From 947d6ea2edcfdb445c8258462b082c3ffcf397d9 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 28 May 2014 13:52:42 +0200 Subject: [PATCH] implement API to get list of possible refs (aliases + ipsets) --- src/PVE/API2/Firewall/Cluster.pm | 81 ++++++++++++++++++++++++++++---- src/PVE/API2/Firewall/VM.pm | 76 ++++++++++++++++++++++++++++++ 2 files changed, 149 insertions(+), 8 deletions(-) diff --git a/src/PVE/API2/Firewall/Cluster.pm b/src/PVE/API2/Firewall/Cluster.pm index 5f6d77d..8f1deef 100644 --- a/src/PVE/API2/Firewall/Cluster.pm +++ b/src/PVE/API2/Firewall/Cluster.pm @@ -18,22 +18,22 @@ use Data::Dumper; # fixme: remove use base qw(PVE::RESTHandler); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::Groups", + subclass => "PVE::API2::Firewall::Groups", path => 'groups', }); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::ClusterRules", + subclass => "PVE::API2::Firewall::ClusterRules", path => 'rules', }); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::ClusterIPSetList", + subclass => "PVE::API2::Firewall::ClusterIPSetList", path => 'ipset', }); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::ClusterAliases", + subclass => "PVE::API2::Firewall::ClusterAliases", path => 'aliases', }); @@ -65,6 +65,7 @@ __PACKAGE__->register_method({ { name => 'groups' }, { name => 'ipset' }, { name => 'macros' }, + { name => 'refs' }, ]; return $result; @@ -81,7 +82,7 @@ my $option_properties = { optional => 1, enum => ['ACCEPT', 'REJECT', 'DROP'], }, - policy_out => { + policy_out => { description => "Output policy.", type => 'string', optional => 1, @@ -95,7 +96,7 @@ my $add_option_properties = sub { foreach my $k (keys %$option_properties) { $properties->{$k} = $option_properties->{$k}; } - + return $properties; }; @@ -150,7 +151,7 @@ __PACKAGE__->register_method({ if ($param->{delete}) { foreach my $opt (PVE::Tools::split_list($param->{delete})) { - raise_param_exc({ delete => "no such option '$opt'" }) + raise_param_exc({ delete => "no such option '$opt'" }) if !$option_properties->{$opt}; delete $cluster_conf->{options}->{$opt}; } @@ -162,7 +163,7 @@ __PACKAGE__->register_method({ foreach my $k (keys %$option_properties) { next if !defined($param->{$k}); - $cluster_conf->{options}->{$k} = $param->{$k}; + $cluster_conf->{options}->{$k} = $param->{$k}; } PVE::Firewall::save_clusterfw_conf($cluster_conf); @@ -208,4 +209,68 @@ __PACKAGE__->register_method({ return $res; }}); +__PACKAGE__->register_method({ + name => 'refs', + path => 'refs', + method => 'GET', + description => "Lists possible IPSet/Alias reference which are allowed in source/dest properties.", + parameters => { + additionalProperties => 0, + properties => {}, + }, + returns => { + type => 'array', + items => { + type => "object", + properties => { + type => { + type => 'string', + enum => ['alias', 'ipset'], + }, + name => { + type => 'string', + }, + ref => { + type => 'string', + }, + comment => { + type => 'string', + optional => 1, + }, + }, + }, + }, + code => sub { + my ($param) = @_; + + my $conf = PVE::Firewall::load_clusterfw_conf(); + + my $res = []; + + foreach my $name (keys %{$conf->{ipset}}) { + my $data = { + type => 'ipset', + name => $name, + ref => "+$name", + }; + if (my $comment = $conf->{ipset_comments}->{$name}) { + $data->{comment} = $comment; + } + push @$res, $data; + } + + foreach my $name (keys %{$conf->{aliases}}) { + my $e = $conf->{aliases}->{$name}; + my $data = { + type => 'alias', + name => $name, + ref => $name, + }; + $data->{comment} = $e->{comment} if $e->{comment}; + push @$res, $data; + } + + return $res; + }}); + 1; diff --git a/src/PVE/API2/Firewall/VM.pm b/src/PVE/API2/Firewall/VM.pm index 732f6bf..3e49e88 100644 --- a/src/PVE/API2/Firewall/VM.pm +++ b/src/PVE/API2/Firewall/VM.pm @@ -87,6 +87,8 @@ sub register_handlers { my $result = [ { name => 'rules' }, { name => 'aliases' }, + { name => 'ipset' }, + { name => 'refs' }, { name => 'options' }, ]; @@ -232,6 +234,80 @@ sub register_handlers { return $lines; }}); + + + $class->register_method({ + name => 'refs', + path => 'refs', + method => 'GET', + description => "Lists possible IPSet/Alias reference which are allowed in source/dest properties.", + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + vmid => get_standard_option('pve-vmid'), + }, + }, + returns => { + type => 'array', + items => { + type => "object", + properties => { + type => { + type => 'string', + enum => ['alias', 'ipset'], + }, + name => { + type => 'string', + }, + comment => { + type => 'string', + optional => 1, + }, + }, + }, + }, + code => sub { + my ($param) = @_; + + my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); + my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $rule_env, $param->{vmid}); + + my $ipsets = {}; + my $aliases = {}; + + foreach my $conf (($cluster_conf, $fw_conf)) { + next if !$conf; + foreach my $name (keys %{$conf->{ipset}}) { + my $data = { + type => 'ipset', + name => $name, + ref => "+$name", + }; + if (my $comment = $conf->{ipset_comments}->{$name}) { + $data->{comment} = $comment; + } + $ipsets->{$name} = $data; + } + + foreach my $name (keys %{$conf->{aliases}}) { + my $e = $conf->{aliases}->{$name}; + my $data = { + type => 'alias', + name => $name, + ref => $name, + }; + $data->{comment} = $e->{comment} if $e->{comment}; + $aliases->{$name} = $data; + } + } + + my $res = []; + foreach my $e (values %$ipsets) { push @$res, $e; }; + foreach my $e (values %$aliases) { push @$res, $e; }; + + return $res; + }}); } package PVE::API2::Firewall::VM; -- 2.39.2