[pmg-api.git] / PMG / API2 / DestinationTLSPolicy.pm

package PMG::API2::DestinationTLSPolicy;

use strict;
use warnings;

use PVE::RESTHandler;
use PVE::INotify;
use PVE::Exception qw(raise_param_exc);

use PMG::Config;

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method ({
    name => 'index',
    path => '',
    method => 'GET',
    description => "List tls_policy entries.",
    proxyto => 'master',
    permissions => { check => [ 'admin', 'audit' ] },
    parameters => {
	additionalProperties => 0,
	properties => {},
    },
    returns => {
	type => 'array',
	items => {
	    type => 'object',
	    properties => {
		domain => { type => 'string', format => 'transport-domain'},
		policy => { type => 'string', format => 'tls-policy'},
	    },
	},
	links => [ { rel => 'child', href => "{domain}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $res = [];

	my $policies = PVE::INotify::read_file('tls_policy');
	foreach my $policy (sort keys %$policies) {
	    push @$res, $policies->{$policy};
	}

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'create',
    path => '',
    method => 'POST',
    proxyto => 'master',
    protected => 1,
    permissions => { check => [ 'admin' ] },
    description => "Add tls_policy entry.",
    parameters => {
	additionalProperties => 0,
	properties => {
	    domain => {
		description => "Domain name.",
		type => 'string', format => 'transport-domain',
	    },
	    policy => {
		description => "TLS policy",
		type => 'string', format => 'tls-policy',
	    },
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;
	my $domain = $param->{domain};
	my $policy = PMG::Config::pmg_verify_tls_policy_strict($param->{policy});

	raise_param_exc({ policy => "$param->{policy} is not a valid TLSPolicy" })
	    if ! defined($policy);

	my $code = sub {
	    my $tls_policy = PVE::INotify::read_file('tls_policy');
	    raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' already exists" })
		if $tls_policy->{$domain};

	    $tls_policy->{$domain} = {
		domain => $domain,
		policy => $param->{policy},
	    };

	    PVE::INotify::write_file('tls_policy', $tls_policy);
	    PMG::Config::postmap_tls_policy();
	};

	PMG::Config::lock_config($code, "add tls_policy entry failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'read',
    path => '{domain}',
    method => 'GET',
    description => "Read tls_policy entry.",
    proxyto => 'master',
    permissions => { check => [ 'admin', 'audit' ] },
    parameters => {
	additionalProperties => 0,
	properties => {
	    domain => {
		description => "Domain name.",
		type => 'string', format => 'transport-domain',
	    },
	},
    },
    returns => {
	type => "object",
	properties => {
	    domain => { type => 'string', format => 'transport-domain'},
	    policy => { type => 'string', format => 'tls-policy'},
	},
    },
    code => sub {
	my ($param) = @_;
	my $domain = $param->{domain};

	my $tls_policy = PVE::INotify::read_file('tls_policy');

	if (my $entry = $tls_policy->{$domain}) {
	    return $entry;
	}

	raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" });
    }});

__PACKAGE__->register_method ({
    name => 'write',
    path => '{domain}',
    method => 'PUT',
    description => "Update tls_policy entry.",
    protected => 1,
    permissions => { check => [ 'admin' ] },
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => {
	    domain => {
		description => "Domain name.",
		type => 'string', format => 'transport-domain',
	    },
	    policy => {
		description => "TLS policy",
		type => 'string', format => 'tls-policy',
	    },
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;
	my $domain = $param->{domain};
	my $policy = PMG::Config::pmg_verify_tls_policy_strict($param->{policy});

	raise_param_exc({ policy => "$param->{policy} is not a valid TLSPolicy" })
	    if ! defined($policy);

	my $code = sub {

	    my $tls_policy = PVE::INotify::read_file('tls_policy');

	    raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" })
		if !$tls_policy->{$domain};

	    $tls_policy->{$domain}->{policy} = $policy;

	    PVE::INotify::write_file('tls_policy', $tls_policy);
	    PMG::Config::postmap_tls_policy();
	};

	PMG::Config::lock_config($code, "update tls_policy entry failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'delete',
    path => '{domain}',
    method => 'DELETE',
    description => "Delete a tls_policy entry",
    protected => 1,
    permissions => { check => [ 'admin' ] },
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => {
	    domain => {
		description => "Domain name.",
		type => 'string', format => 'transport-domain',
	    },
	}
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;
	my $domain = $param->{domain};

	my $code = sub {
	    my $tls_policy = PVE::INotify::read_file('tls_policy');

	    raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" })
		if !$tls_policy->{$domain};

	    delete $tls_policy->{$domain};

	    PVE::INotify::write_file('tls_policy', $tls_policy);
	    PMG::Config::postmap_tls_policy();
	};

	PMG::Config::lock_config($code, "delete tls_policy entry failed");

	return undef;
    }});

1;
Commit	Line	Data
29fa7feb SI	1	package PMG::API2::DestinationTLSPolicy;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::RESTHandler;
	7	use PVE::INotify;
	8	use PVE::Exception qw(raise_param_exc);
	9
	10	use PMG::Config;
	11
	12	use base qw(PVE::RESTHandler);
	13
	14	__PACKAGE__->register_method ({
	15	name => 'index',
	16	path => '',
	17	method => 'GET',
	18	description => "List tls_policy entries.",
	19	proxyto => 'master',
	20	permissions => { check => [ 'admin', 'audit' ] },
	21	parameters => {
	22	additionalProperties => 0,
	23	properties => {},
	24	},
	25	returns => {
	26	type => 'array',
	27	items => {
	28	type => 'object',
	29	properties => {
	30	domain => { type => 'string', format => 'transport-domain'},
	31	policy => { type => 'string', format => 'tls-policy'},
	32	},
	33	},
	34	links => [ { rel => 'child', href => "{domain}" } ],
	35	},
	36	code => sub {
	37	my ($param) = @_;
	38
	39	my $res = [];
	40
	41	my $policies = PVE::INotify::read_file('tls_policy');
	42	foreach my $policy (sort keys %$policies) {
	43	push @$res, $policies->{$policy};
	44	}
	45
	46	return $res;
	47	}});
	48
	49	__PACKAGE__->register_method ({
	50	name => 'create',
	51	path => '',
	52	method => 'POST',
	53	proxyto => 'master',
	54	protected => 1,
	55	permissions => { check => [ 'admin' ] },
	56	description => "Add tls_policy entry.",
	57	parameters => {
	58	additionalProperties => 0,
	59	properties => {
	60	domain => {
	61	description => "Domain name.",
	62	type => 'string', format => 'transport-domain',
	63	},
	64	policy => {
65	description => "TLS policy",
66	type => 'string', format => 'tls-policy',
67	},
68	},
69	},
70	returns => { type => 'null' },
71	code => sub {
72	my ($param) = @_;
73	my $domain = $param->{domain};
550f4c47 SI	74	my $policy = PMG::Config::pmg_verify_tls_policy_strict($param->{policy});
	75
	76	raise_param_exc({ policy => "$param->{policy} is not a valid TLSPolicy" })
	77	if ! defined($policy);
29fa7feb SI	78
	79	my $code = sub {
	80	my $tls_policy = PVE::INotify::read_file('tls_policy');
	81	raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' already exists" })
	82	if $tls_policy->{$domain};
	83
	84	$tls_policy->{$domain} = {
	85	domain => $domain,
	86	policy => $param->{policy},
	87	};
	88
	89	PVE::INotify::write_file('tls_policy', $tls_policy);
	90	PMG::Config::postmap_tls_policy();
	91	};
	92
	93	PMG::Config::lock_config($code, "add tls_policy entry failed");
	94
	95	return undef;
	96	}});
	97
	98	__PACKAGE__->register_method ({
	99	name => 'read',
	100	path => '{domain}',
	101	method => 'GET',
	102	description => "Read tls_policy entry.",
	103	proxyto => 'master',
	104	permissions => { check => [ 'admin', 'audit' ] },
	105	parameters => {
	106	additionalProperties => 0,
	107	properties => {
	108	domain => {
	109	description => "Domain name.",
	110	type => 'string', format => 'transport-domain',
	111	},
	112	},
	113	},
	114	returns => {
	115	type => "object",
	116	properties => {
	117	domain => { type => 'string', format => 'transport-domain'},
	118	policy => { type => 'string', format => 'tls-policy'},
	119	},
	120	},
	121	code => sub {
	122	my ($param) = @_;
	123	my $domain = $param->{domain};
	124
	125	my $tls_policy = PVE::INotify::read_file('tls_policy');
	126
	127	if (my $entry = $tls_policy->{$domain}) {
	128	return $entry;
	129	}
	130
	131	raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" });
	132	}});
	133
	134	__PACKAGE__->register_method ({
	135	name => 'write',
	136	path => '{domain}',
	137	method => 'PUT',
	138	description => "Update tls_policy entry.",
	139	protected => 1,
	140	permissions => { check => [ 'admin' ] },
	141	proxyto => 'master',
142	parameters => {
143	additionalProperties => 0,
144	properties => {
145	domain => {
146	description => "Domain name.",
147	type => 'string', format => 'transport-domain',
148	},
149	policy => {
150	description => "TLS policy",
151	type => 'string', format => 'tls-policy',
152	},
153	},
154	},
155	returns => { type => 'null' },
156	code => sub {
157	my ($param) = @_;
158	my $domain = $param->{domain};
550f4c47 SI	159	my $policy = PMG::Config::pmg_verify_tls_policy_strict($param->{policy});
	160
	161	raise_param_exc({ policy => "$param->{policy} is not a valid TLSPolicy" })
	162	if ! defined($policy);
29fa7feb SI	163
	164	my $code = sub {
	165
	166	my $tls_policy = PVE::INotify::read_file('tls_policy');
	167
	168	raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" })
	169	if !$tls_policy->{$domain};
	170
	171	$tls_policy->{$domain}->{policy} = $policy;
	172
	173	PVE::INotify::write_file('tls_policy', $tls_policy);
	174	PMG::Config::postmap_tls_policy();
	175	};
	176
	177	PMG::Config::lock_config($code, "update tls_policy entry failed");
	178
	179	return undef;
	180	}});
	181
	182	__PACKAGE__->register_method ({
	183	name => 'delete',
	184	path => '{domain}',
	185	method => 'DELETE',
	186	description => "Delete a tls_policy entry",
	187	protected => 1,
	188	permissions => { check => [ 'admin' ] },
	189	proxyto => 'master',
	190	parameters => {
	191	additionalProperties => 0,
	192	properties => {
	193	domain => {
	194	description => "Domain name.",
	195	type => 'string', format => 'transport-domain',
	196	},
	197	}
	198	},
	199	returns => { type => 'null' },
	200	code => sub {
	201	my ($param) = @_;
	202	my $domain = $param->{domain};
	203
	204	my $code = sub {
	205	my $tls_policy = PVE::INotify::read_file('tls_policy');
	206
	207	raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" })
	208	if !$tls_policy->{$domain};
	209
	210	delete $tls_policy->{$domain};
	211
	212	PVE::INotify::write_file('tls_policy', $tls_policy);
	213	PMG::Config::postmap_tls_policy();
	214	};
	215
	216	PMG::Config::lock_config($code, "delete tls_policy entry failed");
	217
	218	return undef;
	219	}});
	220
	221	1;