From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 21 May 2014 11:03:57 +0000 (+0200)
Subject: improve rules API
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=914f9a50a1e3586d75f3d17a4addfcc575ec15b4

improve rules API

Do not use JSON schema 'requires' property, because that forbids to
use '' to delete properties.

It is now possible to update/delete individual rule properties like:

  pvesh set nodes/lola/openvz/104/firewall/rules/0 -proto udp
  pvesh set nodes/lola/openvz/104/firewall/rules/1 -delete dport
---

diff --git a/src/PVE/API2/Firewall/Rules.pm b/src/PVE/API2/Firewall/Rules.pm
index 65fe8a6..63c4478 100644
--- a/src/PVE/API2/Firewall/Rules.pm
+++ b/src/PVE/API2/Firewall/Rules.pm
@@ -231,11 +231,6 @@ sub register_update_rule {
 		push @$newrules, $rule if $moveto >= scalar(@$rules);
 		$rules = $newrules;
 	    } else {
-		raise_param_exc({ type => "property is missing"})
-		    if !defined($param->{type});
-		raise_param_exc({ action => "property is missing"})
-		    if !defined($param->{action});
-
 		PVE::Firewall::copy_rule_data($rule, $param);
 		
 		PVE::Firewall::delete_rule_properties($rule, $param->{'delete'}) if $param->{'delete'};
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index cacfedc..36fd388 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -915,12 +915,10 @@ my $rule_properties = {
     sport => {
 	type => 'string', format => 'pve-fw-port-spec',
 	optional => 1,
-	requires => 'proto',
     },
     dport => {
 	type => 'string', format => 'pve-fw-port-spec',
 	optional => 1,
-	requires => 'proto',
     },
     comment => {
 	type => 'string',
@@ -1034,16 +1032,20 @@ sub verify_rule {
 	my $preferred_name = $pve_fw_preferred_macro_names->{lc($rule->{macro})};
 	raise_param_exc({ macro => "unknown macro '$rule->{macro}'"}) if !$preferred_name;
 	$rule->{macro} = $preferred_name;
-    }
+   }
 
     if ($rule->{dport}) {
 	eval { parse_port_name_number_or_range($rule->{dport}); };
 	raise_param_exc({ dport => $@ }) if $@;
-    }
+	raise_param_exc({ proto => "missing property - 'dport' requires this property"})
+	    if !$rule->{proto};
+     }
 
     if ($rule->{sport}) {
 	eval { parse_port_name_number_or_range($rule->{sport}); };
 	raise_param_exc({ sport => $@ }) if $@;
+	raise_param_exc({ proto => "missing property - 'sport' requires this property"})
+	    if !$rule->{proto};
     }
 
     if ($rule->{source}) {
@@ -1073,13 +1075,9 @@ sub copy_rule_data {
 	    } else {
 		$rule->{$k} = $v;
 	    }
-	} else {
-	    delete $rule->{$k};
 	}
     }
 
-    # verify rule now
-
     return $rule;
 }