]> git.proxmox.com Git - pmg-api.git/blob - src/PMG/API2/DestinationTLSPolicy.pm
projects / pmg-api.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix #1948: allow setting TLS policy for transports
[pmg-api.git] / src / PMG / API2 / DestinationTLSPolicy.pm
1 package PMG::API2::DestinationTLSPolicy;
2
3 use strict;
4 use warnings;
5
6 use PVE::RESTHandler;
7 use PVE::INotify;
8 use PVE::Exception qw(raise_param_exc);
9
10 use PMG::Config;
11
12 use base qw(PVE::RESTHandler);
13
14 __PACKAGE__->register_method ({
15 name => 'index',
16 path => '',
17 method => 'GET',
18 description => "List tls_policy entries.",
19 proxyto => 'master',
20 permissions => { check => [ 'admin', 'audit' ] },
21 parameters => {
22 additionalProperties => 0,
23 properties => {},
24 },
25 returns => {
26 type => 'array',
27 items => {
28 type => 'object',
29 properties => {
30 domain => { type => 'string', format => 'transport-domain-or-nexthop'},
31 policy => { type => 'string', format => 'tls-policy'},
32 },
33 },
34 links => [ { rel => 'child', href => "{domain}" } ],
35 },
36 code => sub {
37 my ($param) = @_;
38
39 my $res = [];
40
41 my $policies = PVE::INotify::read_file('tls_policy');
42 foreach my $policy (sort keys %$policies) {
43 push @$res, $policies->{$policy};
44 }
45
46 return $res;
47 }});
48
49 __PACKAGE__->register_method ({
50 name => 'create',
51 path => '',
52 method => 'POST',
53 proxyto => 'master',
54 protected => 1,
55 permissions => { check => [ 'admin' ] },
56 description => "Add tls_policy entry.",
57 parameters => {
58 additionalProperties => 0,
59 properties => {
60 domain => {
61 description => "Domain name.",
62 type => 'string', format => 'transport-domain-or-nexthop',
63 },
64 policy => {
65 description => "TLS policy",
66 type => 'string', format => 'tls-policy-strict',
67 },
68 },
69 },
70 returns => { type => 'null' },
71 code => sub {
72 my ($param) = @_;
73 my $domain = $param->{domain};
74 my $policy = $param->{policy};
75
76 my $code = sub {
77 my $tls_policy = PVE::INotify::read_file('tls_policy');
78 raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' already exists" })
79 if $tls_policy->{$domain};
80
81 $tls_policy->{$domain} = {
82 domain => $domain,
83 policy => $param->{policy},
84 };
85
86 PVE::INotify::write_file('tls_policy', $tls_policy);
87 PMG::Config::postmap_tls_policy();
88 };
89
90 PMG::Config::lock_config($code, "add tls_policy entry failed");
91
92 return undef;
93 }});
94
95 __PACKAGE__->register_method ({
96 name => 'read',
97 path => '{domain}',
98 method => 'GET',
99 description => "Read tls_policy entry.",
100 proxyto => 'master',
101 permissions => { check => [ 'admin', 'audit' ] },
102 parameters => {
103 additionalProperties => 0,
104 properties => {
105 domain => {
106 description => "Domain name.",
107 type => 'string', format => 'transport-domain-or-nexthop',
108 },
109 },
110 },
111 returns => {
112 type => "object",
113 properties => {
114 domain => { type => 'string', format => 'transport-domain-or-nexthop'},
115 policy => { type => 'string', format => 'tls-policy'},
116 },
117 },
118 code => sub {
119 my ($param) = @_;
120 my $domain = $param->{domain};
121
122 my $tls_policy = PVE::INotify::read_file('tls_policy');
123
124 if (my $entry = $tls_policy->{$domain}) {
125 return $entry;
126 }
127
128 raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" });
129 }});
130
131 __PACKAGE__->register_method ({
132 name => 'write',
133 path => '{domain}',
134 method => 'PUT',
135 description => "Update tls_policy entry.",
136 protected => 1,
137 permissions => { check => [ 'admin' ] },
138 proxyto => 'master',
139 parameters => {
140 additionalProperties => 0,
141 properties => {
142 domain => {
143 description => "Domain name.",
144 type => 'string', format => 'transport-domain-or-nexthop',
145 },
146 policy => {
147 description => "TLS policy",
148 type => 'string', format => 'tls-policy-strict',
149 },
150 },
151 },
152 returns => { type => 'null' },
153 code => sub {
154 my ($param) = @_;
155 my $domain = $param->{domain};
156 my $policy = $param->{policy};
157
158 my $code = sub {
159
160 my $tls_policy = PVE::INotify::read_file('tls_policy');
161
162 raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" })
163 if !$tls_policy->{$domain};
164
165 $tls_policy->{$domain}->{policy} = $policy;
166
167 PVE::INotify::write_file('tls_policy', $tls_policy);
168 PMG::Config::postmap_tls_policy();
169 };
170
171 PMG::Config::lock_config($code, "update tls_policy entry failed");
172
173 return undef;
174 }});
175
176 __PACKAGE__->register_method ({
177 name => 'delete',
178 path => '{domain}',
179 method => 'DELETE',
180 description => "Delete a tls_policy entry",
181 protected => 1,
182 permissions => { check => [ 'admin' ] },
183 proxyto => 'master',
184 parameters => {
185 additionalProperties => 0,
186 properties => {
187 domain => {
188 description => "Domain name.",
189 type => 'string', format => 'transport-domain-or-nexthop',
190 },
191 }
192 },
193 returns => { type => 'null' },
194 code => sub {
195 my ($param) = @_;
196 my $domain = $param->{domain};
197
198 my $code = sub {
199 my $tls_policy = PVE::INotify::read_file('tls_policy');
200
201 raise_param_exc({ domain => "DestinationTLSPolicy entry for '$domain' does not exist" })
202 if !$tls_policy->{$domain};
203
204 delete $tls_policy->{$domain};
205
206 PVE::INotify::write_file('tls_policy', $tls_policy);
207 PMG::Config::postmap_tls_policy();
208 };
209
210 PMG::Config::lock_config($code, "delete tls_policy entry failed");
211
212 return undef;
213 }});
214
215 1;
PMG API