]>
Commit | Line | Data |
---|---|---|
29fa7feb SI |
1 | package PMG::API2::DestinationTLSPolicy; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::RESTHandler; | |
7 | use PVE::INotify; | |
8 | use PVE::Exception qw(raise_param_exc); | |
9 | ||
10 | use PMG::Config; | |
11 | ||
12 | use base qw(PVE::RESTHandler); | |
13 | ||
14 | __PACKAGE__->register_method ({ | |
15 | name => 'index', | |
16 | path => '', | |
17 | method => 'GET', | |
18 | description => "List tls_policy entries.", | |
19 | proxyto => 'master', | |
20 | permissions => { check => [ 'admin', 'audit' ] }, | |
21 | parameters => { | |
22 | additionalProperties => 0, | |
23 | properties => {}, | |
24 | }, | |
25 | returns => { | |
26 | type => 'array', | |
27 | items => { | |
28 | type => 'object', | |
29 | properties => { | |
30 | domain => { type => 'string', format => 'transport-domain'}, | |
31 | policy => { type => 'string', format => 'tls-policy'}, | |
32 | }, | |
33 | }, | |
34 | links => [ { rel => 'child', href => "{domain}" } ], | |
35 | }, | |
36 | code => sub { | |
37 | my ($param) = @_; | |
38 | ||
39 | my $res = []; | |
40 | ||
41 | my $policies = PVE::INotify::read_file('tls_policy'); | |
42 | foreach my $policy (sort keys %$policies) { | |
43 | push @$res, $policies->{$policy}; | |
44 | } | |
45 | ||
46 | return $res; | |
47 | }}); | |
48 | ||
49 | __PACKAGE__->register_method ({ | |
50 | name => 'create', | |
51 | path => '', | |
52 | method => 'POST', | |
53 | proxyto => 'master', | |
54 | protected => 1, | |
55 | permissions => { check => [ 'admin' ] }, | |
56 | description => "Add tls_policy entry.", | |
57 | parameters => { | |
58 | additionalProperties => 0, | |
59 | properties => { | |
60 | domain => { | |
61 | description => "Domain name.", | |
62 | type => 'string', format => 'transport-domain', | |
63 | }, | |
64 | policy => { | |
65 | description => "TLS policy", | |
66 | type => 'string', format => 'tls-policy', | |
67 | }, | |
68 | }, | |
69 | }, | |
70 | returns => { type => 'null' }, | |
71 | code => sub { | |
72 | my ($param) = @_; | |
73 | my $domain = $param->{domain}; | |
550f4c47 SI |
74 | my $policy = PMG::Config::pmg_verify_tls_policy_strict($param->{policy}); |
75 | ||
76 | raise_param_exc({ policy => "$param->{policy} is not a valid TLSPolicy" }) | |
77 | if ! defined($policy); | |
29fa7feb SI |
78 | |
79 | my $code = sub { | |
80 | my $tls_policy = PVE::INotify::read_file('tls_policy'); | |
81 | raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' already exists" }) | |
82 | if $tls_policy->{$domain}; | |
83 | ||
84 | $tls_policy->{$domain} = { | |
85 | domain => $domain, | |
86 | policy => $param->{policy}, | |
87 | }; | |
88 | ||
89 | PVE::INotify::write_file('tls_policy', $tls_policy); | |
90 | PMG::Config::postmap_tls_policy(); | |
91 | }; | |
92 | ||
93 | PMG::Config::lock_config($code, "add tls_policy entry failed"); | |
94 | ||
95 | return undef; | |
96 | }}); | |
97 | ||
98 | __PACKAGE__->register_method ({ | |
99 | name => 'read', | |
100 | path => '{domain}', | |
101 | method => 'GET', | |
102 | description => "Read tls_policy entry.", | |
103 | proxyto => 'master', | |
104 | permissions => { check => [ 'admin', 'audit' ] }, | |
105 | parameters => { | |
106 | additionalProperties => 0, | |
107 | properties => { | |
108 | domain => { | |
109 | description => "Domain name.", | |
110 | type => 'string', format => 'transport-domain', | |
111 | }, | |
112 | }, | |
