use base qw(PVE::RESTHandler);
-my $api_properties = {
+my $api_properties = {
cidr => {
description => "Network/IP specification in CIDR format.",
- type => 'string', format => 'IPv4orCIDR',
+ type => 'string', format => 'IPorCIDR',
},
name => get_standard_option('pve-fw-alias'),
rename => get_standard_option('pve-fw-alias', {
die "implement this in subclass";
}
+sub rule_env {
+ my ($class, $param) = @_;
+
+ die "implement this in subclass";
+}
+
my $additional_param_hash = {};
sub additional_parameters {
path => '',
method => 'GET',
description => "List aliases",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
type => 'string',
optional => 1,
},
- digest => get_standard_option('pve-config-digest', { optional => 0} ),
+ digest => get_standard_option('pve-config-digest', { optional => 0} ),
},
},
links => [ { rel => 'child', href => "{name}" } ],
path => '',
method => 'POST',
description => "Create IP or Network Alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
my ($fw_conf, $aliases) = $class->load_config($param);
my $name = lc($param->{name});
-
- raise_param_exc({ name => "alias '$param->{name}' already exists" })
+
+ raise_param_exc({ name => "alias '$param->{name}' already exists" })
if defined($aliases->{$name});
-
+
my $data = { name => $param->{name}, cidr => $param->{cidr} };
$data->{comment} = $param->{comment} if $param->{comment};
my $properties = $class->additional_parameters();
$properties->{name} = $api_properties->{name};
-
+
$class->register_method({
name => 'read_alias',
path => '{name}',
method => 'GET',
description => "Read alias.",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
path => '{name}',
method => 'PUT',
description => "Update IP or Network alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
$aliases->{$name} = $data;
- my $rename = lc($param->{rename});
+ my $rename = $param->{rename};
+ $rename = lc($rename) if $rename;
if ($rename && ($name ne $rename)) {
- raise_param_exc({ name => "alias '$param->{rename}' already exists" })
+ raise_param_exc({ name => "alias '$param->{rename}' already exists" })
if defined($aliases->{$rename});
$aliases->{$name}->{name} = $param->{rename};
$aliases->{$rename} = $aliases->{$name};
path => '{name}',
method => 'DELETE',
description => "Remove IP or Network alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
delete $aliases->{$name};
$class->save_aliases($param, $fw_conf, $aliases);
-
+
return undef;
}});
}
use base qw(PVE::API2::Firewall::AliasesBase);
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'cluster';
+}
+
sub load_config {
my ($class, $param) = @_;
use base qw(PVE::API2::Firewall::AliasesBase);
-__PACKAGE__->additional_parameters({
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'vm';
+}
+
+__PACKAGE__->additional_parameters({
node => get_standard_option('pve-node'),
- vmid => get_standard_option('pve-vmid'),
+ vmid => get_standard_option('pve-vmid'),
});
sub load_config {
my ($class, $param) = @_;
- my $fw_conf = PVE::Firewall::load_vmfw_conf('vm', $param->{vmid});
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'vm', $param->{vmid});
my $aliases = $fw_conf->{aliases};
return ($fw_conf, $aliases);
use base qw(PVE::API2::Firewall::AliasesBase);
-__PACKAGE__->additional_parameters({
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'ct';
+}
+
+__PACKAGE__->additional_parameters({
node => get_standard_option('pve-node'),
- vmid => get_standard_option('pve-vmid'),
+ vmid => get_standard_option('pve-vmid'),
});
sub load_config {
my ($class, $param) = @_;
- my $fw_conf = PVE::Firewall::load_vmfw_conf('ct', $param->{vmid});
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'ct', $param->{vmid});
my $aliases = $fw_conf->{aliases};
return ($fw_conf, $aliases);