-
>additional_parameters({ node
=> get_standard_option
('pve-node')});
371 my ($class, $param) = @_;
373 my $fw_conf = PVE
::Firewall
::load_hostfw_conf
();
374 my $rules = $fw_conf->{rules
};
376 return ($fw_conf, $rules);
380 my ($class, $param, $fw_conf, $rules) = @_;
382 $fw_conf->{rules
} = $rules;
383 PVE
::Firewall
::save_hostfw_conf
($fw_conf);
386 __PACKAGE__-
>register_handlers();
388 package PVE
::API2
::Firewall
::VMRules
;
392 use PVE
::JSONSchema
qw(get_standard_option);
394 use base
qw(PVE::API2::Firewall::RulesBase);
396 __PACKAGE__-
>additional_parameters({
397 node
=> get_standard_option
('pve-node'),
398 vmid
=> get_standard_option
('pve-vmid'),
402 my ($class, $param) = @_;
404 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($param->{vmid
});
405 my $rules = $fw_conf->{rules
};
407 return ($fw_conf, $rules);
411 my ($class, $param, $fw_conf, $rules) = @_;
413 $fw_conf->{rules
} = $rules;
414 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
417 __PACKAGE__-
>register_handlers();