use base qw(PVE::RESTHandler);
-my $api_properties = {
+my $api_properties = {
cidr => {
description => "Network/IP specification in CIDR format.",
type => 'string', format => 'IPorCIDR',
},
};
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ die "implement this in subclass";
+}
+
sub load_config {
my ($class, $param) = @_;
sub rule_env {
my ($class, $param) = @_;
-
+
die "implement this in subclass";
}
type => 'string',
optional => 1,
},
- digest => get_standard_option('pve-config-digest', { optional => 0} ),
+ digest => get_standard_option('pve-config-digest', { optional => 0} ),
},
},
links => [ { rel => 'child', href => "{name}" } ],
code => sub {
my ($param) = @_;
- my ($fw_conf, $aliases) = $class->load_config($param);
+ $class->lock_config($param, sub {
+ my ($param) = @_;
- my $name = lc($param->{name});
-
- raise_param_exc({ name => "alias '$param->{name}' already exists" })
- if defined($aliases->{$name});
-
- my $data = { name => $param->{name}, cidr => $param->{cidr} };
- $data->{comment} = $param->{comment} if $param->{comment};
+ my ($fw_conf, $aliases) = $class->load_config($param);
+
+ my $name = lc($param->{name});
+
+ raise_param_exc({ name => "alias '$param->{name}' already exists" })
+ if defined($aliases->{$name});
- $aliases->{$name} = $data;
+ my $data = { name => $param->{name}, cidr => $param->{cidr} };
+ $data->{comment} = $param->{comment} if $param->{comment};
- $class->save_aliases($param, $fw_conf, $aliases);
+ $aliases->{$name} = $data;
+
+ $class->save_aliases($param, $fw_conf, $aliases);
+ });
return undef;
}});
my $properties = $class->additional_parameters();
$properties->{name} = $api_properties->{name};
-
+
$class->register_method({
name => 'read_alias',
path => '{name}',
code => sub {
my ($param) = @_;
- my ($fw_conf, $aliases) = $class->load_config($param);
+ $class->lock_config($param, sub {
+ my ($param) = @_;
- my $list = &$aliases_to_list($aliases);
+ my ($fw_conf, $aliases) = $class->load_config($param);
- my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list);
+ my $list = &$aliases_to_list($aliases);
- PVE::Tools::assert_if_modified($digest, $param->{digest});
+ my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list);
- my $name = lc($param->{name});
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
- raise_param_exc({ name => "no such alias" }) if !$aliases->{$name};
+ my $name = lc($param->{name});
- my $data = { name => $param->{name}, cidr => $param->{cidr} };
- $data->{comment} = $param->{comment} if $param->{comment};
+ raise_param_exc({ name => "no such alias" }) if !$aliases->{$name};
- $aliases->{$name} = $data;
+ my $data = { name => $param->{name}, cidr => $param->{cidr} };
+ $data->{comment} = $param->{comment} if $param->{comment};
- my $rename = lc($param->{rename});
+ $aliases->{$name} = $data;
- if ($rename && ($name ne $rename)) {
- raise_param_exc({ name => "alias '$param->{rename}' already exists" })
- if defined($aliases->{$rename});
- $aliases->{$name}->{name} = $param->{rename};
- $aliases->{$rename} = $aliases->{$name};
- delete $aliases->{$name};
- }
+ my $rename = $param->{rename};
+ $rename = lc($rename) if $rename;
- $class->save_aliases($param, $fw_conf, $aliases);
+ if ($rename && ($name ne $rename)) {
+ raise_param_exc({ name => "alias '$param->{rename}' already exists" })
+ if defined($aliases->{$rename});
+ $aliases->{$name}->{name} = $param->{rename};
+ $aliases->{$rename} = $aliases->{$name};
+ delete $aliases->{$name};
+ }
+
+ $class->save_aliases($param, $fw_conf, $aliases);
+ });
return undef;
}});
code => sub {
my ($param) = @_;
- my ($fw_conf, $aliases) = $class->load_config($param);
+ $class->lock_config($param, sub {
+ my ($param) = @_;
- my $list = &$aliases_to_list($aliases);
- my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list);
- PVE::Tools::assert_if_modified($digest, $param->{digest});
+ my ($fw_conf, $aliases) = $class->load_config($param);
- my $name = lc($param->{name});
- delete $aliases->{$name};
+ my $list = &$aliases_to_list($aliases);
+ my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
+
+ my $name = lc($param->{name});
+ delete $aliases->{$name};
+
+ $class->save_aliases($param, $fw_conf, $aliases);
+ });
- $class->save_aliases($param, $fw_conf, $aliases);
-
return undef;
}});
}
sub rule_env {
my ($class, $param) = @_;
-
+
return 'cluster';
}
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ PVE::Firewall::lock_clusterfw_conf(10, $code, $param);
+}
+
sub load_config {
my ($class, $param) = @_;
sub rule_env {
my ($class, $param) = @_;
-
+
return 'vm';
}
-__PACKAGE__->additional_parameters({
+__PACKAGE__->additional_parameters({
node => get_standard_option('pve-node'),
- vmid => get_standard_option('pve-vmid'),
+ vmid => get_standard_option('pve-vmid'),
});
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param);
+}
+
sub load_config {
my ($class, $param) = @_;
sub rule_env {
my ($class, $param) = @_;
-
+
return 'ct';
}
-__PACKAGE__->additional_parameters({
+__PACKAGE__->additional_parameters({
node => get_standard_option('pve-node'),
- vmid => get_standard_option('pve-vmid'),
+ vmid => get_standard_option('pve-vmid'),
});
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param);
+}
+
sub load_config {
my ($class, $param) = @_;