use base qw(PVE::RESTHandler);
my $api_properties = {
- group => {
- description => "Security group name.",
- type => 'string',
- maxLength => 20, # fixme: what length?
- },
pos => {
description => "Rule position.",
type => 'integer',
die "implement this in subclass";
}
-my $need_group_param_hash = {};
+my $additional_param_hash = {};
-sub need_group_param {
+sub additional_parameters {
my ($class, $new_value) = @_;
- $need_group_param_hash->{$class} = $new_value if defined($new_value);
+ if (defined($new_value)) {
+ $additional_param_hash->{$class} = $new_value;
+ }
- return $need_group_param_hash->{$class};
+ # return a copy
+ my $copy = {};
+ my $org = $additional_param_hash->{$class} || {};
+ foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
+ return $copy;
}
sub register_get_rules {
my ($class) = @_;
- my $properties = {};
-
- if ($class->need_group_param()) {
- $properties->{group} = $api_properties->{group};
- }
+ my $properties = $class->additional_parameters();
$class->register_method({
name => 'get_rules',
sub register_get_rule {
my ($class) = @_;
- my $properties = {};
+ my $properties = $class->additional_parameters();
$properties->{pos} = $api_properties->{pos};
- if ($class->need_group_param()) {
- $properties->{group} = $api_properties->{group};
- }
-
$class->register_method({
name => 'get_rule',
path => '{pos}',
sub register_create_rule {
my ($class) = @_;
- my $properties = {};
-
- if ($class->need_group_param()) {
- $properties->{group} = $api_properties->{group};
- }
+ my $properties = $class->additional_parameters();
my $create_rule_properties = PVE::Firewall::add_rule_properties($properties);
-
+ $create_rule_properties->{action}->{optional} = 0;
+ $create_rule_properties->{type}->{optional} = 0;
+
$class->register_method({
name => 'create_rule',
path => '',
my ($fw_conf, $rules) = $class->load_config($param);
my $digest = $fw_conf->{digest};
-
- my $rule = { type => 'out', action => 'ACCEPT', enable => 0};
+
+ my $rule = {};
PVE::Firewall::copy_rule_data($rule, $param);
+ $rule->{enable} = 0 if !defined($param->{enable});
+
unshift @$rules, $rule;
$class->save_rules($param, $fw_conf, $rules);
sub register_update_rule {
my ($class) = @_;
- my $properties = {};
+ my $properties = $class->additional_parameters();
$properties->{pos} = $api_properties->{pos};
- if ($class->need_group_param()) {
- $properties->{group} = $api_properties->{group};
- }
-
$properties->{moveto} = {
description => "Move rule to new position <moveto>. Other arguments are ignored.",
type => 'integer',
optional => 1,
};
+ $properties->{delete} = {
+ type => 'string', format => 'pve-configid-list',
+ description => "A list of settings you want to delete.",
+ optional => 1,
+ };
+
my $update_rule_properties = PVE::Firewall::add_rule_properties($properties);
$class->register_method({
push @$newrules, $rule if $moveto >= scalar(@$rules);
$rules = $newrules;
} else {
+ raise_param_exc({ type => "property is missing"})
+ if !defined($param->{type});
+ raise_param_exc({ action => "property is missing"})
+ if !defined($param->{action});
+
PVE::Firewall::copy_rule_data($rule, $param);
+
+ PVE::Firewall::delete_rule_properties($rule, $param->{'delete'}) if $param->{'delete'};
}
$class->save_rules($param, $fw_conf, $rules);
sub register_delete_rule {
my ($class) = @_;
- my $properties = {};
+ my $properties = $class->additional_parameters();
$properties->{pos} = $api_properties->{pos};
- if ($class->need_group_param()) {
- $properties->{group} = $api_properties->{group};
- }
-
$class->register_method({
name => 'delete_rule',
path => '{pos}',
use base qw(PVE::API2::Firewall::RulesBase);
-__PACKAGE__->need_group_param(1);
+__PACKAGE__->additional_parameters({ group => {
+ description => "Security group name.",
+ type => 'string',
+ maxLength => 20, # fixme: what length?
+}});
sub load_config {
my ($class, $param) = @_;
PVE::Firewall::save_clusterfw_conf($fw_conf);
}
-__PACKAGE__->register_handlers('groups');
+__PACKAGE__->register_handlers();
package PVE::API2::Firewall::ClusterRules;
PVE::Firewall::save_clusterfw_conf($fw_conf);
}
-__PACKAGE__->register_handlers('cluster');
+__PACKAGE__->register_handlers();
+
+package PVE::API2::Firewall::HostRules;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::RulesBase);
+
+__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node')});
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $fw_conf = PVE::Firewall::load_hostfw_conf();
+ my $rules = $fw_conf->{rules};
+
+ return ($fw_conf, $rules);
+}
+
+sub save_rules {
+ my ($class, $param, $fw_conf, $rules) = @_;
+
+ $fw_conf->{rules} = $rules;
+ PVE::Firewall::save_hostfw_conf($fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
+package PVE::API2::Firewall::VMRules;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::RulesBase);
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($param->{vmid});
+ my $rules = $fw_conf->{rules};
+
+ return ($fw_conf, $rules);
+}
+
+sub save_rules {
+ my ($class, $param, $fw_conf, $rules) = @_;
+
+ $fw_conf->{rules} = $rules;
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
1;