prefix ipset chains with PVEFW-
[pve-firewall.git] / src / PVE / API2 / Firewall / VM.pm
1 package PVE::API2::Firewall::VM;
2
3 use strict;
4 use warnings;
5 use PVE::JSONSchema qw(get_standard_option);
6 use PVE::Cluster;
7 use PVE::Firewall;
8 use PVE::API2::Firewall::Rules;
9
10 use Data::Dumper; # fixme: remove
11
12 use base qw(PVE::RESTHandler);
13
14 __PACKAGE__->register_method ({
15 subclass => "PVE::API2::Firewall::VMRules",
16 path => 'rules',
17 });
18
19 __PACKAGE__->register_method({
20 name => 'index',
21 path => '',
22 method => 'GET',
23 permissions => { user => 'all' },
24 description => "Directory index.",
25 parameters => {
26 additionalProperties => 0,
27 properties => {
28 node => get_standard_option('pve-node'),
29 vmid => get_standard_option('pve-vmid'),
30 },
31 },
32 returns => {
33 type => 'array',
34 items => {
35 type => "object",
36 properties => {},
37 },
38 links => [ { rel => 'child', href => "{name}" } ],
39 },
40 code => sub {
41 my ($param) = @_;
42
43 my $result = [
44 { name => 'rules' },
45 { name => 'options' },
46 ];
47
48 return $result;
49 }});
50
51 __PACKAGE__->register_method({
52 name => 'get_options',
53 path => 'options',
54 method => 'GET',
55 description => "Get host firewall options.",
56 proxyto => 'node',
57 parameters => {
58 additionalProperties => 0,
59 properties => {
60 node => get_standard_option('pve-node'),
61 vmid => get_standard_option('pve-vmid'),
62 },
63 },
64 returns => {
65 type => "object",
66 properties => {},
67 },
68 code => sub {
69 my ($param) = @_;
70
71 my $vmid = $param->{vmid};
72
73 my $vmlist = PVE::Cluster::get_vmlist();
74
75 die "no such VM ('$vmid')\n"
76 if !($vmlist && $vmlist->{ids} && defined($vmlist->{ids}->{$vmid}));
77
78 my $vmfw_conf = PVE::Firewall::load_vmfw_conf($vmid);
79
80 my $options = $vmfw_conf->{options} || {};
81
82 my $digest = $vmfw_conf->{digest};
83
84 $options->{digest} = $digest;
85
86 return $options;
87 }});
88
89 1;