[pmg-api.git] / src / PMG / API2 / DestinationTLSPolicy.pm

package PMG::API2::DestinationTLSPolicy;

use strict;
use warnings;

use PVE::RESTHandler;
use PVE::INotify;
use PVE::Exception qw(raise_param_exc);

use PMG::Config;

use base qw(PVE::RESTHandler);

#TODO: drop the domain property with PMG 7.0

__PACKAGE__->register_method ({
    name => 'index',
    path => '',
    method => 'GET',
    description => "List tls_policy entries.",
    proxyto => 'master',
    permissions => { check => [ 'admin', 'audit' ] },
    parameters => {
	additionalProperties => 0,
	properties => {},
    },
    returns => {
	type => 'array',
	items => {
	    type => 'object',
	    properties => {
		destination => { type => 'string', format => 'transport-domain-or-nexthop'},
		domain => { type => 'string', format => 'transport-domain-or-nexthop'},
		policy => { type => 'string', format => 'tls-policy'},
	    },
	},
	links => [ { rel => 'child', href => "{destination}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $res = [];

	my $policies = PVE::INotify::read_file('tls_policy');
	foreach my $policy (sort keys %$policies) {
	    $policies->{$policy}->{domain} = $policies->{$policy}->{destination};
	    push @$res, $policies->{$policy};
	}

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'create',
    path => '',
    method => 'POST',
    proxyto => 'master',
    protected => 1,
    permissions => { check => [ 'admin' ] },
    description => "Add tls_policy entry.",
    parameters => {
	additionalProperties => 0,
	properties => {
	    domain => {
		description => "Deprecated - use 'destination'.",
		type => 'string', format => 'transport-domain-or-nexthop',
		optional => 1,
	    },
	    destination => {
		description => "Destination (Domain or next-hop).",
		type => 'string', format => 'transport-domain-or-nexthop',
		optional => 1,
	    },
	    policy => {
		description => "TLS policy",
		type => 'string', format => 'tls-policy-strict',
	    },
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;
	my $domain = $param->{domain};
	warn "Parameter 'domain' is deprecated for DestinationTLSPolicy - use 'destination'\n"
	    if defined($domain);
	my $destination = $param->{destination} // $domain;
	my $policy = $param->{policy};

	raise_param_exc({ destination => "No destination provided" })
	    if !defined($destination);

	my $code = sub {
	    my $tls_policy = PVE::INotify::read_file('tls_policy');
	    raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' already exists" })
		if $tls_policy->{$destination};

	    $tls_policy->{$destination} = {
		destination => $destination,
		policy => $param->{policy},
	    };

	    PVE::INotify::write_file('tls_policy', $tls_policy);
	    PMG::Config::postmap_tls_policy();
	};

	PMG::Config::lock_config($code, "add tls_policy entry failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'read',
    path => '{destination}',
    method => 'GET',
    description => "Read tls_policy entry.",
    proxyto => 'master',
    permissions => { check => [ 'admin', 'audit' ] },
    parameters => {
	additionalProperties => 0,
	properties => {
	    destination => {
		description => "Destination (Domain or next-hop).",
		type => 'string', format => 'transport-domain-or-nexthop',
	    },
	},
    },
    returns => {
	type => "object",
	properties => {
	    destination => { type => 'string', format => 'transport-domain-or-nexthop'},
	    domain => { type => 'string', format => 'transport-domain-or-nexthop'},
	    policy => { type => 'string', format => 'tls-policy'},
	},
    },
    code => sub {
	my ($param) = @_;
	my $destination = $param->{destination};

	my $tls_policy = PVE::INotify::read_file('tls_policy');

	if (my $entry = $tls_policy->{$destination}) {
	    $entry->{domain} = $entry->{destination};
	    return $entry;
	}

	raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" });
    }});

__PACKAGE__->register_method ({
    name => 'write',
    path => '{destination}',
    method => 'PUT',
    description => "Update tls_policy entry.",
    protected => 1,
    permissions => { check => [ 'admin' ] },
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => {
	    destination => {
		description => "Destination (Domain or next-hop).",
		type => 'string', format => 'transport-domain-or-nexthop',
	    },
	    policy => {
		description => "TLS policy",
		type => 'string', format => 'tls-policy-strict',
	    },
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;
	my $destination = $param->{destination};
	my $policy = $param->{policy};

	my $code = sub {

	    my $tls_policy = PVE::INotify::read_file('tls_policy');

	    raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" })
		if !$tls_policy->{$destination};

	    $tls_policy->{$destination}->{policy} = $policy;

	    PVE::INotify::write_file('tls_policy', $tls_policy);
	    PMG::Config::postmap_tls_policy();
	};

