die "implement this in subclass";
- #return ($fw_conf, $rules);
+ #return ($cluster_conf, $fw_conf, $rules);
}
sub save_rules {
additionalProperties => 0,
properties => $properties,
},
+ proxyto => $class->rule_env() eq 'host' ? 'node' : undef,
returns => {
type => 'array',
items => {
code => sub {
my ($param) = @_;
- my ($fw_conf, $rules) = $class->load_config($param);
+ my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
my ($list, $digest) = PVE::Firewall::copy_list_with_digest($rules);
additionalProperties => 0,
properties => $properties,
},
+ proxyto => $class->rule_env() eq 'host' ? 'node' : undef,
returns => {
type => "object",
properties => {
code => sub {
my ($param) = @_;
- my ($fw_conf, $rules) = $class->load_config($param);
+ my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
my ($list, $digest) = PVE::Firewall::copy_list_with_digest($rules);
additionalProperties => 0,
properties => $create_rule_properties,
},
+ proxyto => $class->rule_env() eq 'host' ? 'node' : undef,
returns => { type => "null" },
code => sub {
my ($param) = @_;
- my ($fw_conf, $rules) = $class->load_config($param);
+ my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
my $rule = {};
PVE::Firewall::copy_rule_data($rule, $param);
- PVE::Firewall::verify_rule($rule, $class->rule_env());
+ PVE::Firewall::verify_rule($rule, $cluster_conf, $fw_conf, $class->rule_env());
$rule->{enable} = 0 if !defined($param->{enable});
additionalProperties => 0,
properties => $update_rule_properties,
},
+ proxyto => $class->rule_env() eq 'host' ? 'node' : undef,
returns => { type => "null" },
code => sub {
my ($param) = @_;
- my ($fw_conf, $rules) = $class->load_config($param);
+ my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
my (undef, $digest) = PVE::Firewall::copy_list_with_digest($rules);
PVE::Tools::assert_if_modified($digest, $param->{digest});
PVE::Firewall::delete_rule_properties($rule, $param->{'delete'}) if $param->{'delete'};
- PVE::Firewall::verify_rule($rule, $class->rule_env());
+ PVE::Firewall::verify_rule($rule, $cluster_conf, $fw_conf, $class->rule_env());
}
$class->save_rules($param, $fw_conf, $rules);
additionalProperties => 0,
properties => $properties,
},
+ proxyto => $class->rule_env() eq 'host' ? 'node' : undef,
returns => { type => "null" },
code => sub {
my ($param) = @_;
- my ($fw_conf, $rules) = $class->load_config($param);
+ my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param);
my (undef, $digest) = PVE::Firewall::copy_list_with_digest($rules);
PVE::Tools::assert_if_modified($digest, $param->{digest});
__PACKAGE__->additional_parameters({ group => get_standard_option('pve-security-group-name') });
+
sub rule_env {
my ($class, $param) = @_;
my $rules = $fw_conf->{groups}->{$param->{group}};
die "no such security group '$param->{group}'\n" if !defined($rules);
- return ($fw_conf, $rules);
+ return (undef, $fw_conf, $rules);
}
sub save_rules {
my ($class, $param, $fw_conf, $rules) = @_;
- $fw_conf->{groups}->{$param->{group}} = $rules;
+ if (!defined($rules)) {
+ delete $fw_conf->{groups}->{$param->{group}};
+ } else {
+ $fw_conf->{groups}->{$param->{group}} = $rules;
+ }
+
PVE::Firewall::save_clusterfw_conf($fw_conf);
}
+__PACKAGE__->register_method({
+ name => 'delete_security_group',
+ path => '',
+ method => 'DELETE',
+ description => "Delete security group.",
+ protected => 1,
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ group => get_standard_option('pve-security-group-name'),
+ },
+ },
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my (undef, $cluster_conf, $rules) = __PACKAGE__->load_config($param);
+
+ die "Security group '$param->{group}' is not empty\n"
+ if scalar(@$rules);
+
+ __PACKAGE__->save_rules($param, $cluster_conf, undef);
+
+ return undef;
+ }});
+
__PACKAGE__->register_handlers();
package PVE::API2::Firewall::ClusterRules;
my $fw_conf = PVE::Firewall::load_clusterfw_conf();
my $rules = $fw_conf->{rules};
- return ($fw_conf, $rules);
+ return (undef, $fw_conf, $rules);
}
sub save_rules {
sub load_config {
my ($class, $param) = @_;
- my $fw_conf = PVE::Firewall::load_hostfw_conf();
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_hostfw_conf($cluster_conf);
my $rules = $fw_conf->{rules};
- return ($fw_conf, $rules);
+ return ($cluster_conf, $fw_conf, $rules);
}
sub save_rules {
sub load_config {
my ($class, $param) = @_;
- my $fw_conf = PVE::Firewall::load_vmfw_conf('vm', $param->{vmid});
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'vm', $param->{vmid});
my $rules = $fw_conf->{rules};
- return ($fw_conf, $rules);
+ return ($cluster_conf, $fw_conf, $rules);
}
sub save_rules {
sub load_config {
my ($class, $param) = @_;
- my $fw_conf = PVE::Firewall::load_vmfw_conf('ct', $param->{vmid});
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'ct', $param->{vmid});
my $rules = $fw_conf->{rules};
- return ($fw_conf, $rules);
+ return ($cluster_conf, $fw_conf, $rules);
}
sub save_rules {