From: Hannes Laimer <h.laimer@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [pdm-devel] [PATCH proxmox 4/4] pve-api-types: regenerate
Date: Fri, 5 Dec 2025 16:25:39 +0100 [thread overview]
Message-ID: <20251205152543.91431-5-h.laimer@proxmox.com> (raw)
In-Reply-To: <20251205152543.91431-1-h.laimer@proxmox.com>
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
pve-api-types/src/generated/code.rs | 77 ++++++-
pve-api-types/src/generated/types.rs | 294 +++++++++++++++------------
2 files changed, 229 insertions(+), 142 deletions(-)
diff --git a/pve-api-types/src/generated/code.rs b/pve-api-types/src/generated/code.rs
index f364f9cd..b583c2e0 100644
--- a/pve-api-types/src/generated/code.rs
+++ b/pve-api-types/src/generated/code.rs
@@ -60,9 +60,6 @@
/// - /cluster/firewall
/// - /cluster/firewall/aliases
/// - /cluster/firewall/aliases/{name}
-/// - /cluster/firewall/groups
-/// - /cluster/firewall/groups/{group}
-/// - /cluster/firewall/groups/{group}/{pos}
/// - /cluster/firewall/ipset
/// - /cluster/firewall/ipset/{name}
/// - /cluster/firewall/ipset/{name}/{cidr}
@@ -445,6 +442,15 @@ pub trait PveClient {
Err(Error::Other("create_zone not implemented"))
}
+ /// Get single rule data.
+ async fn firewall_security_group_rule(
+ &self,
+ group: &str,
+ pos: u64,
+ ) -> Result<FirewallRule, Error> {
+ Err(Error::Other("firewall_security_group_rule not implemented"))
+ }
+
/// Get APT repository information.
async fn get_apt_repositories(&self, node: &str) -> Result<APTRepositoriesResult, Error> {
Err(Error::Other("get_apt_repositories not implemented"))
@@ -512,7 +518,7 @@ pub trait PveClient {
}
/// List rules.
- async fn list_cluster_firewall_rules(&self) -> Result<Vec<ListFirewallRules>, Error> {
+ async fn list_cluster_firewall_rules(&self) -> Result<Vec<FirewallRule>, Error> {
Err(Error::Other("list_cluster_firewall_rules not implemented"))
}
@@ -531,6 +537,23 @@ pub trait PveClient {
Err(Error::Other("list_domains not implemented"))
}
+ /// List rules.
+ async fn list_firewall_security_group_rules(
+ &self,
+ group: &str,
+ ) -> Result<Vec<FirewallRule>, Error> {
+ Err(Error::Other(
+ "list_firewall_security_group_rules not implemented",
+ ))
+ }
+
+ /// List security groups.
+ async fn list_firewall_security_groups(&self) -> Result<Vec<FirewallSecurityGroup>, Error> {
+ Err(Error::Other(
+ "list_firewall_security_groups not implemented",
+ ))
+ }
+
/// LXC container index (per node).
async fn list_lxc(&self, node: &str) -> Result<Vec<LxcEntry>, Error> {
Err(Error::Other("list_lxc not implemented"))
@@ -541,7 +564,7 @@ pub trait PveClient {
&self,
node: &str,
vmid: u32,
- ) -> Result<Vec<ListFirewallRules>, Error> {
+ ) -> Result<Vec<FirewallRule>, Error> {
Err(Error::Other("list_lxc_firewall_rules not implemented"))
}
@@ -555,7 +578,7 @@ pub trait PveClient {
}
/// List rules.
- async fn list_node_firewall_rules(&self, node: &str) -> Result<Vec<ListFirewallRules>, Error> {
+ async fn list_node_firewall_rules(&self, node: &str) -> Result<Vec<FirewallRule>, Error> {
Err(Error::Other("list_node_firewall_rules not implemented"))
}
@@ -574,7 +597,7 @@ pub trait PveClient {
&self,
node: &str,
vmid: u32,
- ) -> Result<Vec<ListFirewallRules>, Error> {
+ ) -> Result<Vec<FirewallRule>, Error> {
Err(Error::Other("list_qemu_firewall_rules not implemented"))
}
@@ -1080,6 +1103,20 @@ where
self.0.post(url, ¶ms).await?.nodata()
}
+ /// Get single rule data.
