add options and log API for VMs

diff --git a/src/PVE/API2/Firewall/VM.pm b/src/PVE/API2/Firewall/VM.pm
index b143a39c19bc61769c19a50638e5711346ae5548..6bfecf80154b9214ca548a1049ac01f3d0ff6fdf 100644 (file)
--- a/src/PVE/API2/Firewall/VM.pm
+++ b/src/PVE/API2/Firewall/VM.pm
@@ -48,11 +48,40 @@ __PACKAGE__->register_method({
        return $result;
     }});
 
        return $result;
     }});
 

+my $option_properties = {
+    enable => {
+       description => "Enable host firewall rules.",
+       type => 'boolean',
+       optional => 1,
+    },
+    policy_in => {
+       description => "Input policy.",
+       type => 'string',
+       optional => 1,
+       enum => ['ACCEPT', 'REJECT', 'DROP'],
+    },
+    policy_out => { 
+       description => "Output policy.",
+       type => 'string',
+       optional => 1,
+       enum => ['ACCEPT', 'REJECT', 'DROP'],
+    },
+};
+
+my $add_option_properties = sub {
+    my ($properties) = @_;
+
+    foreach my $k (keys %$option_properties) {
+       $properties->{$k} = $option_properties->{$k};
+    }
+    
+    return $properties;
+};

 __PACKAGE__->register_method({
     name => 'get_options',
     path => 'options',
     method => 'GET',
 __PACKAGE__->register_method({
     name => 'get_options',
     path => 'options',
     method => 'GET',

-    description => "Get host firewall options.",
+    description => "Get VM firewall options.",

     proxyto => 'node',
     parameters => {
        additionalProperties => 0,
     proxyto => 'node',
     parameters => {
        additionalProperties => 0,


@@ -63,22 +92,125 @@ __PACKAGE__->register_method({
     },
     returns => {
        type => "object",
     },
     returns => {
        type => "object",

-       properties => {},
+       #additionalProperties => 1,
+       properties => $option_properties,

     },
     code => sub {
        my ($param) = @_;
 
     },
     code => sub {
        my ($param) = @_;
 

-       my $vmid = $param->{vmid};
+       my $vmfw_conf = PVE::Firewall::load_vmfw_conf($param->{vmid});

 
 

-       my $vmlist = PVE::Cluster::get_vmlist();
+       return PVE::Firewall::copy_opject_with_digest($vmfw_conf->{options});
+    }});

 
 

-       die "no such VM ('$vmid')\n" 
-           if !($vmlist && $vmlist->{ids} && defined($vmlist->{ids}->{$vmid}));
+__PACKAGE__->register_method({
+    name => 'set_options',
+    path => 'options',
+    method => 'PUT',
+    description => "Set Firewall options.",
+    protected => 1,
+    proxyto => 'node',
+    parameters => {
+       additionalProperties => 0,
+       properties => &$add_option_properties({
+           node => get_standard_option('pve-node'),
+           vmid => get_standard_option('pve-vmid'),
+           delete => {
+               type => 'string', format => 'pve-configid-list',
+               description => "A list of settings you want to delete.",
+               optional => 1,
+           },
+           digest => get_standard_option('pve-config-digest'),
+       }),
+    },
+    returns => { type => "null" },
+    code => sub {
+       my ($param) = @_;

 
 

-       my $vmfw_conf = PVE::Firewall::load_vmfw_conf($vmid);
+       my $vmfw_conf = PVE::Firewall::load_vmfw_conf($param->{vmid});

 
 

-       return PVE::Firewall::copy_opject_with_digest($vmfw_conf->{options});
+       my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($vmfw_conf->{options});
+       PVE::Tools::assert_if_modified($digest, $param->{digest});
+
+       if ($param->{delete}) {
+           foreach my $opt (PVE::Tools::split_list($param->{delete})) {
+               raise_param_exc({ delete => "no such option '$opt'" }) 
+                   if !$option_properties->{$opt};
+               delete $vmfw_conf->{options}->{$opt};
+           }
+       }
+
+       if (defined($param->{enable})) {
+           $param->{enable} = $param->{enable} ? 1 : 0;
+       }
+
+       foreach my $k (keys %$option_properties) {
+           next if !defined($param->{$k});
+           $vmfw_conf->{options}->{$k} = $param->{$k}; 
+       }
+
+       PVE::Firewall::save_vmfw_conf($param->{vmid}, $vmfw_conf);
+
+       return undef;
+    }});
+
+__PACKAGE__->register_method({
+    name => 'log', 
+    path => 'log', 
+    method => 'GET',
+    description => "Read firewall log",
+    proxyto => 'node',
+    permissions => {
+       check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
+    },
+    protected => 1,
+    parameters => {
+       additionalProperties => 0,
+       properties => {
+           node => get_standard_option('pve-node'),
+           vmid => get_standard_option('pve-vmid'),
+           start => {
+               type => 'integer',
+               minimum => 0,
+               optional => 1,
+           },
+           limit => {
+               type => 'integer',
+               minimum => 0,
+               optional => 1,
+           },
+       },
+    },
+    returns => {
+       type => 'array',
+       items => { 
+           type => "object",
+           properties => {
+               n => {
+                 description=>  "Line number",
+                 type=> 'integer',
+               },
+               t => {
+                 description=>  "Line text",
+                 type => 'string',
+               }
+           }
+       }
+    },
+    code => sub {
+       my ($param) = @_;
+
+       my $rpcenv = PVE::RPCEnvironment::get();
+       my $user = $rpcenv->get_user();
+       my $vmid = $param->{vmid};
+
+       my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", 
+                                                      $param->{start}, $param->{limit},
+                                                      "^$vmid ");

 
 

+       $rpcenv->set_result_attrib('total', $count);
+           
+       return $lines; 

     }});
 
 1;
     }});
 
 1;