Proxmox/pve-firewall
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-02-08 09:57:29 +03:00
Code Releases Activity

improve rules API

Browse Source 
Do not use JSON schema 'requires' property, because that forbids to
use '' to delete properties.

It is now possible to update/delete individual rule properties like:

  pvesh set nodes/lola/openvz/104/firewall/rules/0 -proto udp
  pvesh set nodes/lola/openvz/104/firewall/rules/1 -delete dport
This commit is contained in:
Dietmar Maurer 2014-05-21 13:03:57 +02:00
parent b1ef6d2e71
commit 914f9a50a1
2 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/PVE/API2/Firewall/Rules.pm
View File

@ -231,11 +231,6 @@ sub register_update_rule {
push @$newrules, $rule if $moveto >= scalar(@$rules);
$rules = $newrules;
} else {
raise_param_exc({ type => "property is missing"})
if !defined($param->{type});
raise_param_exc({ action => "property is missing"})
if !defined($param->{action});
PVE::Firewall::copy_rule_data($rule, $param);
PVE::Firewall::delete_rule_properties($rule, $param->{'delete'}) if $param->{'delete'};

14
src/PVE/Firewall.pm
View File

@ -915,12 +915,10 @@ my $rule_properties = {
sport => {
type => 'string', format => 'pve-fw-port-spec',
optional => 1,
requires => 'proto',
},
dport => {
type => 'string', format => 'pve-fw-port-spec',
optional => 1,
requires => 'proto',
},
comment => {
type => 'string',
@ -1034,16 +1032,20 @@ sub verify_rule {
my $preferred_name = $pve_fw_preferred_macro_names->{lc($rule->{macro})};
raise_param_exc({ macro => "unknown macro '$rule->{macro}'"}) if !$preferred_name;
$rule->{macro} = $preferred_name;
}
}
if ($rule->{dport}) {
eval { parse_port_name_number_or_range($rule->{dport}); };
raise_param_exc({ dport => $@ }) if $@;
}
raise_param_exc({ proto => "missing property - 'dport' requires this property"})
if !$rule->{proto};
}
if ($rule->{sport}) {
eval { parse_port_name_number_or_range($rule->{sport}); };
raise_param_exc({ sport => $@ }) if $@;
raise_param_exc({ proto => "missing property - 'sport' requires this property"})
if !$rule->{proto};
}
if ($rule->{source}) {
@ -1073,13 +1075,9 @@ sub copy_rule_data {
} else {
$rule->{$k} = $v;
}
} else {
delete $rule->{$k};
}
}
# verify rule now
return $rule;
}