+ async fn firewall_security_group_rule(
+ &self,
+ group: &str,
+ pos: u64,
+ ) -> Result<FirewallRule, Error> {
+ let url = &format!(
+ "/api2/extjs/cluster/firewall/groups/{}/{}",
+ percent_encode(group.as_bytes(), percent_encoding::NON_ALPHANUMERIC),
+ pos
+ );
+ Ok(self.0.get(url).await?.expect_json()?.data)
+ }
+
/// Get APT repository information.
async fn get_apt_repositories(&self, node: &str) -> Result<APTRepositoriesResult, Error> {
let url = &format!(
@@ -1222,7 +1259,7 @@ where
}
/// List rules.
- async fn list_cluster_firewall_rules(&self) -> Result<Vec<ListFirewallRules>, Error> {
+ async fn list_cluster_firewall_rules(&self) -> Result<Vec<FirewallRule>, Error> {
let url = "/api2/extjs/cluster/firewall/rules";
Ok(self.0.get(url).await?.expect_json()?.data)
}
@@ -1248,6 +1285,24 @@ where
Ok(self.0.get(url).await?.expect_json()?.data)
}
+ /// List rules.
+ async fn list_firewall_security_group_rules(
+ &self,
+ group: &str,
+ ) -> Result<Vec<FirewallRule>, Error> {
+ let url = &format!(
+ "/api2/extjs/cluster/firewall/groups/{}",
+ percent_encode(group.as_bytes(), percent_encoding::NON_ALPHANUMERIC)
+ );
+ Ok(self.0.get(url).await?.expect_json()?.data)
+ }
+
+ /// List security groups.
+ async fn list_firewall_security_groups(&self) -> Result<Vec<FirewallSecurityGroup>, Error> {
+ let url = "/api2/extjs/cluster/firewall/groups";
+ Ok(self.0.get(url).await?.expect_json()?.data)
+ }
+
/// LXC container index (per node).
async fn list_lxc(&self, node: &str) -> Result<Vec<LxcEntry>, Error> {
let url = &format!(
@@ -1262,7 +1317,7 @@ where
&self,
node: &str,
vmid: u32,
- ) -> Result<Vec<ListFirewallRules>, Error> {
+ ) -> Result<Vec<FirewallRule>, Error> {
let url = &format!(
"/api2/extjs/nodes/{}/lxc/{}/firewall/rules",
percent_encode(node.as_bytes(), percent_encoding::NON_ALPHANUMERIC),
@@ -1287,7 +1342,7 @@ where
}
/// List rules.
- async fn list_node_firewall_rules(&self, node: &str) -> Result<Vec<ListFirewallRules>, Error> {
+ async fn list_node_firewall_rules(&self, node: &str) -> Result<Vec<FirewallRule>, Error> {
let url = &format!(
"/api2/extjs/nodes/{}/firewall/rules",
percent_encode(node.as_bytes(), percent_encoding::NON_ALPHANUMERIC)
@@ -1317,7 +1372,7 @@ where
&self,
node: &str,
vmid: u32,
- ) -> Result<Vec<ListFirewallRules>, Error> {
+ ) -> Result<Vec<FirewallRule>, Error> {
let url = &format!(
"/api2/extjs/nodes/{}/qemu/{}/firewall/rules",
percent_encode(node.as_bytes(), percent_encoding::NON_ALPHANUMERIC),
diff --git a/pve-api-types/src/generated/types.rs b/pve-api-types/src/generated/types.rs
index 26f07a5a..b7dc983f 100644
--- a/pve-api-types/src/generated/types.rs
+++ b/pve-api-types/src/generated/types.rs
@@ -1891,6 +1891,169 @@ pub enum FirewallLogLevel {
serde_plain::derive_display_from_serialize!(FirewallLogLevel);
serde_plain::derive_fromstr_from_deserialize!(FirewallLogLevel);
+#[api(
+ properties: {
+ action: {
+ type: String,
+ },
+ comment: {
+ optional: true,
+ type: String,
+ },
+ dest: {
+ optional: true,
+ type: String,
+ },
+ dport: {
+ optional: true,
+ type: String,
+ },
+ enable: {
+ optional: true,
+ type: Integer,
+ },
+ "icmp-type": {
+ optional: true,
+ type: String,
+ },
+ iface: {
+ optional: true,
+ type: String,
+ },
+ ipversion: {
+ optional: true,
+ type: Integer,
+ },
+ log: {
+ optional: true,
+ type: FirewallLogLevel,
+ },
+ "macro": {
+ optional: true,
+ type: String,
+ },
+ pos: {
+ type: Integer,
+ },
+ proto: {
+ optional: true,
+ type: String,
+ },
+ source: {
+ optional: true,
+ type: String,
+ },
+ sport: {
+ optional: true,
+ type: String,
+ },
+ type: {
+ type: String,
+ },
+ },
+)]
+/// Object.
