my $api_properties = {
cidr => {
description => "Network/IP specification in CIDR format.",
- type => 'string', format => 'IPv4orCIDR',
+ type => 'string', format => 'IPorCIDR',
},
name => get_standard_option('pve-fw-alias'),
rename => get_standard_option('pve-fw-alias', {
die "implement this in subclass";
}
+sub rule_env {
+ my ($class, $param) = @_;
+
+ die "implement this in subclass";
+}
+
my $additional_param_hash = {};
sub additional_parameters {
path => '',
method => 'GET',
description => "List aliases",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
path => '',
method => 'POST',
description => "Create IP or Network Alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
path => '{name}',
method => 'GET',
description => "Read alias.",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
path => '{name}',
method => 'PUT',
description => "Update IP or Network alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
path => '{name}',
method => 'DELETE',
description => "Remove IP or Network alias.",
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
use base qw(PVE::API2::Firewall::AliasesBase);
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'cluster';
+}
+
sub load_config {
my ($class, $param) = @_;
use base qw(PVE::API2::Firewall::AliasesBase);
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'vm';
+}
+
__PACKAGE__->additional_parameters({
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
sub load_config {
my ($class, $param) = @_;
- my $fw_conf = PVE::Firewall::load_vmfw_conf('vm', $param->{vmid});
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'vm', $param->{vmid});
my $aliases = $fw_conf->{aliases};
return ($fw_conf, $aliases);
use base qw(PVE::API2::Firewall::AliasesBase);
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'ct';
+}
+
__PACKAGE__->additional_parameters({
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
sub load_config {
my ($class, $param) = @_;
- my $fw_conf = PVE::Firewall::load_vmfw_conf('ct', $param->{vmid});
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'ct', $param->{vmid});
my $aliases = $fw_conf->{aliases};
return ($fw_conf, $aliases);
projects / pve-firewall.git / blobdiff