From: Dietmar Maurer Date: Fri, 18 Apr 2014 05:23:20 +0000 (+0200) Subject: add options and log API for VMs X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=2822f5c4d881df4eda1cbe4a5962883543b9aa0f add options and log API for VMs --- diff --git a/src/PVE/API2/Firewall/VM.pm b/src/PVE/API2/Firewall/VM.pm index b143a39..6bfecf8 100644 --- a/src/PVE/API2/Firewall/VM.pm +++ b/src/PVE/API2/Firewall/VM.pm @@ -48,11 +48,40 @@ __PACKAGE__->register_method({ return $result; }}); +my $option_properties = { + enable => { + description => "Enable host firewall rules.", + type => 'boolean', + optional => 1, + }, + policy_in => { + description => "Input policy.", + type => 'string', + optional => 1, + enum => ['ACCEPT', 'REJECT', 'DROP'], + }, + policy_out => { + description => "Output policy.", + type => 'string', + optional => 1, + enum => ['ACCEPT', 'REJECT', 'DROP'], + }, +}; + +my $add_option_properties = sub { + my ($properties) = @_; + + foreach my $k (keys %$option_properties) { + $properties->{$k} = $option_properties->{$k}; + } + + return $properties; +}; __PACKAGE__->register_method({ name => 'get_options', path => 'options', method => 'GET', - description => "Get host firewall options.", + description => "Get VM firewall options.", proxyto => 'node', parameters => { additionalProperties => 0, @@ -63,22 +92,125 @@ __PACKAGE__->register_method({ }, returns => { type => "object", - properties => {}, + #additionalProperties => 1, + properties => $option_properties, }, code => sub { my ($param) = @_; - my $vmid = $param->{vmid}; + my $vmfw_conf = PVE::Firewall::load_vmfw_conf($param->{vmid}); - my $vmlist = PVE::Cluster::get_vmlist(); + return PVE::Firewall::copy_opject_with_digest($vmfw_conf->{options}); + }}); - die "no such VM ('$vmid')\n" - if !($vmlist && $vmlist->{ids} && defined($vmlist->{ids}->{$vmid})); +__PACKAGE__->register_method({ + name => 'set_options', + path => 'options', + method => 'PUT', + description => "Set Firewall options.", + protected => 1, + proxyto => 'node', + parameters => { + additionalProperties => 0, + properties => &$add_option_properties({ + node => get_standard_option('pve-node'), + vmid => get_standard_option('pve-vmid'), + delete => { + type => 'string', format => 'pve-configid-list', + description => "A list of settings you want to delete.", + optional => 1, + }, + digest => get_standard_option('pve-config-digest'), + }), + }, + returns => { type => "null" }, + code => sub { + my ($param) = @_; - my $vmfw_conf = PVE::Firewall::load_vmfw_conf($vmid); + my $vmfw_conf = PVE::Firewall::load_vmfw_conf($param->{vmid}); - return PVE::Firewall::copy_opject_with_digest($vmfw_conf->{options}); + my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($vmfw_conf->{options}); + PVE::Tools::assert_if_modified($digest, $param->{digest}); + + if ($param->{delete}) { + foreach my $opt (PVE::Tools::split_list($param->{delete})) { + raise_param_exc({ delete => "no such option '$opt'" }) + if !$option_properties->{$opt}; + delete $vmfw_conf->{options}->{$opt}; + } + } + + if (defined($param->{enable})) { + $param->{enable} = $param->{enable} ? 1 : 0; + } + + foreach my $k (keys %$option_properties) { + next if !defined($param->{$k}); + $vmfw_conf->{options}->{$k} = $param->{$k}; + } + + PVE::Firewall::save_vmfw_conf($param->{vmid}, $vmfw_conf); + + return undef; + }}); + +__PACKAGE__->register_method({ + name => 'log', + path => 'log', + method => 'GET', + description => "Read firewall log", + proxyto => 'node', + permissions => { + check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], + }, + protected => 1, + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + vmid => get_standard_option('pve-vmid'), + start => { + type => 'integer', + minimum => 0, + optional => 1, + }, + limit => { + type => 'integer', + minimum => 0, + optional => 1, + }, + }, + }, + returns => { + type => 'array', + items => { + type => "object", + properties => { + n => { + description=> "Line number", + type=> 'integer', + }, + t => { + description=> "Line text", + type => 'string', + } + } + } + }, + code => sub { + my ($param) = @_; + + my $rpcenv = PVE::RPCEnvironment::get(); + my $user = $rpcenv->get_user(); + my $vmid = $param->{vmid}; + + my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", + $param->{start}, $param->{limit}, + "^$vmid "); + $rpcenv->set_result_attrib('total', $count); + + return $lines; }}); 1;