[pve-access-control.git] / PVE / CLI / pveum.pm

package PVE::CLI::pveum;

use strict;
use warnings;
use Getopt::Long;
use PVE::Tools qw(run_command);
use PVE::Cluster;
use PVE::SafeSyslog;
use PVE::AccessControl;
use File::Path qw(make_path remove_tree);
use Term::ReadLine;
use PVE::INotify;
use PVE::RPCEnvironment;
use PVE::API2::User;
use PVE::API2::Group;
use PVE::API2::Role;
use PVE::API2::ACL;
use PVE::API2::AccessControl;
use PVE::JSONSchema qw(get_standard_option);
use PVE::CLIHandler;

use base qw(PVE::CLIHandler);

sub read_password {
    # return $ENV{PVE_PW_TICKET} if defined($ENV{PVE_PW_TICKET});

    my $term = new Term::ReadLine ('pveum');
    my $attribs = $term->Attribs;
    $attribs->{redisplay_function} = $attribs->{shadow_redisplay};
    my $input = $term->readline('Enter new password: ');
    my $conf = $term->readline('Retype new password: ');
    die "Passwords do not match.\n" if ($input ne $conf);
    return $input;
}

our $cmddef = {
    ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
		sub {
		    my ($res) = @_;
		    print "$res->{ticket}\n";
		}],

    passwd => [ 'PVE::API2::AccessControl', 'change_passsword', ['userid'] ],

    useradd => [ 'PVE::API2::User', 'create_user', ['userid'] ],
    usermod => [ 'PVE::API2::User', 'update_user', ['userid'] ],
    userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],

    groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
    groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
    groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],

    roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
    rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
    roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],

    aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
    acldel => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
};

1;

__END__

=head1 NAME

pveum - PVE User Manager

=head1 DESCRIPTION

Tools to manage PVE users, groups, roles and permissions. Modifying roles and permissions is complex and usually easier to handle using the GUI. So the command line interface is mainly provided for scripting purposes. 

=head1 SYNOPSIS

=include synopsis

=include pve_copyright
Commit	Line	Data
09281ad7 DM	1	package PVE::CLI::pveum;
	2
	3	use strict;
	4	use warnings;
	5	use Getopt::Long;
	6	use PVE::Tools qw(run_command);
	7	use PVE::Cluster;
	8	use PVE::SafeSyslog;
	9	use PVE::AccessControl;
	10	use File::Path qw(make_path remove_tree);
	11	use Term::ReadLine;
	12	use PVE::INotify;
	13	use PVE::RPCEnvironment;
	14	use PVE::API2::User;
	15	use PVE::API2::Group;
	16	use PVE::API2::Role;
	17	use PVE::API2::ACL;
	18	use PVE::API2::AccessControl;
	19	use PVE::JSONSchema qw(get_standard_option);
	20	use PVE::CLIHandler;
	21
	22	use base qw(PVE::CLIHandler);
	23
98007830 DM	24	sub read_password {
	25	# return $ENV{PVE_PW_TICKET} if defined($ENV{PVE_PW_TICKET});
	26
	27	my $term = new Term::ReadLine ('pveum');
	28	my $attribs = $term->Attribs;
	29	$attribs->{redisplay_function} = $attribs->{shadow_redisplay};
	30	my $input = $term->readline('Enter new password: ');
	31	my $conf = $term->readline('Retype new password: ');
	32	die "Passwords do not match.\n" if ($input ne $conf);
	33	return $input;
	34	}
	35
09281ad7 DM	36	our $cmddef = {
	37	ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
	38	sub {
	39	my ($res) = @_;
	40	print "$res->{ticket}\n";
	41	}],
	42
	43	passwd => [ 'PVE::API2::AccessControl', 'change_passsword', ['userid'] ],
	44
	45	useradd => [ 'PVE::API2::User', 'create_user', ['userid'] ],
	46	usermod => [ 'PVE::API2::User', 'update_user', ['userid'] ],
	47	userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
	48
	49	groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
	50	groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
	51	groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
	52
	53	roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
	54	rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
	55	roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
	56
	57	aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
	58	acldel => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
	59	};
	60
	61	1;
	62
	63	__END__
	64
	65	=head1 NAME
	66
	67	pveum - PVE User Manager
	68
085f3e07	69	=head1 DESCRIPTION
09281ad7	70
085f3e07	71	Tools to manage PVE users, groups, roles and permissions. Modifying roles and permissions is complex and usually easier to handle using the GUI. So the command line interface is mainly provided for scripting purposes.
09281ad7	72
085f3e07	73	=head1 SYNOPSIS
09281ad7	74
085f3e07	75	=include synopsis
09281ad7 DM	76
09281ad7 DM	77	=include pve_copyright