proxy host rule API calls to correct node

[pve-firewall.git] / src / PVE / API2 / Firewall / Cluster.pm

diff --git a/src/PVE/API2/Firewall/Cluster.pm b/src/PVE/API2/Firewall/Cluster.pm
index d104c34d92c9b3c2824904bb55facf19670517d3..e8b44d2f6568b06a9764d4c9b93021790f1d4d8b 100644 (file)
--- a/src/PVE/API2/Firewall/Cluster.pm
+++ b/src/PVE/API2/Firewall/Cluster.pm
@@ -6,6 +6,7 @@ use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
 use PVE::JSONSchema qw(get_standard_option);
 
 use PVE::Firewall;
+use PVE::API2::Firewall::Aliases;
 use PVE::API2::Firewall::Rules;
 use PVE::API2::Firewall::Groups;
 use PVE::API2::Firewall::IPSet;
@@ -17,20 +18,26 @@ use Data::Dumper; # fixme: remove
 use base qw(PVE::RESTHandler);
 
 __PACKAGE__->register_method ({
-    subclass => "PVE::API2::Firewall::Groups",  
+    subclass => "PVE::API2::Firewall::Groups",
     path => 'groups',
 });
 
 __PACKAGE__->register_method ({
-    subclass => "PVE::API2::Firewall::ClusterRules",  
+    subclass => "PVE::API2::Firewall::ClusterRules",
     path => 'rules',
 });
 
 __PACKAGE__->register_method ({
-    subclass => "PVE::API2::Firewall::ClusterIPSetList",  
+    subclass => "PVE::API2::Firewall::ClusterIPSetList",
     path => 'ipset',
 });
 
+__PACKAGE__->register_method ({
+    subclass => "PVE::API2::Firewall::ClusterAliases",
+    path => 'aliases',
+});
+
+
 __PACKAGE__->register_method({
     name => 'index',
     path => '',
@@ -52,11 +59,13 @@ __PACKAGE__->register_method({
        my ($param) = @_;
 
        my $result = [
+           { name => 'aliases' },
            { name => 'rules' },
            { name => 'options' },
            { name => 'groups' },
            { name => 'ipset' },
            { name => 'macros' },
+           { name => 'refs' },
            ];
 
        return $result;
@@ -73,7 +82,7 @@ my $option_properties = {
        optional => 1,
        enum => ['ACCEPT', 'REJECT', 'DROP'],
     },
-    policy_out => { 
+    policy_out => {
        description => "Output policy.",
        type => 'string',
        optional => 1,
@@ -87,7 +96,7 @@ my $add_option_properties = sub {
     foreach my $k (keys %$option_properties) {
        $properties->{$k} = $option_properties->{$k};
     }
-    
+
     return $properties;
 };
 
@@ -142,7 +151,7 @@ __PACKAGE__->register_method({
 
        if ($param->{delete}) {
            foreach my $opt (PVE::Tools::split_list($param->{delete})) {
-               raise_param_exc({ delete => "no such option '$opt'" }) 
+               raise_param_exc({ delete => "no such option '$opt'" })
                    if !$option_properties->{$opt};
                delete $cluster_conf->{options}->{$opt};
            }
@@ -154,7 +163,7 @@ __PACKAGE__->register_method({
 
        foreach my $k (keys %$option_properties) {
            next if !defined($param->{$k});
-           $cluster_conf->{options}->{$k} = $param->{$k}; 
+           $cluster_conf->{options}->{$k} = $param->{$k};
        }
 
        PVE::Firewall::save_clusterfw_conf($cluster_conf);
@@ -200,4 +209,79 @@ __PACKAGE__->register_method({
        return $res;
     }});
 
+__PACKAGE__->register_method({
+    name => 'refs',
+    path => 'refs',
+    method => 'GET',
+    description => "Lists possible IPSet/Alias reference which are allowed in source/dest properties.",
+    parameters => {
+       additionalProperties => 0,
+       properties => {
+           type => {
+               description => "Only list references of specified type.",
+               type => 'string',
+               enum => ['alias', 'ipset'],
+               optional => 1,
+           },
+       },
+    },
+    returns => {
+       type => 'array',
+       items => {
+           type => "object",
+           properties => {
+               type => {
+                   type => 'string',
+                   enum => ['alias', 'ipset'],
+               },
+               name => {
+                   type => 'string',
+               },
+               ref => {
+                   type => 'string',
+               },
+               comment => {
+                   type => 'string',
+                   optional => 1,
+               },
+           },
+       },
+    },
+    code => sub {
+       my ($param) = @_;
+
+       my $conf = PVE::Firewall::load_clusterfw_conf();
+
+       my $res = [];
+
+       if (!$param->{type} || $param->{type} eq 'ipset') {
+           foreach my $name (keys %{$conf->{ipset}}) {
+               my $data = {
+                   type => 'ipset',
+                   name => $name,
+                   ref => "+$name",
+               };
+               if (my $comment = $conf->{ipset_comments}->{$name}) {
+                   $data->{comment} = $comment;
+               }
+               push @$res, $data;
+           }
+       }
+
+       if (!$param->{type} || $param->{type} eq 'alias') {
+           foreach my $name (keys %{$conf->{aliases}}) {
+               my $e = $conf->{aliases}->{$name};
+               my $data = {
+                   type => 'alias',
+                   name => $name,
+                   ref => $name,
+               };
+               $data->{comment} = $e->{comment} if $e->{comment};
+               push @$res, $data;
+           }
+       }
+
+       return $res;
+    }});
+
 1;