]>
Commit | Line | Data |
---|---|---|
29fa7feb SI |
1 | package PMG::API2::DestinationTLSPolicy; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::RESTHandler; | |
7 | use PVE::INotify; | |
8 | use PVE::Exception qw(raise_param_exc); | |
9 | ||
10 | use PMG::Config; | |
11 | ||
12 | use base qw(PVE::RESTHandler); | |
13 | ||
cce8e372 SI |
14 | #TODO: drop the domain property with PMG 7.0 |
15 | ||
29fa7feb SI |
16 | __PACKAGE__->register_method ({ |
17 | name => 'index', | |
18 | path => '', | |
19 | method => 'GET', | |
20 | description => "List tls_policy entries.", | |
21 | proxyto => 'master', | |
22 | permissions => { check => [ 'admin', 'audit' ] }, | |
23 | parameters => { | |
24 | additionalProperties => 0, | |
25 | properties => {}, | |
26 | }, | |
27 | returns => { | |
28 | type => 'array', | |
29 | items => { | |
30 | type => 'object', | |
31 | properties => { | |
cce8e372 | 32 | destination => { type => 'string', format => 'transport-domain-or-nexthop'}, |
644487e3 | 33 | domain => { type => 'string', format => 'transport-domain-or-nexthop'}, |
29fa7feb SI |
34 | policy => { type => 'string', format => 'tls-policy'}, |
35 | }, | |
36 | }, | |
cce8e372 | 37 | links => [ { rel => 'child', href => "{destination}" } ], |
29fa7feb SI |
38 | }, |
39 | code => sub { | |
40 | my ($param) = @_; | |
41 | ||
42 | my $res = []; | |
43 | ||
44 | my $policies = PVE::INotify::read_file('tls_policy'); | |
45 | foreach my $policy (sort keys %$policies) { | |
cce8e372 | 46 | $policies->{$policy}->{domain} = $policies->{$policy}->{destination}; |
29fa7feb SI |
47 | push @$res, $policies->{$policy}; |
48 | } | |
49 | ||
50 | return $res; | |
51 | }}); | |
52 | ||
53 | __PACKAGE__->register_method ({ | |
54 | name => 'create', | |
55 | path => '', | |
56 | method => 'POST', | |
57 | proxyto => 'master', | |
58 | protected => 1, | |
59 | permissions => { check => [ 'admin' ] }, | |
60 | description => "Add tls_policy entry.", | |
61 | parameters => { | |
62 | additionalProperties => 0, | |
63 | properties => { | |
64 | domain => { | |
cce8e372 SI |
65 | description => "Deprecated - use 'destination'.", |
66 | type => 'string', format => 'transport-domain-or-nexthop', | |
67 | optional => 1, | |
68 | }, | |
69 | destination => { | |
70 | description => "Destination (Domain or next-hop).", | |
644487e3 | 71 | type => 'string', format => 'transport-domain-or-nexthop', |
cce8e372 | 72 | optional => 1, |
29fa7feb SI |
73 | }, |
74 | policy => { | |
75 | description => "TLS policy", | |
f1a44c5c | 76 | type => 'string', format => 'tls-policy-strict', |
29fa7feb SI |
77 | }, |
78 | }, | |
79 | }, | |
80 | returns => { type => 'null' }, | |
81 | code => sub { | |
82 | my ($param) = @_; | |
83 | my $domain = $param->{domain}; | |
cce8e372 SI |
84 | warn "Parameter 'domain' is deprecated for DestinationTLSPolicy - use 'destination'\n" |
85 | if defined($domain); | |
86 | my $destination = $param->{destination} // $domain; | |
f1a44c5c | 87 | my $policy = $param->{policy}; |
29fa7feb | 88 | |
cce8e372 SI |
89 | raise_param_exc({ destination => "No destination provided" }) |
90 | if !defined($destination); | |
91 | ||
29fa7feb SI |
92 | my $code = sub { |
93 | my $tls_policy = PVE::INotify::read_file('tls_policy'); | |
cce8e372 SI |
94 | raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' already exists" }) |
95 | if $tls_policy->{$destination}; | |
29fa7feb | 96 | |
cce8e372 SI |
97 | $tls_policy->{$destination} = { |
98 | destination => $destination, | |
29fa7feb SI |
99 | policy => $param->{policy}, |
100 | }; | |
101 | ||
102 | PVE::INotify::write_file('tls_policy', $tls_policy); | |
103 | PMG::Config::postmap_tls_policy(); | |
104 | }; | |
105 | ||
106 | PMG::Config::lock_config($code, "add tls_policy entry failed"); | |
107 | ||
108 | return undef; | |
109 | }}); | |
110 | ||
111 | __PACKAGE__->register_method ({ | |
112 | name => 'read', | |
cce8e372 | 113 | path => '{destination}', |
29fa7feb SI |
114 | method => 'GET', |
115 | description => "Read tls_policy entry.", | |
116 | proxyto => 'master', | |
117 | permissions => { check => [ 'admin', 'audit' ] }, | |
118 | parameters => { | |
119 | additionalProperties => 0, | |
