]> git.proxmox.com Git - pve-firewall.git/blobdiff - src/PVE/API2/Firewall/Cluster.pm
projects / pve-firewall.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix #5335: stable sorting in cluster.fw
[pve-firewall.git] / src / PVE / API2 / Firewall / Cluster.pm
diff --git a/src/PVE/API2/Firewall/Cluster.pm b/src/PVE/API2/Firewall/Cluster.pm
index c4e2b63bcf8d5e1b783d7552be9fa64a044b3c39..48ad90d40b2a6ebc8646678d9d0c917f84d08ecb 100644 (file)
--- a/src/PVE/API2/Firewall/Cluster.pm
+++ b/src/PVE/API2/Firewall/Cluster.pm
@@ -13,7 +13,6 @@ use PVE::API2::Firewall::IPSet;
 
 #fixme: locking?
 
-use Data::Dumper; # fixme: remove
 
 use base qw(PVE::RESTHandler);
 
@@ -71,25 +70,7 @@ __PACKAGE__->register_method({
        return $result;
     }});
 
-my $option_properties = {
-    enable => {
-       type => 'integer',
-       minimum => 0,
-       optional => 1,
-    },
-    policy_in => {
-       description => "Input policy.",
-       type => 'string',
-       optional => 1,
-       enum => ['ACCEPT', 'REJECT', 'DROP'],
-    },
-    policy_out => {
-       description => "Output policy.",
-       type => 'string',
-       optional => 1,
-       enum => ['ACCEPT', 'REJECT', 'DROP'],
-    },
-};
+my $option_properties = $PVE::Firewall::cluster_option_properties;
 
 my $add_option_properties = sub {
     my ($properties) = @_;
@@ -151,29 +132,31 @@ __PACKAGE__->register_method({
     code => sub {
        my ($param) = @_;
 
-       my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+       PVE::Firewall::lock_clusterfw_conf(10, sub {
+           my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
 
-       my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
-       PVE::Tools::assert_if_modified($digest, $param->{digest});
+           my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
+           PVE::Tools::assert_if_modified($digest, $param->{digest});
 
-       if ($param->{delete}) {
-           foreach my $opt (PVE::Tools::split_list($param->{delete})) {
-               raise_param_exc({ delete => "no such option '$opt'" })
-                   if !$option_properties->{$opt};
-               delete $cluster_conf->{options}->{$opt};
+           if ($param->{delete}) {
+               foreach my $opt (PVE::Tools::split_list($param->{delete})) {
+                   raise_param_exc({ delete => "no such option '$opt'" })
+                       if !$option_properties->{$opt};
+                   delete $cluster_conf->{options}->{$opt};
+               }
            }
-       }
 
-       if (defined($param->{enable}) && ($param->{enable} > 1)) {
-           $param->{enable} = time();
-       }
+           if (defined($param->{enable}) && ($param->{enable} > 1)) {
+               $param->{enable} = time();
+           }
 
-       foreach my $k (keys %$option_properties) {
-           next if !defined($param->{$k});
-           $cluster_conf->{options}->{$k} = $param->{$k};
-       }
+           foreach my $k (keys %$option_properties) {
+               next if !defined($param->{$k});
+               $cluster_conf->{options}->{$k} = $param->{$k};
+           }
 
-       PVE::Firewall::save_clusterfw_conf($cluster_conf);
+           PVE::Firewall::save_clusterfw_conf($cluster_conf);
+       });
 
        # instant firewall update when using double (anti-lockout) API call
        # -> not waiting for a firewall update at the first (timestamp enable) set
@@ -257,6 +240,9 @@ __PACKAGE__->register_method({
                ref => {
                    type => 'string',
                },
+               scope => {
+                   type => 'string',
+               },
                comment => {
                    type => 'string',
                    optional => 1,
@@ -269,36 +255,7 @@ __PACKAGE__->register_method({
 
        my $conf = PVE::Firewall::load_clusterfw_conf();
 
-       my $res = [];
-
-       if (!$param->{type} || $param->{type} eq 'ipset') {
-           foreach my $name (keys %{$conf->{ipset}}) {
-               my $data = {
-                   type => 'ipset',
-                   name => $name,
-                   ref => "+$name",
-               };
-               if (my $comment = $conf->{ipset_comments}->{$name}) {
-                   $data->{comment} = $comment;
-               }
-               push @$res, $data;
-           }
-       }
-
-       if (!$param->{type} || $param->{type} eq 'alias') {
-           foreach my $name (keys %{$conf->{aliases}}) {
-               my $e = $conf->{aliases}->{$name};
-               my $data = {
-                   type => 'alias',
-                   name => $name,
-                   ref => $name,
-               };
-               $data->{comment} = $e->{comment} if $e->{comment};
-               push @$res, $data;
-           }
-       }
-
-       return $res;
+       return PVE::Firewall::Helpers::collect_refs($conf, $param->{type}, "dc");
     }});
 
 1;
Firewall test scripts