]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Rules.pm
1 package PVE
::API2
::Firewall
::RulesBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
9 use base
qw(PVE::RESTHandler);
11 my $api_properties = {
13 description
=> "Rule position.",
20 my ($class, $param) = @_;
22 die "implement this in subclass";
24 #return ($fw_conf, $rules);
28 my ($class, $param, $fw_conf, $rules) = @_;
30 die "implement this in subclass";
33 my $additional_param_hash = {};
35 sub additional_parameters
{
36 my ($class, $new_value) = @_;
38 if (defined($new_value)) {
39 $additional_param_hash->{$class} = $new_value;
44 my $org = $additional_param_hash->{$class} || {};
45 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
49 sub register_get_rules
{
52 my $properties = $class->additional_parameters();
54 $class->register_method({
58 description
=> "List rules.",
60 additionalProperties
=> 0,
61 properties
=> $properties,
73 links
=> [ { rel
=> 'child', href
=> "{pos}" } ],
78 my ($fw_conf, $rules) = $class->load_config($param);
80 my $digest = $fw_conf->{digest
};
85 foreach my $rule (@$rules) {
86 push @$res, PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $ind++);
93 sub register_get_rule
{
96 my $properties = $class->additional_parameters();
98 $properties->{pos} = $api_properties->{pos};
100 $class->register_method({
104 description
=> "Get single rule data.",
106 additionalProperties
=> 0,
107 properties
=> $properties,
120 my ($fw_conf, $rules) = $class->load_config($param);
122 my $digest = $fw_conf->{digest
};
123 # fixme: check digest
125 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
127 my $rule = $rules->[$param->{pos}];
129 return PVE
::Firewall
::cleanup_fw_rule
($rule, $digest, $param->{pos});
133 sub register_create_rule
{
136 my $properties = $class->additional_parameters();
138 my $create_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
139 $create_rule_properties->{action
}->{optional
} = 0;
140 $create_rule_properties->{type
}->{optional
} = 0;
142 $class->register_method({
143 name
=> 'create_rule',
146 description
=> "Create new rule.",
149 additionalProperties
=> 0,
150 properties
=> $create_rule_properties,
152 returns
=> { type
=> "null" },
156 my ($fw_conf, $rules) = $class->load_config($param);
158 my $digest = $fw_conf->{digest
};
162 PVE
::Firewall
::copy_rule_data
($rule, $param);
164 $rule->{enable
} = 0 if !defined($param->{enable
});
166 unshift @$rules, $rule;
168 $class->save_rules($param, $fw_conf, $rules);
174 sub register_update_rule
{
177 my $properties = $class->additional_parameters();
179 $properties->{pos} = $api_properties->{pos};
181 $properties->{moveto
} = {
182 description
=> "Move rule to new position <moveto>. Other arguments are ignored.",
188 $properties->{delete} = {
189 type
=> 'string', format
=> 'pve-configid-list',
190 description
=> "A list of settings you want to delete.",
194 my $update_rule_properties = PVE
::Firewall
::add_rule_properties
($properties);
196 $class->register_method({
197 name
=> 'update_rule',
200 description
=> "Modify rule data.",
203 additionalProperties
=> 0,
204 properties
=> $update_rule_properties,
206 returns
=> { type
=> "null" },
210 my ($fw_conf, $rules) = $class->load_config($param);
212 my $digest = $fw_conf->{digest
};
213 # fixme: check digest
215 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
217 my $rule = $rules->[$param->{pos}];
219 my $moveto = $param->{moveto
};
220 if (defined($moveto) && $moveto != $param->{pos}) {
222 for (my $i = 0; $i < scalar(@$rules); $i++) {
223 next if $i == $param->{pos};
225 push @$newrules, $rule;
