X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FAPI2%2FFirewall%2FGroups.pm;h=a929236357c25201e85b5df5ab7eb6af32a2bf92;hp=4ea2f77eff66f85dca1ebb04c194e7d04825eb90;hb=8679128955c3dde0e3dbc61027b1f2d88e02e243;hpb=fca39c2cafd333ff0c572f18bdd13fcfe2c1c56a diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm index 4ea2f77..a929236 100644 --- a/src/PVE/API2/Firewall/Groups.pm +++ b/src/PVE/API2/Firewall/Groups.pm @@ -5,7 +5,7 @@ use warnings; use PVE::JSONSchema qw(get_standard_option); use PVE::Firewall; - +use PVE::API2::Firewall::Rules; use Data::Dumper; # fixme: remove @@ -16,12 +16,8 @@ __PACKAGE__->register_method({ path => '', method => 'GET', description => "List security groups.", - proxyto => 'node', parameters => { additionalProperties => 0, - properties => { - node => get_standard_option('pve-node'), - }, }, returns => { type => 'array', @@ -42,250 +38,16 @@ __PACKAGE__->register_method({ my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); my $res = []; - foreach my $group (keys %{$cluster_conf->{rules}}) { - push @$res, { name => $group, count => scalar(@{$cluster_conf->{rules}->{$group}}) }; - } - - return $res; - }}); - -__PACKAGE__->register_method({ - name => 'get_rules', - path => '{group}', - method => 'GET', - description => "List security groups rules.", - proxyto => 'node', - parameters => { - additionalProperties => 0, - properties => { - node => get_standard_option('pve-node'), - group => { - description => "Security group name.", - type => 'string', - }, - }, - }, - returns => { - type => 'array', - items => { - type => "object", - properties => { - pos => { - type => 'integer', - } - }, - }, - links => [ { rel => 'child', href => "{pos}" } ], - }, - code => sub { - my ($param) = @_; - - my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); - - my $rules = $cluster_conf->{rules}->{$param->{group}}; - die "no such security group\n" if !defined($rules); - - my $digest = $cluster_conf->{digest}; - - my $res = []; - - my $ind = 0; - foreach my $rule (@$rules) { - push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++); + foreach my $group (keys %{$cluster_conf->{groups}}) { + push @$res, { name => $group, count => scalar(@{$cluster_conf->{groups}->{$group}}) }; } return $res; }}); -__PACKAGE__->register_method({ - name => 'get_rule', - path => '{group}/{pos}', - method => 'GET', - description => "Get single rule data.", - proxyto => 'node', - parameters => { - additionalProperties => 0, - properties => { - node => get_standard_option('pve-node'), - group => { - description => "Security group name.", - type => 'string', - }, - pos => { - description => "Return rule from position .", - type => 'integer', - minimum => 0, - }, - }, - }, - returns => { - type => "object", - properties => { - pos => { - type => 'integer', - } - }, - }, - code => sub { - my ($param) = @_; - - my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); - - my $rules = $cluster_conf->{rules}->{$param->{group}}; - die "no such security group\n" if !defined($rules); - - my $digest = $cluster_conf->{digest}; - # fixme: check digest - - die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules); - - my $rule = $rules->[$param->{pos}]; - - return PVE::Firewall::cleanup_fw_rule($rule, $digest, $param->{pos}); - }}); - - -__PACKAGE__->register_method({ - name => 'create_rule', +__PACKAGE__->register_method ({ + subclass => "PVE::API2::Firewall::GroupRules", path => '{group}', - method => 'POST', - description => "Create new rule.", - proxyto => 'node', - protected => 1, - parameters => { - additionalProperties => 0, - properties => PVE::Firewall::add_rule_properties({ - node => get_standard_option('pve-node'), - group => { - description => "Security group name.", - type => 'string', - }, - }), - }, - returns => { type => "null" }, - code => sub { - my ($param) = @_; - - my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); - - my $rules = $cluster_conf->{rules}->{$param->{group}}; - die "no such security group\n" if !defined($rules); - - my $digest = $cluster_conf->{digest}; - - my $rule = { type => 'out', action => 'ACCEPT', enable => 0}; - - PVE::Firewall::copy_rule_data($rule, $param); - - unshift @$rules, $rule; - - PVE::Firewall::save_clusterfw_conf($cluster_conf); - - return undef; - }}); - -__PACKAGE__->register_method({ - name => 'update_rule', - path => '{group}/{pos}', - method => 'PUT', - description => "Modify rule data.", - proxyto => 'node', - protected => 1, - parameters => { - additionalProperties => 0, - properties => PVE::Firewall::add_rule_properties({ - node => get_standard_option('pve-node'), - group => { - description => "Security group name.", - type => 'string', - }, - moveto => { - description => "Move rule to new position . Other arguments are ignored.", - type => 'integer', - minimum => 0, - optional => 1, - }, - }), - }, - returns => { type => "null" }, - code => sub { - my ($param) = @_; - - my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); - - my $rules = $cluster_conf->{rules}->{$param->{group}}; - die "no such security group\n" if !defined($rules); - - my $digest = $cluster_conf->{digest}; - # fixme: check digest - - die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules); - - my $rule = $rules->[$param->{pos}]; - - my $moveto = $param->{moveto}; - if (defined($moveto) && $moveto != $param->{pos}) { - my $newrules = []; - for (my $i = 0; $i < scalar(@$rules); $i++) { - next if $i == $param->{pos}; - if ($i == $moveto) { - push @$newrules, $rule; - } - push @$newrules, $rules->[$i]; - } - push @$newrules, $rule if $moveto >= scalar(@$rules); - - $cluster_conf->{rules}->{$param->{group}} = $newrules; - } else { - PVE::Firewall::copy_rule_data($rule, $param); - } - - PVE::Firewall::save_clusterfw_conf($cluster_conf); - - return undef; - }}); - -__PACKAGE__->register_method({ - name => 'delete_rule', - path => '{group}/{pos}', - method => 'DELETE', - description => "Delete rule.", - proxyto => 'node', - protected => 1, - parameters => { - additionalProperties => 0, - properties => { - node => get_standard_option('pve-node'), - group => { - description => "Security group name.", - type => 'string', - }, - pos => { - description => "Delete rule at position .", - type => 'integer', - minimum => 0, - }, - }, - }, - returns => { type => "null" }, - code => sub { - my ($param) = @_; - - my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); - - my $rules = $cluster_conf->{rules}->{$param->{group}}; - die "no such security group\n" if !defined($rules); - - my $digest = $cluster_conf->{digest}; - # fixme: check digest - - die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules); - - splice(@$rules, $param->{pos}, 1); - - PVE::Firewall::save_clusterfw_conf($cluster_conf); - - return undef; - }}); +}); 1;