+#[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize)]
+pub struct FirewallRule {
+ /// Rule action ('ACCEPT', 'DROP', 'REJECT') or security group name
+ pub action: String,
+
+ /// Descriptive comment
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub comment: Option<String>,
+
+ /// Restrict packet destination address
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub dest: Option<String>,
+
+ /// Restrict TCP/UDP destination port
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub dport: Option<String>,
+
+ /// Flag to enable/disable a rule
+ #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")]
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub enable: Option<i64>,
+
+ /// Specify icmp-type. Only valid if proto equals 'icmp' or
+ /// 'icmpv6'/'ipv6-icmp'
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ #[serde(rename = "icmp-type")]
+ pub icmp_type: Option<String>,
+
+ /// Network interface name. You have to use network configuration key names
+ /// for VMs and containers
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub iface: Option<String>,
+
+ /// IP version (4 or 6) - automatically determined from source/dest
+ /// addresses
+ #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")]
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub ipversion: Option<i64>,
+
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub log: Option<FirewallLogLevel>,
+
+ /// Use predefined standard macro
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ #[serde(rename = "macro")]
+ pub r#macro: Option<String>,
+
+ /// Rule position in the ruleset
+ #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")]
+ pub pos: i64,
+
+ /// IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers,
+ /// as defined in '/etc/protocols'
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub proto: Option<String>,
+
+ /// Restrict packet source address
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub source: Option<String>,
+
+ /// Restrict TCP/UDP source port
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub sport: Option<String>,
+
+ /// Rule type
+ #[serde(rename = "type")]
+ pub ty: String,
+}
+
+#[api(
+ properties: {
+ comment: {
+ optional: true,
+ type: String,
+ },
+ digest: {
+ max_length: 64,
+ type: String,
+ },
+ group: {
+ max_length: 18,
+ min_length: 2,
+ type: String,
+ },
+ },
+)]
+/// Object.
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+pub struct FirewallSecurityGroup {
+ /// Optional comment or description.
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub comment: Option<String>,
+
+ /// Prevent changes if current configuration file has a different digest.
+ /// This can be used to prevent concurrent modifications.
+ pub digest: String,
+
+ /// Security Group name.
+ pub group: String,
+}
+
#[api]
/// Firewall conntrack helper.
#[derive(Clone, Copy, Debug, Eq, PartialEq, serde::Deserialize, serde::Serialize)]
@@ -2191,137 +2354,6 @@ pub enum ListControllersType {
serde_plain::derive_display_from_serialize!(ListControllersType);
serde_plain::derive_fromstr_from_deserialize!(ListControllersType);
-#[api(
- properties: {
- action: {
- type: String,
- },
- comment: {
- optional: true,
- type: String,
- },
- dest: {
- optional: true,
- type: String,
- },
- dport: {
- optional: true,
- type: String,
- },
- enable: {
- optional: true,
- type: Integer,
- },
- "icmp-type": {
- optional: true,
- type: String,
- },
- iface: {
- optional: true,
- type: String,
- },
- ipversion: {
- optional: true,
- type: Integer,
- },
- log: {
- optional: true,
- type: FirewallLogLevel,
- },
- "macro": {
- optional: true,
- type: String,
- },
- pos: {
- type: Integer,
- },
- proto: {
- optional: true,
- type: String,
- },
- source: {
- optional: true,
- type: String,
- },
- sport: {
- optional: true,
- type: String,
- },
- type: {
- type: String,
- },
- },
-)]
-/// Object.
-#[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize)]
-pub struct ListFirewallRules {
- /// Rule action ('ACCEPT', 'DROP', 'REJECT') or security group name
- pub action: String,
-
- /// Descriptive comment
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub comment: Option<String>,
-
- /// Restrict packet destination address
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub dest: Option<String>,
-
- /// Restrict TCP/UDP destination port
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub dport: Option<String>,
-
- /// Flag to enable/disable a rule
- #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")]
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub enable: Option<i64>,
-
- /// Specify icmp-type. Only valid if proto equals 'icmp' or
- /// 'icmpv6'/'ipv6-icmp'
- #[serde(default, skip_serializing_if = "Option::is_none")]
- #[serde(rename = "icmp-type")]
- pub icmp_type: Option<String>,
-
- /// Network interface name. You have to use network configuration key names
- /// for VMs and containers
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub iface: Option<String>,
-
- /// IP version (4 or 6) - automatically determined from source/dest
- /// addresses
- #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")]
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub ipversion: Option<i64>,
-
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub log: Option<FirewallLogLevel>,
-
- /// Use predefined standard macro
- #[serde(default, skip_serializing_if = "Option::is_none")]
- #[serde(rename = "macro")]
- pub r#macro: Option<String>,
-
- /// Rule position in the ruleset
- #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")]
- pub pos: i64,
-
- /// IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers,
- /// as defined in '/etc/protocols'
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub proto: Option<String>,
-
- /// Restrict packet source address
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub source: Option<String>,
-
- /// Restrict TCP/UDP source port
- #[serde(default, skip_serializing_if = "Option::is_none")]
- pub sport: Option<String>,
-
- /// Rule type
- #[serde(rename = "type")]
- pub ty: String,
-}
-
#[api]
/// Only list specific interface types.
#[derive(Clone, Copy, Debug, Eq, PartialEq, serde::Deserialize, serde::Serialize)]
--
2.47.3
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-12-05 15:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-05 15:25 [pdm-devel] [RFC proxmox{, -datacenter-manager, -yew-comp} 0/8] make security groups expandable in firewall rules list Hannes Laimer
2025-12-05 15:25 ` [pdm-devel] [PATCH proxmox 1/4] pve-api-types: rename ListFirewallRules to FirewallRule Hannes Laimer
2025-12-05 15:25 ` [pdm-devel] [PATCH proxmox 2/4] pve-api-types: update pve-api.json Hannes Laimer
2025-12-05 15:25 ` [pdm-devel] [PATCH proxmox 3/4] pve-api-types: add security group GET endpoints Hannes Laimer
2025-12-05 15:25 ` Hannes Laimer [this message]
2025-12-05 15:25 ` [pdm-devel] [PATCH proxmox-datacenter-manager 1/2] pdm: rename ListFirewallRules to FirewallRule Hannes Laimer
2025-12-05 15:25 ` [pdm-devel] [PATCH proxmox-datacenter-manager 2/2] api: firewall: add pve firewall security group GET endpoints Hannes Laimer
2025-12-05 15:25 ` [pdm-devel] [PATCH proxmox-yew-comp 1/2] firewall: rules: rename ListFirewallRules to FirewallRule Hannes Laimer
2025-12-05 15:25 ` [pdm-devel] [PATCH proxmox-yew-comp 2/2] firewall: rules: make security group entries expandable Hannes Laimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251205152543.91431-5-h.laimer@proxmox.com \
--to=h.laimer@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox