PVE/CLI/pveum.pm

   1 package PVE::CLI::pveum;
   2
   3 use strict;
   4 use warnings;
   5
   6 use PVE::AccessControl;
   7 use PVE::RPCEnvironment;
   8 use PVE::API2::User;
   9 use PVE::API2::Group;
  10 use PVE::API2::Role;
  11 use PVE::API2::ACL;
  12 use PVE::API2::AccessControl;
  13 use PVE::CLIFormatter;
  14 use PVE::CLIHandler;
  15 use PVE::JSONSchema qw(get_standard_option);
  16 use PVE::PTY;
  17 use PVE::RESTHandler;
  18 use PVE::Tools qw(extract_param);
  19
  20 use base qw(PVE::CLIHandler);
  21
  22 sub setup_environment {
  23     PVE::RPCEnvironment->setup_default_cli_env();
  24 }
  25
  26 sub param_mapping {
  27     my ($name) = @_;
  28
  29     my $mapping = {
  30         'change_password' => [
  31             PVE::CLIHandler::get_standard_mapping('pve-password'),
  32         ],
  33         'create_ticket' => [
  34             PVE::CLIHandler::get_standard_mapping('pve-password', {
  35                 func => sub {
  36                     # do not accept values given on cmdline
  37                     return PVE::PTY::read_password('Enter password: ');
  38                 },
  39             }),
  40         ]
  41     };
  42
  43     return $mapping->{$name};
  44 }
  45
  46 my $print_api_result = sub {
  47     my ($data, $schema, $options) = @_;
  48     PVE::CLIFormatter::print_api_result($data, $schema, undef, $options);
  49 };
  50
  51 my $print_perm_result = sub {
  52     my ($data, $schema, $options) = @_;
  53
  54     if (!defined($options->{'output-format'}) || $options->{'output-format'} eq 'text') {
  55         my $table_schema = {
  56             type => 'array',
  57             items => {
  58                 type => 'object',
  59                 properties => {
  60                     'path' => { type => 'string', title => 'ACL path' },
  61                     'permissions' => { type => 'string', title => 'Permissions' },
  62                 },
  63             },
  64         };
  65         my $table_data = [];
  66         foreach my $path (sort keys %$data) {
  67             my $value = '';
  68             my $curr = $data->{$path};
  69             foreach my $perm (sort keys %$curr) {
  70                 $value .= "\n" if $value;
  71                 $value .= $perm;
  72                 $value .= " (*)" if $curr->{$perm};
  73             }
  74             push @$table_data, { path => $path, permissions => $value };
  75         }
  76         PVE::CLIFormatter::print_api_result($table_data, $table_schema, undef, $options);
  77         print "Permissions marked with '(*)' have the 'propagate' flag set.\n";
  78     } else {
  79         PVE::CLIFormatter::print_api_result($data, $schema, undef, $options);
  80     }
  81 };
  82
  83 __PACKAGE__->register_method({
  84     name => 'token_permissions',
  85     path => 'token_permissions',
  86     method => 'GET',
  87     description => 'Retrieve effective permissions of given token.',
  88     parameters => {
  89         additionalProperties => 0,
  90         properties => {
  91             userid => get_standard_option('userid'),
  92             tokenid => get_standard_option('token-subid'),
  93             path => get_standard_option('acl-path', {
  94                 description => "Only dump this specific path, not the whole tree.",
  95                 optional => 1,
  96             }),
  97         },
  98     },
  99     returns => {
 100         type => 'object',
 101         description => 'Hash of structure "path" => "privilege" => "propagate boolean".',
 102     },
 103     code => sub {
 104         my ($param) = @_;
 105
 106         my $token_subid = extract_param($param, "tokenid");
 107         $param->{userid} = PVE::AccessControl::join_tokenid($param->{userid}, $token_subid);
 108
 109         return PVE::API2::AccessControl->permissions($param);
 110     }});
 111
 112 our $cmddef = {
 113     user => {
 114         add    => [ 'PVE::API2::User', 'create_user', ['userid'] ],
 115         modify => [ 'PVE::API2::User', 'update_user', ['userid'] ],
 116         delete => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
 117         list   => [ 'PVE::API2::User', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
 118         permissions => [ 'PVE::API2::AccessControl', 'permissions', ['userid'], {}, $print_perm_result, $PVE::RESTHandler::standard_output_options],
 119         token => {
 120             add    => [ 'PVE::API2::User', 'generate_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ],
 121             modify    => [ 'PVE::API2::User', 'update_token_info', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ],
 122             remove    => [ 'PVE::API2::User', 'remove_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ],
 123             list   => [ 'PVE::API2::User', 'token_index', ['userid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
 124             permissions => [ __PACKAGE__, 'token_permissions', ['userid', 'tokenid'], {}, $print_perm_result, $PVE::RESTHandler::standard_output_options],
 125         }
 126     },
 127     group => {
 128         add    => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
 129         modify => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
 130         delete => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
 131         list   => [ 'PVE::API2::Group', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
 132     },
 133     role => {
 134         add    => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
 135         modify => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
 136         delete => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
 137         list   => [ 'PVE::API2::Role', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
 138     },
 139     acl => {
 140         modify => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
 141         delete => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
 142         list   => [ 'PVE::API2::ACL', 'read_acl', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options],
 143     },
 144     ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
 145                 sub {
 146                     my ($res) = @_;
 147                     print "$res->{ticket}\n";
 148                 }],
 149
 150     passwd => [ 'PVE::API2::AccessControl', 'change_password', ['userid'] ],
 151
 152     useradd => { alias => 'user add' },
 153     usermod => { alias => 'user modify' },
 154     userdel => { alias => 'user delete' },
 155
 156     groupadd => { alias => 'group add' },
 157     groupmod => { alias => 'group modify' },
 158     groupdel => { alias => 'group delete' },
 159
 160     roleadd => { alias => 'role add' },
 161     rolemod => { alias => 'role modify' },
 162     roledel => { alias => 'role delete' },
 163
 164     aclmod => { alias => 'acl modify' },
 165     acldel => { alias => 'acl delete' },
 166 };
 167
 168 1;