X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FAPI2%2FFirewall%2FAliases.pm;h=b81dc9d06405417bb55640cb986d34091136287b;hp=6f421fbe271ff8c75e09fe5533f95b71bd94f0c3;hb=HEAD;hpb=bd36895505bdbb4c3cb9915aaf20f6b92cefde33 diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm index 6f421fb..33ac669 100644 --- a/src/PVE/API2/Firewall/Aliases.pm +++ b/src/PVE/API2/Firewall/Aliases.pm @@ -9,7 +9,7 @@ use PVE::Firewall; use base qw(PVE::RESTHandler); -my $api_properties = { +my $api_properties = { cidr => { description => "Network/IP specification in CIDR format.", type => 'string', format => 'IPorCIDR', @@ -25,6 +25,12 @@ my $api_properties = { }, }; +sub lock_config { + my ($class, $param, $code) = @_; + + die "implement this in subclass"; +} + sub load_config { my ($class, $param) = @_; @@ -41,7 +47,7 @@ sub save_aliases { sub rule_env { my ($class, $param) = @_; - + die "implement this in subclass"; } @@ -97,7 +103,7 @@ sub register_get_aliases { type => 'string', optional => 1, }, - digest => get_standard_option('pve-config-digest', { optional => 0} ), + digest => get_standard_option('pve-config-digest', { optional => 0} ), }, }, links => [ { rel => 'child', href => "{name}" } ], @@ -137,19 +143,23 @@ sub register_create_alias { code => sub { my ($param) = @_; - my ($fw_conf, $aliases) = $class->load_config($param); + $class->lock_config($param, sub { + my ($param) = @_; - my $name = lc($param->{name}); - - raise_param_exc({ name => "alias '$param->{name}' already exists" }) - if defined($aliases->{$name}); - - my $data = { name => $param->{name}, cidr => $param->{cidr} }; - $data->{comment} = $param->{comment} if $param->{comment}; + my ($fw_conf, $aliases) = $class->load_config($param); + + my $name = lc($param->{name}); + + raise_param_exc({ name => "alias '$param->{name}' already exists" }) + if defined($aliases->{$name}); - $aliases->{$name} = $data; + my $data = { name => $param->{name}, cidr => $param->{cidr} }; + $data->{comment} = $param->{comment} if $param->{comment}; - $class->save_aliases($param, $fw_conf, $aliases); + $aliases->{$name} = $data; + + $class->save_aliases($param, $fw_conf, $aliases); + }); return undef; }}); @@ -161,7 +171,7 @@ sub register_read_alias { my $properties = $class->additional_parameters(); $properties->{name} = $api_properties->{name}; - + $class->register_method({ name => 'read_alias', path => '{name}', @@ -213,34 +223,39 @@ sub register_update_alias { code => sub { my ($param) = @_; - my ($fw_conf, $aliases) = $class->load_config($param); + $class->lock_config($param, sub { + my ($param) = @_; - my $list = &$aliases_to_list($aliases); + my ($fw_conf, $aliases) = $class->load_config($param); - my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list); + my $list = &$aliases_to_list($aliases); - PVE::Tools::assert_if_modified($digest, $param->{digest}); + my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list); - my $name = lc($param->{name}); + PVE::Tools::assert_if_modified($digest, $param->{digest}); - raise_param_exc({ name => "no such alias" }) if !$aliases->{$name}; + my $name = lc($param->{name}); - my $data = { name => $param->{name}, cidr => $param->{cidr} }; - $data->{comment} = $param->{comment} if $param->{comment}; + raise_param_exc({ name => "no such alias" }) if !$aliases->{$name}; - $aliases->{$name} = $data; + my $data = { name => $param->{name}, cidr => $param->{cidr} }; + $data->{comment} = $param->{comment} if $param->{comment}; - my $rename = lc($param->{rename}); + $aliases->{$name} = $data; - if ($rename && ($name ne $rename)) { - raise_param_exc({ name => "alias '$param->{rename}' already exists" }) - if defined($aliases->{$rename}); - $aliases->{$name}->{name} = $param->{rename}; - $aliases->{$rename} = $aliases->{$name}; - delete $aliases->{$name}; - } + my $rename = $param->{rename}; + $rename = lc($rename) if $rename; - $class->save_aliases($param, $fw_conf, $aliases); + if ($rename && ($name ne $rename)) { + raise_param_exc({ name => "alias '$param->{rename}' already exists" }) + if defined($aliases->{$rename}); + $aliases->{$name}->{name} = $param->{rename}; + $aliases->{$rename} = $aliases->{$name}; + delete $aliases->{$name}; + } + + $class->save_aliases($param, $fw_conf, $aliases); + }); return undef; }}); @@ -269,17 +284,21 @@ sub register_delete_alias { code => sub { my ($param) = @_; - my ($fw_conf, $aliases) = $class->load_config($param); + $class->lock_config($param, sub { + my ($param) = @_; - my $list = &$aliases_to_list($aliases); - my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list); - PVE::Tools::assert_if_modified($digest, $param->{digest}); + my ($fw_conf, $aliases) = $class->load_config($param); - my $name = lc($param->{name}); - delete $aliases->{$name}; + my $list = &$aliases_to_list($aliases); + my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list); + PVE::Tools::assert_if_modified($digest, $param->{digest}); + + my $name = lc($param->{name}); + delete $aliases->{$name}; + + $class->save_aliases($param, $fw_conf, $aliases); + }); - $class->save_aliases($param, $fw_conf, $aliases); - return undef; }}); } @@ -303,10 +322,16 @@ use base qw(PVE::API2::Firewall::AliasesBase); sub rule_env { my ($class, $param) = @_; - + return 'cluster'; } +sub lock_config { + my ($class, $param, $code) = @_; + + PVE::Firewall::lock_clusterfw_conf(10, $code, $param); +} + sub load_config { my ($class, $param) = @_; @@ -335,15 +360,21 @@ use base qw(PVE::API2::Firewall::AliasesBase); sub rule_env { my ($class, $param) = @_; - + return 'vm'; } -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); +sub lock_config { + my ($class, $param, $code) = @_; + + PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param); +} + sub load_config { my ($class, $param) = @_; @@ -373,15 +404,21 @@ use base qw(PVE::API2::Firewall::AliasesBase); sub rule_env { my ($class, $param) = @_; - + return 'ct'; } -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); +sub lock_config { + my ($class, $param, $code) = @_; + + PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param); +} + sub load_config { my ($class, $param) = @_;