113 | }, | |
114 | returns => { | |
115 | type => "object", | |
116 | properties => { | |
117 | domain => { type => 'string', format => 'transport-domain'}, | |
118 | policy => { type => 'string', format => 'tls-policy'}, | |
119 | }, | |
120 | }, | |
121 | code => sub { | |
122 | my ($param) = @_; | |
123 | my $domain = $param->{domain}; | |
124 | ||
125 | my $tls_policy = PVE::INotify::read_file('tls_policy'); | |
126 | ||
127 | if (my $entry = $tls_policy->{$domain}) { | |
128 | return $entry; | |
129 | } | |
130 | ||
131 | raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" }); | |
132 | }}); | |
133 | ||
134 | __PACKAGE__->register_method ({ | |
135 | name => 'write', | |
136 | path => '{domain}', | |
137 | method => 'PUT', | |
138 | description => "Update tls_policy entry.", | |
139 | protected => 1, | |
140 | permissions => { check => [ 'admin' ] }, | |
141 | proxyto => 'master', | |
142 | parameters => { | |
143 | additionalProperties => 0, | |
144 | properties => { | |
145 | domain => { | |
146 | description => "Domain name.", | |
147 | type => 'string', format => 'transport-domain', | |
148 | }, | |
149 | policy => { | |
150 | description => "TLS policy", | |
151 | type => 'string', format => 'tls-policy', | |
152 | }, | |
153 | }, | |
154 | }, | |
155 | returns => { type => 'null' }, | |
156 | code => sub { | |
157 | my ($param) = @_; | |
158 | my $domain = $param->{domain}; | |
550f4c47 SI |
159 | my $policy = PMG::Config::pmg_verify_tls_policy_strict($param->{policy}); |
160 | ||
161 | raise_param_exc({ policy => "$param->{policy} is not a valid TLSPolicy" }) | |
162 | if ! defined($policy); | |
29fa7feb SI |
163 | |
164 | my $code = sub { | |
165 | ||
166 | my $tls_policy = PVE::INotify::read_file('tls_policy'); | |
167 | ||
168 | raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" }) | |
169 | if !$tls_policy->{$domain}; | |
170 | ||
171 | $tls_policy->{$domain}->{policy} = $policy; | |
172 | ||
173 | PVE::INotify::write_file('tls_policy', $tls_policy); | |
174 | PMG::Config::postmap_tls_policy(); | |
175 | }; | |
176 | ||
177 | PMG::Config::lock_config($code, "update tls_policy entry failed"); | |
178 | ||
179 | return undef; | |
180 | }}); | |
181 | ||
182 | __PACKAGE__->register_method ({ | |
183 | name => 'delete', | |
184 | path => '{domain}', | |
185 | method => 'DELETE', | |
186 | description => "Delete a tls_policy entry", | |
187 | protected => 1, | |
188 | permissions => { check => [ 'admin' ] }, | |
189 | proxyto => 'master', | |
190 | parameters => { | |
191 | additionalProperties => 0, | |
192 | properties => { | |
193 | domain => { | |
194 | description => "Domain name.", | |
195 | type => 'string', format => 'transport-domain', | |
196 | }, | |
197 | } | |
198 | }, | |
199 | returns => { type => 'null' }, | |
200 | code => sub { | |
201 | my ($param) = @_; | |
202 | my $domain = $param->{domain}; | |
203 | ||
204 | my $code = sub { | |
205 | my $tls_policy = PVE::INotify::read_file('tls_policy'); | |
206 | ||
207 | raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" }) | |
208 | if !$tls_policy->{$domain}; | |
209 | ||
210 | delete $tls_policy->{$domain}; | |
211 | ||
212 | PVE::INotify::write_file('tls_policy', $tls_policy); | |
213 | PMG::Config::postmap_tls_policy(); | |
214 | }; | |
215 | ||
216 | PMG::Config::lock_config($code, "delete tls_policy entry failed"); | |
217 | ||
218 | return undef; | |
219 | }}); | |
220 | ||
221 | 1; |