120 | properties => { | |
cce8e372 SI |
121 | destination => { |
122 | description => "Destination (Domain or next-hop).", | |
644487e3 | 123 | type => 'string', format => 'transport-domain-or-nexthop', |
29fa7feb SI |
124 | }, |
125 | }, | |
126 | }, | |
127 | returns => { | |
128 | type => "object", | |
129 | properties => { | |
cce8e372 | 130 | destination => { type => 'string', format => 'transport-domain-or-nexthop'}, |
644487e3 | 131 | domain => { type => 'string', format => 'transport-domain-or-nexthop'}, |
29fa7feb SI |
132 | policy => { type => 'string', format => 'tls-policy'}, |
133 | }, | |
134 | }, | |
135 | code => sub { | |
136 | my ($param) = @_; | |
cce8e372 | 137 | my $destination = $param->{destination}; |
29fa7feb SI |
138 | |
139 | my $tls_policy = PVE::INotify::read_file('tls_policy'); | |
140 | ||
cce8e372 SI |
141 | if (my $entry = $tls_policy->{$destination}) { |
142 | $entry->{domain} = $entry->{destination}; | |
29fa7feb SI |
143 | return $entry; |
144 | } | |
145 | ||
cce8e372 | 146 | raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" }); |
29fa7feb SI |
147 | }}); |
148 | ||
149 | __PACKAGE__->register_method ({ | |
150 | name => 'write', | |
cce8e372 | 151 | path => '{destination}', |
29fa7feb SI |
152 | method => 'PUT', |
153 | description => "Update tls_policy entry.", | |
154 | protected => 1, | |
155 | permissions => { check => [ 'admin' ] }, | |
156 | proxyto => 'master', | |
157 | parameters => { | |
158 | additionalProperties => 0, | |
159 | properties => { | |
cce8e372 SI |
160 | destination => { |
161 | description => "Destination (Domain or next-hop).", | |
644487e3 | 162 | type => 'string', format => 'transport-domain-or-nexthop', |
29fa7feb SI |
163 | }, |
164 | policy => { | |
165 | description => "TLS policy", | |
f1a44c5c | 166 | type => 'string', format => 'tls-policy-strict', |
29fa7feb SI |
167 | }, |
168 | }, | |
169 | }, | |
170 | returns => { type => 'null' }, | |
171 | code => sub { | |
172 | my ($param) = @_; | |
cce8e372 | 173 | my $destination = $param->{destination}; |
f1a44c5c | 174 | my $policy = $param->{policy}; |
29fa7feb SI |
175 | |
176 | my $code = sub { | |
177 | ||
178 | my $tls_policy = PVE::INotify::read_file('tls_policy'); | |
179 | ||
cce8e372 SI |
180 | raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" }) |
181 | if !$tls_policy->{$destination}; | |
29fa7feb | 182 | |
cce8e372 | 183 | $tls_policy->{$destination}->{policy} = $policy; |
29fa7feb SI |
184 | |
185 | PVE::INotify::write_file('tls_policy', $tls_policy); | |
186 | PMG::Config::postmap_tls_policy(); | |
187 | }; | |
188 | ||
189 | PMG::Config::lock_config($code, "update tls_policy entry failed"); | |
190 | ||
191 | return undef; | |
192 | }}); | |
193 | ||
194 | __PACKAGE__->register_method ({ | |
195 | name => 'delete', | |
cce8e372 | 196 | path => '{destination}', |
29fa7feb SI |
197 | method => 'DELETE', |
198 | description => "Delete a tls_policy entry", | |
199 | protected => 1, | |
200 | permissions => { check => [ 'admin' ] }, | |
201 | proxyto => 'master', | |
202 | parameters => { | |
203 | additionalProperties => 0, | |
204 | properties => { | |
cce8e372 SI |
205 | destination => { |
206 | description => "Destination (Domain or next-hop).", | |
644487e3 | 207 | type => 'string', format => 'transport-domain-or-nexthop', |
29fa7feb SI |
208 | }, |
209 | } | |
210 | }, | |
211 | returns => { type => 'null' }, | |
212 | code => sub { | |
213 | my ($param) = @_; | |
cce8e372 | 214 | my $destination = $param->{destination}; |
29fa7feb SI |
215 | |
216 | my $code = sub { | |
217 | my $tls_policy = PVE::INotify::read_file('tls_policy'); | |
218 | ||
cce8e372 SI |
219 | raise_param_exc({ destination => "DestinationTLSPolicy entry for '$destination' does not exist" }) |
220 | if !$tls_policy->{$destination}; | |
29fa7feb | 221 | |
cce8e372 | 222 | delete $tls_policy->{$destination}; |
29fa7feb SI |
223 | |
224 | PVE::INotify::write_file('tls_policy', $tls_policy); | |
225 | PMG::Config::postmap_tls_policy(); | |
226 | }; | |
227 | ||
228 | PMG::Config::lock_config($code, "delete tls_policy entry failed"); | |
229 | ||
230 | return undef; | |
231 | }}); | |
232 | ||
233 | 1; |