use base qw(PVE::RESTHandler);
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::Groups",
+ subclass => "PVE::API2::Firewall::Groups",
path => 'groups',
});
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::ClusterRules",
+ subclass => "PVE::API2::Firewall::ClusterRules",
path => 'rules',
});
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::ClusterIPSetList",
+ subclass => "PVE::API2::Firewall::ClusterIPSetList",
path => 'ipset',
});
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::ClusterAliases",
+ subclass => "PVE::API2::Firewall::ClusterAliases",
path => 'aliases',
});
{ name => 'groups' },
{ name => 'ipset' },
{ name => 'macros' },
+ { name => 'refs' },
];
return $result;
optional => 1,
enum => ['ACCEPT', 'REJECT', 'DROP'],
},
- policy_out => {
+ policy_out => {
description => "Output policy.",
type => 'string',
optional => 1,
foreach my $k (keys %$option_properties) {
$properties->{$k} = $option_properties->{$k};
}
-
+
return $properties;
};
if ($param->{delete}) {
foreach my $opt (PVE::Tools::split_list($param->{delete})) {
- raise_param_exc({ delete => "no such option '$opt'" })
+ raise_param_exc({ delete => "no such option '$opt'" })
if !$option_properties->{$opt};
delete $cluster_conf->{options}->{$opt};
}
foreach my $k (keys %$option_properties) {
next if !defined($param->{$k});
- $cluster_conf->{options}->{$k} = $param->{$k};
+ $cluster_conf->{options}->{$k} = $param->{$k};
}
PVE::Firewall::save_clusterfw_conf($cluster_conf);
return $res;
}});
+__PACKAGE__->register_method({
+ name => 'refs',
+ path => 'refs',
+ method => 'GET',
+ description => "Lists possible IPSet/Alias reference which are allowed in source/dest properties.",
+ parameters => {
+ additionalProperties => 0,
+ properties => {},
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => "object",
+ properties => {
+ type => {
+ type => 'string',
+ enum => ['alias', 'ipset'],
+ },
+ name => {
+ type => 'string',
+ },
+ ref => {
+ type => 'string',
+ },
+ comment => {
+ type => 'string',
+ optional => 1,
+ },
+ },
+ },
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $conf = PVE::Firewall::load_clusterfw_conf();
+
+ my $res = [];
+
+ foreach my $name (keys %{$conf->{ipset}}) {
+ my $data = {
+ type => 'ipset',
+ name => $name,
+ ref => "+$name",
+ };
+ if (my $comment = $conf->{ipset_comments}->{$name}) {
+ $data->{comment} = $comment;
+ }
+ push @$res, $data;
+ }
+
+ foreach my $name (keys %{$conf->{aliases}}) {
+ my $e = $conf->{aliases}->{$name};
+ my $data = {
+ type => 'alias',
+ name => $name,
+ ref => $name,
+ };
+ $data->{comment} = $e->{comment} if $e->{comment};
+ push @$res, $data;
+ }
+
+ return $res;
+ }});
+
1;
my $result = [
{ name => 'rules' },
{ name => 'aliases' },
+ { name => 'ipset' },
+ { name => 'refs' },
{ name => 'options' },
];
return $lines;
}});
+
+
+ $class->register_method({
+ name => 'refs',
+ path => 'refs',
+ method => 'GET',
+ description => "Lists possible IPSet/Alias reference which are allowed in source/dest properties.",
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+ },
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => "object",
+ properties => {
+ type => {
+ type => 'string',
+ enum => ['alias', 'ipset'],
+ },
+ name => {
+ type => 'string',
+ },
+ comment => {
+ type => 'string',
+ optional => 1,
+ },
+ },
+ },
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $rule_env, $param->{vmid});
+
+ my $ipsets = {};
+ my $aliases = {};
+
+ foreach my $conf (($cluster_conf, $fw_conf)) {
+ next if !$conf;
+ foreach my $name (keys %{$conf->{ipset}}) {
+ my $data = {
+ type => 'ipset',
+ name => $name,
+ ref => "+$name",
+ };
+ if (my $comment = $conf->{ipset_comments}->{$name}) {
+ $data->{comment} = $comment;
+ }
+ $ipsets->{$name} = $data;
+ }
+
+ foreach my $name (keys %{$conf->{aliases}}) {
+ my $e = $conf->{aliases}->{$name};
+ my $data = {
+ type => 'alias',
+ name => $name,
+ ref => $name,
+ };
+ $data->{comment} = $e->{comment} if $e->{comment};
+ $aliases->{$name} = $data;
+ }
+ }
+
+ my $res = [];
+ foreach my $e (values %$ipsets) { push @$res, $e; };
+ foreach my $e (values %$aliases) { push @$res, $e; };
+
+ return $res;
+ }});
}
package PVE::API2::Firewall::VM;