Added the sched field to firewall rule creations and updates to apply firewall schedules, updated unit tests and documentation accordingly

Author: jaredhendrickson13

docs/documentation.json

@@ -2209,7 +2209,7 @@
 									}
 								},
 								"url": {
-									"raw": "https://{{$hostname}}/api/v1/firewall/rule?type=string&interface=string&ipprotocol=string&protocol=string&icmptype=string or array&src=string&dst=string&srcport=string or integer&dstport=string or integer&gateway=string&disabled=boolean&descr=string&log=boolean&top=boolean&apply=boolean",
+									"raw": "https://{{$hostname}}/api/v1/firewall/rule?type=string&interface=string&ipprotocol=string&protocol=string&icmptype=string or array&src=string&dst=string&srcport=string or integer&dstport=string or integer&gateway=string&sched=string&disabled=boolean&descr=string&log=boolean&top=boolean&apply=boolean",
 									"protocol": "https",
 									"host": [
 										"{{$hostname}}"
@@ -2271,6 +2271,11 @@
 											"value": "string",
 											"description": "Set the routing gateway traffic will take upon match (optional)"
 										},
+										{
+											"key": "sched",
+											"value": "string",
+											"description": "Set a firewall schedule to apply to this rule. This must be an existing firewall schedule name. (optional)"
+										},
 										{
 											"key": "disabled",
 											"value": "boolean",
@@ -2317,7 +2322,7 @@
 									}
 								},
 								"url": {
-									"raw": "https://{{$hostname}}/api/v1/firewall/rule?tracker=string or Integer&type=string&interface=string&ipprotocol=string&protocol=string&icmptype=string or array&src=string&dst=string&srcport=string or integer&dstport=string or integer&gateway=string&disabled=boolean&descr=string&log=boolean&top=boolean&apply=boolean",
+									"raw": "https://{{$hostname}}/api/v1/firewall/rule?tracker=string or Integer&type=string&interface=string&ipprotocol=string&protocol=string&icmptype=string or array&src=string&dst=string&srcport=string or integer&dstport=string or integer&gateway=string&disabled=boolean&descr=string&log=boolean&top=boolean&apply=boolean&sched=string",
 									"protocol": "https",
 									"host": [
 										"{{$hostname}}"
@@ -2408,6 +2413,11 @@
 											"key": "apply",
 											"value": "boolean",
 											"description": "Specify whether or not you would like this rule update to be applied immediately, or simply written to the configuration to be applied later. Typically, if you are updating multiple rules at once it Is best to set this to false and apply the changes afterwards using the `/api/v1/firewall/apply` endpoint. Otherwise, If you are only updating a single rule, you may set this true to apply it immediately. Defaults to false. (optional)"
+										},
+										{
+											"key": "sched",
+											"value": "string",
+											"description": "Update the firewall schedule to apply to this rule. This must be an existing firewall schedule name. Provide an empty string to remove the configured schedule from the rule. (optional)"
 										}
 									]
 								},

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallRuleCreate.inc

@@ -205,6 +205,24 @@ class APIFirewallRuleCreate extends APIModel {
         }
     }
 
+    private function __validate_sched() {
+        # Check for our optional 'sched' payload value
+        if (isset($this->initial_data['sched'])) {
+            # Loop through each configured schedule and check if it exists
+            foreach ($this->config["schedules"]["schedule"] as $schedule) {
+                # Check if the names match
+                if ($this->initial_data["sched"] === $schedule["name"]) {
+                    $this->validated_data["sched"] = $this->initial_data["sched"];
+                }
+            }
+
+            # Set error if no match was found
+            if (!isset($this->validated_data["sched"])) {
+                $this->errors[] = APIResponse\get(4150);
+            }
+        }
+    }
+
     private function __validate_disabled() {
         # Check for our optional 'disabled' payload value
         if ($this->initial_data['disabled'] === true) {
@@ -244,6 +262,7 @@ class APIFirewallRuleCreate extends APIModel {
         $this->__validate_srcport();
         $this->__validate_dstport();
         $this->__validate_gateway();
+        $this->__validate_sched();
         $this->__validate_disabled();
         $this->__validate_descr();
         $this->__validate_log();

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallRuleUpdate.inc

@@ -228,6 +228,31 @@ class APIFirewallRuleUpdate extends APIModel {
         }
     }
 
+    private function __validate_sched() {
+        # Check for our optional 'sched' payload value
+        if (isset($this->initial_data['sched'])) {
+            # Only try to set the schedule if the value is not empty
+            if (!empty($this->initial_data["sched"])) {
+                # Loop through each configured schedule and check if it exists
+                foreach ($this->config["schedules"]["schedule"] as $schedule) {
+                    # Check if the names match
+                    if ($this->initial_data["sched"] === $schedule["name"]) {
+                        $this->validated_data["sched"] = $this->initial_data["sched"];
+                    }
+                }
+
+                # Set error if no match was found
+                if (!isset($this->validated_data["sched"])) {
+                    $this->errors[] = APIResponse\get(4150);
+                }
+            }
+            # Unset the schedule from the rule if an empty value was provided
+            else {
+                unset($this->validated_data["sched"]);
+            }
+        }
+    }
+
     private function __validate_disabled() {
         # Check for our optional 'disabled' payload value
         if ($this->initial_data['disabled'] === true) {
@@ -272,6 +297,7 @@ class APIFirewallRuleUpdate extends APIModel {
         $this->__validate_srcport();
         $this->__validate_dstport();
         $this->__validate_gateway();
+        $this->__validate_sched();
         $this->__validate_disabled();
         $this->__validate_descr();
         $this->__validate_log();

tests/test_api_v1_firewall_rule.py

@@ -239,6 +239,22 @@ class APIUnitTestFirewallRule(unit_test_framework.APIUnitTest):
                 "gateway": "INVALID"
             }
         },
+        {
+            "name": "Test schedule validation",
+            "status": 400,
+            "return": 4150,
+            "payload": {
+                "type": "pass",
+                "interface": "wan",
+                "ipprotocol": "inet",
+                "protocol": "tcp",
+                "src": "any",
+                "dst": "any",
+                "srcport": "any",
+                "dstport": "any",
+                "sched": "INVALID"
+            }
+        },
     ]
     put_tests = [
         {
@@ -385,6 +401,22 @@ class APIUnitTestFirewallRule(unit_test_framework.APIUnitTest):
                 "gateway": "INVALID"
             }
         },
+        {
+            "name": "Test schedule validation",
+            "status": 400,
+            "return": 4150,
+            "payload": {
+                "type": "pass",
+                "interface": "wan",
+                "ipprotocol": "inet",
+                "protocol": "tcp",
+                "src": "any",
+                "dst": "any",
+                "srcport": "any",
+                "dstport": "any",
+                "sched": "INVALID"
+            }
+        },
     ]
     delete_tests = [
         {"name": "Delete firewall rule", "payload": {}},    # Tracker ID gets populated by post_post() method

tests/test_api_v1_firewall_schedule.py

@@ -91,8 +91,34 @@ class APIUnitTestFirewallSchedule(unit_test_framework.APIUnitTest):
                 "timerange": []
             }
         },
+        {
+            "name": "Create firewall rule using created schedule",
+            "uri": "/api/v1/firewall/rule",
+            "payload": {
+                "interface": "wan",
+                "ipprotocol": "inet",
+                "protocol": "any",
+                "type": "pass",
+                "src": "any",
+                "dst": "any",
+                "sched": "Test_Schedule"
+            }
+        }
     ]
     delete_tests = [
+        {
+            "name": "Check deleting schedule in use",
+            "status": 400,
+            "return": 4166,
+            "payload": {
+                "name": "Test_Schedule"
+            }
+        },
+        {
+            "name": "Delete firewall rule using schedule",
+            "uri": "/api/v1/firewall/rule",
+            "payload": {}
+        },
         {
             "name": "Delete firewall schedule",
             "payload": {
@@ -115,4 +141,13 @@ class APIUnitTestFirewallSchedule(unit_test_framework.APIUnitTest):
         # TODO: Add test to check inability to delete schedules while they're in use
     ]
 
+    def post_post(self):
+        # Only proceed if we have a valid post response
+        if self.post_responses:
+            # Check if the last request was a successful firewall rule creation
+            if self.post_responses[-1] and type(self.post_responses[-1]["data"]) == dict:
+                # Add the tracker to delete payload that deletes the firewall rule using the schedule
+                if self.post_responses[-1]["data"].get("tracker", None):
+                    self.delete_tests[1]["payload"]["tracker"] = self.post_responses[-1]["data"]["tracker"]
+
 APIUnitTestFirewallSchedule()