227 push @$newrules, $rules->[$i];
229 push @$newrules, $rule if $moveto >= scalar(@$rules);
232 raise_param_exc
({ type
=> "property is missing"})
233 if !defined($param->{type
});
234 raise_param_exc
({ action
=> "property is missing"})
235 if !defined($param->{action
});
237 PVE
::Firewall
::copy_rule_data
($rule, $param);
239 PVE
::Firewall
::delete_rule_properties
($rule, $param->{'delete'}) if $param->{'delete'};
242 $class->save_rules($param, $fw_conf, $rules);
248 sub register_delete_rule
{
251 my $properties = $class->additional_parameters();
253 $properties->{pos} = $api_properties->{pos};
255 $class->register_method({
256 name
=> 'delete_rule',
259 description
=> "Delete rule.",
262 additionalProperties
=> 0,
263 properties
=> $properties,
265 returns
=> { type
=> "null" },
269 my ($fw_conf, $rules) = $class->load_config($param);
271 my $digest = $fw_conf->{digest
};
272 # fixme: check digest
274 die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
276 splice(@$rules, $param->{pos}, 1);
278 $class->save_rules($param, $fw_conf, $rules);
284 sub register_handlers
{
287 $class->register_get_rules();
288 $class->register_get_rule();
289 $class->register_create_rule();
290 $class->register_update_rule();
291 $class->register_delete_rule();
294 package PVE
::API2
::Firewall
::GroupRules
;
299 use base
qw(PVE::API2::Firewall::RulesBase);
301 __PACKAGE__-
>additional_parameters({ group
=> {
302 description
=> "Security group name.",
304 maxLength
=> 20, # fixme: what length?
308 my ($class, $param) = @_;
310 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
311 my $rules = $fw_conf->{groups
}->{$param->{group
}};
312 die "no such security group '$param->{group}'\n" if !defined($rules);
314 return ($fw_conf, $rules);
318 my ($class, $param, $fw_conf, $rules) = @_;
320 $fw_conf->{groups
}->{$param->{group
}} = $rules;
321 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
324 __PACKAGE__-
>register_handlers();
326 package PVE
::API2
::Firewall
::ClusterRules
;
331 use base
qw(PVE::API2::Firewall::RulesBase);
334 my ($class, $param) = @_;
336 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
337 my $rules = $fw_conf->{rules
};
339 return ($fw_conf, $rules);
343 my ($class, $param, $fw_conf, $rules) = @_;
345 $fw_conf->{rules
} = $rules;
346 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
349 __PACKAGE__-
>register_handlers();
351 package PVE
::API2
::Firewall
::HostRules
;
355 use PVE
::JSONSchema
qw(get_standard_option);
357 use base
qw(PVE::API2::Firewall::RulesBase);
359 __PACKAGE__-
>additional_parameters({ node
=> get_standard_option
('pve-node')});
362 my ($class, $param) = @_;
364 my $fw_conf = PVE
::Firewall
::load_hostfw_conf
();
365 my $rules = $fw_conf->{rules
};
367 return ($fw_conf, $rules);
371 my ($class, $param, $fw_conf, $rules) = @_;
373 $fw_conf->{rules
} = $rules;
374 PVE
::Firewall
::save_hostfw_conf
($fw_conf);
377 __PACKAGE__-
>register_handlers();
379 package PVE
::API2
::Firewall
::VMRules
;
383 use PVE
::JSONSchema
qw(get_standard_option);
385 use base
qw(PVE::API2::Firewall::RulesBase);
387 __PACKAGE__-
>additional_parameters({
388 node
=> get_standard_option
('pve-node'),
389 vmid
=> get_standard_option
('pve-vmid'),
393 my ($class, $param) = @_;
395 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($param->{vmid
});
396 my $rules = $fw_conf->{rules
};
398 return ($fw_conf, $rules);
402 my ($class, $param, $fw_conf, $rules) = @_;
404 $fw_conf->{rules
} = $rules;
405 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $fw_conf);
408 __PACKAGE__-
>register_handlers();