From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id B39901FF1A6 for ; Fri, 5 Dec 2025 16:26:00 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DD7AE52CA; Fri, 5 Dec 2025 16:26:28 +0100 (CET) From: Hannes Laimer To: pdm-devel@lists.proxmox.com Date: Fri, 5 Dec 2025 16:25:39 +0100 Message-ID: <20251205152543.91431-5-h.laimer@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251205152543.91431-1-h.laimer@proxmox.com> References: <20251205152543.91431-1-h.laimer@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1764948306312 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.098 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pdm-devel] [PATCH proxmox 4/4] pve-api-types: regenerate X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" Signed-off-by: Hannes Laimer --- pve-api-types/src/generated/code.rs | 77 ++++++- pve-api-types/src/generated/types.rs | 294 +++++++++++++++------------ 2 files changed, 229 insertions(+), 142 deletions(-) diff --git a/pve-api-types/src/generated/code.rs b/pve-api-types/src/generated/code.rs index f364f9cd..b583c2e0 100644 --- a/pve-api-types/src/generated/code.rs +++ b/pve-api-types/src/generated/code.rs @@ -60,9 +60,6 @@ /// - /cluster/firewall /// - /cluster/firewall/aliases /// - /cluster/firewall/aliases/{name} -/// - /cluster/firewall/groups -/// - /cluster/firewall/groups/{group} -/// - /cluster/firewall/groups/{group}/{pos} /// - /cluster/firewall/ipset /// - /cluster/firewall/ipset/{name} /// - /cluster/firewall/ipset/{name}/{cidr} @@ -445,6 +442,15 @@ pub trait PveClient { Err(Error::Other("create_zone not implemented")) } + /// Get single rule data. + async fn firewall_security_group_rule( + &self, + group: &str, + pos: u64, + ) -> Result { + Err(Error::Other("firewall_security_group_rule not implemented")) + } + /// Get APT repository information. async fn get_apt_repositories(&self, node: &str) -> Result { Err(Error::Other("get_apt_repositories not implemented")) @@ -512,7 +518,7 @@ pub trait PveClient { } /// List rules. - async fn list_cluster_firewall_rules(&self) -> Result, Error> { + async fn list_cluster_firewall_rules(&self) -> Result, Error> { Err(Error::Other("list_cluster_firewall_rules not implemented")) } @@ -531,6 +537,23 @@ pub trait PveClient { Err(Error::Other("list_domains not implemented")) } + /// List rules. + async fn list_firewall_security_group_rules( + &self, + group: &str, + ) -> Result, Error> { + Err(Error::Other( + "list_firewall_security_group_rules not implemented", + )) + } + + /// List security groups. + async fn list_firewall_security_groups(&self) -> Result, Error> { + Err(Error::Other( + "list_firewall_security_groups not implemented", + )) + } + /// LXC container index (per node). async fn list_lxc(&self, node: &str) -> Result, Error> { Err(Error::Other("list_lxc not implemented")) @@ -541,7 +564,7 @@ pub trait PveClient { &self, node: &str, vmid: u32, - ) -> Result, Error> { + ) -> Result, Error> { Err(Error::Other("list_lxc_firewall_rules not implemented")) } @@ -555,7 +578,7 @@ pub trait PveClient { } /// List rules. - async fn list_node_firewall_rules(&self, node: &str) -> Result, Error> { + async fn list_node_firewall_rules(&self, node: &str) -> Result, Error> { Err(Error::Other("list_node_firewall_rules not implemented")) } @@ -574,7 +597,7 @@ pub trait PveClient { &self, node: &str, vmid: u32, - ) -> Result, Error> { + ) -> Result, Error> { Err(Error::Other("list_qemu_firewall_rules not implemented")) } @@ -1080,6 +1103,20 @@ where self.0.post(url, ¶ms).await?.nodata() } + /// Get single rule data. + async fn firewall_security_group_rule( + &self, + group: &str, + pos: u64, + ) -> Result { + let url = &format!( + "/api2/extjs/cluster/firewall/groups/{}/{}", + percent_encode(group.as_bytes(), percent_encoding::NON_ALPHANUMERIC), + pos + ); + Ok(self.0.get(url).await?.expect_json()?.data) + } + /// Get APT repository information. async fn get_apt_repositories(&self, node: &str) -> Result { let url = &format!( @@ -1222,7 +1259,7 @@ where } /// List rules. - async fn list_cluster_firewall_rules(&self) -> Result, Error> { + async fn list_cluster_firewall_rules(&self) -> Result, Error> { let url = "/api2/extjs/cluster/firewall/rules"; Ok(self.0.get(url).await?.expect_json()?.data) } @@ -1248,6 +1285,24 @@ where Ok(self.0.get(url).await?.expect_json()?.data) } + /// List rules. + async fn list_firewall_security_group_rules( + &self, + group: &str, + ) -> Result, Error> { + let url = &format!