	PMG::Config::lock_config($code, "update tls_policy entry failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'delete',
    path => '{destination}',
    method => 'DELETE',
    description => "Delete a tls_policy entry",
    protected => 1,
    permissions => { check => [ 'admin' ] },
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => {
	    destination => {
		description => "Destination (Domain or next-hop).",
		type => 'string', format => 'transport-domain-or-nexthop',
	    },
	}
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;
	my $destination = $param->{destination};

	my $code = sub {
	    my $tls_policy = PVE::INotify::read_file('tls_policy');

	    raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" })
		if !$tls_policy->{$destination};

	    delete $tls_policy->{$destination};

	    PVE::INotify::write_file('tls_policy', $tls_policy);
	    PMG::Config::postmap_tls_policy();
	};

	PMG::Config::lock_config($code, "delete tls_policy entry failed");

	return undef;
    }});

1;
Commit	Line	Data
29fa7feb SI	1	package PMG::API2::DestinationTLSPolicy;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::RESTHandler;
	7	use PVE::INotify;
	8	use PVE::Exception qw(raise_param_exc);
	9
	10	use PMG::Config;
	11
	12	use base qw(PVE::RESTHandler);
	13
cce8e372 SI	14	#TODO: drop the domain property with PMG 7.0
cce8e372 SI	15
29fa7feb SI	16	__PACKAGE__->register_method ({
	17	name => 'index',
	18	path => '',
	19	method => 'GET',
	20	description => "List tls_policy entries.",
	21	proxyto => 'master',
	22	permissions => { check => [ 'admin', 'audit' ] },
	23	parameters => {
	24	additionalProperties => 0,
	25	properties => {},
	26	},
	27	returns => {
	28	type => 'array',
	29	items => {
	30	type => 'object',
	31	properties => {
cce8e372	32	destination => { type => 'string', format => 'transport-domain-or-nexthop'},
644487e3	33	domain => { type => 'string', format => 'transport-domain-or-nexthop'},
29fa7feb SI	34	policy => { type => 'string', format => 'tls-policy'},
	35	},
	36	},
cce8e372	37	links => [ { rel => 'child', href => "{destination}" } ],
29fa7feb SI	38	},
	39	code => sub {
	40	my ($param) = @_;
	41
	42	my $res = [];
	43
	44	my $policies = PVE::INotify::read_file('tls_policy');
	45	foreach my $policy (sort keys %$policies) {
cce8e372	46	$policies->{$policy}->{domain} = $policies->{$policy}->{destination};
29fa7feb SI	47	push @$res, $policies->{$policy};
	48	}
	49
	50	return $res;
	51	}});
	52
	53	__PACKAGE__->register_method ({
	54	name => 'create',
	55	path => '',
	56	method => 'POST',
	57	proxyto => 'master',
	58	protected => 1,
	59	permissions => { check => [ 'admin' ] },
	60	description => "Add tls_policy entry.",
	61	parameters => {
	62	additionalProperties => 0,
	63	properties => {
	64	domain => {
cce8e372 SI	65	description => "Deprecated - use 'destination'.",
	66	type => 'string', format => 'transport-domain-or-nexthop',
	67	optional => 1,
	68	},
	69	destination => {
	70	description => "Destination (Domain or next-hop).",
644487e3	71	type => 'string', format => 'transport-domain-or-nexthop',
cce8e372	72	optional => 1,
29fa7feb SI	73	},
	74	policy => {
	75	description => "TLS policy",
f1a44c5c	76	type => 'string', format => 'tls-policy-strict',
29fa7feb SI	77	},
	78	},
	79	},
	80	returns => { type => 'null' },
	81	code => sub {
	82	my ($param) = @_;
	83	my $domain = $param->{domain};
cce8e372 SI	84	warn "Parameter 'domain' is deprecated for DestinationTLSPolicy - use 'destination'\n"
	85	if defined($domain);
	86	my $destination = $param->{destination} // $domain;
f1a44c5c	87	my $policy = $param->{policy};
29fa7feb	88
cce8e372 SI	89	raise_param_exc({ destination => "No destination provided" })
	90	if !defined($destination);
	91
29fa7feb SI	92	my $code = sub {
29fa7feb SI	93	my $tls_policy = PVE::INotify::read_file('tls_policy');
cce8e372 SI	94	raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' already exists" })
cce8e372 SI	95	if $tls_policy->{$destination};
29fa7feb	96
cce8e372 SI	97	$tls_policy->{$destination} = {
cce8e372 SI	98	destination => $destination,
29fa7feb SI	99	policy => $param->{policy},
	100	};
	101
	102	PVE::INotify::write_file('tls_policy', $tls_policy);
	103	PMG::Config::postmap_tls_policy();
	104	};
	105
	106	PMG::Config::lock_config($code, "add tls_policy entry failed");
	107
	108	return undef;
	109	}});
	110
	111	__PACKAGE__->register_method ({
	112	name => 'read',
cce8e372	113	path => '{destination}',
29fa7feb SI	114	method => 'GET',
	115	description => "Read tls_policy entry.",
	116	proxyto => 'master',
	117	permissions => { check => [ 'admin', 'audit' ] },
	118	parameters => {
	119	additionalProperties => 0,
	120	properties => {
cce8e372 SI	121	destination => {
cce8e372 SI	122	description => "Destination (Domain or next-hop).",
644487e3	123	type => 'string', format => 'transport-domain-or-nexthop',
29fa7feb SI	124	},
	125	},
	126	},
	127	returns => {
	128	type => "object",
	129	properties => {
cce8e372	130	destination => { type => 'string', format => 'transport-domain-or-nexthop'},
644487e3	131	domain => { type => 'string', format => 'transport-domain-or-nexthop'},
29fa7feb SI	132	policy => { type => 'string', format => 'tls-policy'},
	133	},
	134	},
	135	code => sub {
	136	my ($param) = @_;
cce8e372	137	my $destination = $param->{destination};
29fa7feb SI	138
	139	my $tls_policy = PVE::INotify::read_file('tls_policy');
	140
cce8e372 SI	141	if (my $entry = $tls_policy->{$destination}) {
cce8e372 SI	142	$entry->{domain} = $entry->{destination};
29fa7feb SI	143	return $entry;
	144	}
	145
cce8e372	146	raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" });
29fa7feb SI	147	}});
	148
	149	__PACKAGE__->register_method ({
	150	name => 'write',
cce8e372	151	path => '{destination}',
29fa7feb SI	152	method => 'PUT',
	153	description => "Update tls_policy entry.",
	154	protected => 1,
	155	permissions => { check => [ 'admin' ] },
	156	proxyto => 'master',
	157	parameters => {
	158	additionalProperties => 0,
	159	properties => {
cce8e372 SI	160	destination => {
cce8e372 SI	161	description => "Destination (Domain or next-hop).",
644487e3	162	type => 'string', format => 'transport-domain-or-nexthop',
29fa7feb SI	163	},
	164	policy => {
	165	description => "TLS policy",
f1a44c5c	166	type => 'string', format => 'tls-policy-strict',
29fa7feb SI	167	},
	168	},
	169	},
	170	returns => { type => 'null' },
	171	code => sub {
	172	my ($param) = @_;
cce8e372	173	my $destination = $param->{destination};
f1a44c5c	174	my $policy = $param->{policy};
29fa7feb SI	175
	176	my $code = sub {
	177
	178	my $tls_policy = PVE::INotify::read_file('tls_policy');
	179
cce8e372 SI	180	raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" })
cce8e372 SI	181	if !$tls_policy->{$destination};
29fa7feb	182
cce8e372	183	$tls_policy->{$destination}->{policy} = $policy;
29fa7feb SI	184
	185	PVE::INotify::write_file('tls_policy', $tls_policy);
	186	PMG::Config::postmap_tls_policy();
	187	};
	188
	189	PMG::Config::lock_config($code, "update tls_policy entry failed");
	190
	191	return undef;
	192	}});
	193
	194	__PACKAGE__->register_method ({
	195	name => 'delete',
cce8e372	196	path => '{destination}',
29fa7feb SI	197	method => 'DELETE',
	198	description => "Delete a tls_policy entry",
	199	protected => 1,
	200	permissions => { check => [ 'admin' ] },
	201	proxyto => 'master',
	202	parameters => {
	203	additionalProperties => 0,
	204	properties => {
cce8e372 SI	205	destination => {
cce8e372 SI	206	description => "Destination (Domain or next-hop).",
644487e3	207	type => 'string', format => 'transport-domain-or-nexthop',
29fa7feb SI	208	},
	209	}
	210	},
	211	returns => { type => 'null' },
	212	code => sub {
	213	my ($param) = @_;
cce8e372	214	my $destination = $param->{destination};
29fa7feb SI	215
	216	my $code = sub {
	217	my $tls_policy = PVE::INotify::read_file('tls_policy');
	218
cce8e372 SI	219	raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" })
cce8e372 SI	220	if !$tls_policy->{$destination};
29fa7feb	221
cce8e372	222	delete $tls_policy->{$destination};
29fa7feb SI	223
	224	PVE::INotify::write_file('tls_policy', $tls_policy);
	225	PMG::Config::postmap_tls_policy();
	226	};
	227
	228	PMG::Config::lock_config($code, "delete tls_policy entry failed");
	229
	230	return undef;
	231	}});
	232
	233	1;