( + "/api2/extjs/cluster/firewall/groups/{}", + percent_encode(group.as_bytes(), percent_encoding::NON_ALPHANUMERIC) + ); + Ok(self.0.get(url).await?.expect_json()?.data) + } + + /// List security groups. + async fn list_firewall_security_groups(&self) -> Result, Error> { + let url = "/api2/extjs/cluster/firewall/groups"; + Ok(self.0.get(url).await?.expect_json()?.data) + } + /// LXC container index (per node). async fn list_lxc(&self, node: &str) -> Result, Error> { let url = &format!( @@ -1262,7 +1317,7 @@ where &self, node: &str, vmid: u32, - ) -> Result, Error> { + ) -> Result, Error> { let url = &format!( "/api2/extjs/nodes/{}/lxc/{}/firewall/rules", percent_encode(node.as_bytes(), percent_encoding::NON_ALPHANUMERIC), @@ -1287,7 +1342,7 @@ where } /// List rules. - async fn list_node_firewall_rules(&self, node: &str) -> Result, Error> { + async fn list_node_firewall_rules(&self, node: &str) -> Result, Error> { let url = &format!( "/api2/extjs/nodes/{}/firewall/rules", percent_encode(node.as_bytes(), percent_encoding::NON_ALPHANUMERIC) @@ -1317,7 +1372,7 @@ where &self, node: &str, vmid: u32, - ) -> Result, Error> { + ) -> Result, Error> { let url = &format!( "/api2/extjs/nodes/{}/qemu/{}/firewall/rules", percent_encode(node.as_bytes(), percent_encoding::NON_ALPHANUMERIC), diff --git a/pve-api-types/src/generated/types.rs b/pve-api-types/src/generated/types.rs index 26f07a5a..b7dc983f 100644 --- a/pve-api-types/src/generated/types.rs +++ b/pve-api-types/src/generated/types.rs @@ -1891,6 +1891,169 @@ pub enum FirewallLogLevel { serde_plain::derive_display_from_serialize!(FirewallLogLevel); serde_plain::derive_fromstr_from_deserialize!(FirewallLogLevel); +#[api( + properties: { + action: { + type: String, + }, + comment: { + optional: true, + type: String, + }, + dest: { + optional: true, + type: String, + }, + dport: { + optional: true, + type: String, + }, + enable: { + optional: true, + type: Integer, + }, + "icmp-type": { + optional: true, + type: String, + }, + iface: { + optional: true, + type: String, + }, + ipversion: { + optional: true, + type: Integer, + }, + log: { + optional: true, + type: FirewallLogLevel, + }, + "macro": { + optional: true, + type: String, + }, + pos: { + type: Integer, + }, + proto: { + optional: true, + type: String, + }, + source: { + optional: true, + type: String, + }, + sport: { + optional: true, + type: String, + }, + type: { + type: String, + }, + }, +)] +/// Object. +#[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize)] +pub struct FirewallRule { + /// Rule action ('ACCEPT', 'DROP', 'REJECT') or security group name + pub action: String, + + /// Descriptive comment + #[serde(default, skip_serializing_if = "Option::is_none")] + pub comment: Option, + + /// Restrict packet destination address + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dest: Option, + + /// Restrict TCP/UDP destination port + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dport: Option, + + /// Flag to enable/disable a rule + #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")] + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enable: Option, + + /// Specify icmp-type. Only valid if proto equals 'icmp' or + /// 'icmpv6'/'ipv6-icmp' + #[serde(default, skip_serializing_if = "Option::is_none")] + #[serde(rename = "icmp-type")] + pub icmp_type: Option, + + /// Network interface name. You have to use network configuration key names + /// for VMs and containers + #[serde(default, skip_serializing_if = "Option::is_none")] + pub iface: Option, + + /// IP version (4 or 6) - automatically determined from source/dest + /// addresses + #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")] + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ipversion: Option, + + #[serde(default, skip_serializing_if = "Option::is_none")] + pub log: Option, + + /// Use predefined standard macro + #[serde(default, skip_serializing_if = "Option::is_none")] + #[serde(rename = "macro")] + pub r#macro: Option, + + /// Rule position in the ruleset + #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")] + pub pos: i64, + + /// IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, + /// as defined in '/etc/protocols' + #[serde(default, skip_serializing_if = "Option::is_none")] + pub proto: Option, + + /// Restrict packet source address + #[serde(default, skip_serializing_if = "Option::is_none")] + pub source: Option, + + /// Restrict TCP/UDP source port + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sport: Option, + + /// Rule type + #[serde(rename = "type")] + pub ty: String, +} + +#[api( + properties: { + comment: { + optional: true, + type: String, + }, + digest: { + max_length: 64, + type: String, + }, + group: { + max_length: 18, + min_length: 2, + type: String, + }, + }, +)] +/// Object. +#[derive(Debug, serde::Deserialize, serde::Serialize)] +pub struct FirewallSecurityGroup { + /// Optional comment or description. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub comment: Option, + + /// Prevent changes if current configuration file has a different digest. + /// This can be used to prevent concurrent modifications. + pub digest: String, + + /// Security Group name. + pub group: String, +} + #[api] /// Firewall conntrack helper. #[derive(Clone, Copy, Debug, Eq, PartialEq, serde::Deserialize, serde::Serialize)] @@ -2191,137 +2354,6 @@ pub enum ListControllersType { serde_plain::derive_display_from_serialize!(ListControllersType); serde_plain::derive_fromstr_from_deserialize!(ListControllersType); -#[api( - properties: { - action: { - type: String, - }, - comment: { - optional: true, - type: String, - }, - dest: { - optional: true, - type: String, - }, - dport: { - optional: true, - type: String, - }, - enable: { - optional: true, - type: Integer, - }, - "icmp-type": { - optional: true, - type: String, - }, - iface: { - optional: true, - type: String, - }, - ipversion: { - optional: true, - type: Integer, - }, - log: { - optional: true, - type: FirewallLogLevel, - }, - "macro": { - optional: true, - type: String, - }, - pos: { - type: Integer, - }, - proto: { - optional: true, - type: String, - }, - source: { - optional: true, - type: String, - }, - sport: { - optional: true, - type: String, - }, - type: { - type: String, - }, - }, -)] -/// Object. -#[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize)] -pub struct ListFirewallRules { - /// Rule action ('ACCEPT', 'DROP', 'REJECT') or security group name - pub action: String, - - /// Descriptive comment - #[serde(default, skip_serializing_if = "Option::is_none")] - pub comment: Option, - - /// Restrict packet destination address - #[serde(default, skip_serializing_if = "Option::is_none")] - pub dest: Option, - - /// Restrict TCP/UDP destination port - #[serde(default, skip_serializing_if = "Option::is_none")] - pub dport: Option, - - /// Flag to enable/disable a rule - #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")] - #[serde(default, skip_serializing_if = "Option::is_none")] - pub enable: Option, - - /// Specify icmp-type. Only valid if proto equals 'icmp' or - /// 'icmpv6'/'ipv6-icmp' - #[serde(default, skip_serializing_if = "Option::is_none")] - #[serde(rename = "icmp-type")] - pub icmp_type: Option, - - /// Network interface name. You have to use network configuration key names - /// for VMs and containers - #[serde(default, skip_serializing_if = "Option::is_none")] - pub iface: Option, - - /// IP version (4 or 6) - automatically determined from source/dest - /// addresses - #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")] - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ipversion: Option, - - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log: Option, - - /// Use predefined standard macro - #[serde(default, skip_serializing_if = "Option::is_none")] - #[serde(rename = "macro")] - pub r#macro: Option, - - /// Rule position in the ruleset - #[serde(deserialize_with = "proxmox_serde::perl::deserialize_i64")] - pub pos: i64, - - /// IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, - /// as defined in '/etc/protocols' - #[serde(default, skip_serializing_if = "Option::is_none")] - pub proto: Option, - - /// Restrict packet source address - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, - - /// Restrict TCP/UDP source port - #[serde(default, skip_serializing_if = "Option::is_none")] - pub sport: Option, - - /// Rule type - #[serde(rename = "type")] - pub ty: String, -} - #[api] /// Only list specific interface types. #[derive(Clone, Copy, Debug, Eq, PartialEq, serde::Deserialize, serde::Serialize)] -- 2.47.3 _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel