[pve-access-control.git] / pveum

#!/usr/bin/perl -w 

use strict;
use Getopt::Long;
use PVE::Tools qw(run_command);
use PVE::Cluster;
use PVE::SafeSyslog;
use PVE::AccessControl;
use File::Path qw(make_path remove_tree);
use Term::ReadLine;
use PVE::INotify;
use PVE::RPCEnvironment;
use PVE::API2::User;
use PVE::API2::Group;
use PVE::API2::Role;
use PVE::API2::ACL;
use PVE::API2::AccessControl;
use PVE::JSONSchema qw(get_standard_option);
use PVE::CLIHandler;

use base qw(PVE::CLIHandler);

use Data::Dumper; # fixme: remove

$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';

initlog('pveum');

#fixme: logging?

die "please run as root\n" if $> != 0;

PVE::INotify::inotify_init();

my $rpcenv = PVE::RPCEnvironment->init('cli');

$rpcenv->init_request();
$rpcenv->set_language($ENV{LANG});
$rpcenv->set_user('root@pam'); 

# autmatically generate the private key if it does not already exists
PVE::Cluster::gen_auth_key();

my $read_password = sub {

    # return $ENV{PVE_PW_TICKET} if defined($ENV{PVE_PW_TICKET});

    my $term = new Term::ReadLine ('pveum');
    my $attribs = $term->Attribs;
    $attribs->{redisplay_function} = $attribs->{shadow_redisplay};
    my $input = $term->readline('Enter new password: ');
    my $conf = $term->readline('Retype new password: ');
    die "Passwords do not match.\n" if ($input ne $conf);
    return $input;
};

my $cmddef = {
    ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
		sub {
		    my ($res) = @_;
		    print "$res->{ticket}\n";
		}],
    useradd => [ 'PVE::API2::User', 'create_user', ['userid'] ],
    usermod => [ 'PVE::API2::User', 'update_user', ['userid'] ],
    userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],

    groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
    groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
    groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],

    roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
    rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
    roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],

    aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path', 'roles'], { delete => 0 }],
    acldel => [ 'PVE::API2::ACL', 'update_acl', ['path', 'roles'], { delete => 1 }],
};

my $cmd = shift;

if ($cmd && $cmd eq 'verifyapi') {
    PVE::RESTHandler::validate_method_schemas();
    exit 0;
}

PVE::CLIHandler::handle_cmd($cmddef, "pveum", $cmd, \@ARGV, $read_password);

exit 0;

__END__

=head1 NAME

pveum - PVE User Manager

=head1 SYNOPSIS

    pveum <COMMAND> [OPTIONS]

=head1 DESCRIPTION

no description available
Commit	Line	Data
	1	#!/usr/bin/perl -w
	2
	3	use strict;
	4	use Getopt::Long;
	5	use PVE::Tools qw(run_command);
	6	use PVE::Cluster;
	7	use PVE::SafeSyslog;
	8	use PVE::AccessControl;
	9	use File::Path qw(make_path remove_tree);
	10	use Term::ReadLine;
	11	use PVE::INotify;
	12	use PVE::RPCEnvironment;
	13	use PVE::API2::User;
	14	use PVE::API2::Group;
	15	use PVE::API2::Role;
	16	use PVE::API2::ACL;
	17	use PVE::API2::AccessControl;
	18	use PVE::JSONSchema qw(get_standard_option);
	19	use PVE::CLIHandler;
	20
	21	use base qw(PVE::CLIHandler);
	22
	23	use Data::Dumper; # fixme: remove
	24
	25	$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
	26
	27	initlog('pveum');
	28
	29	#fixme: logging?
	30
	31	die "please run as root\n" if $> != 0;
	32
	33	PVE::INotify::inotify_init();
	34
	35	my $rpcenv = PVE::RPCEnvironment->init('cli');
	36
	37	$rpcenv->init_request();
	38	$rpcenv->set_language($ENV{LANG});
	39	$rpcenv->set_user('root@pam');
	40
	41	# autmatically generate the private key if it does not already exists
	42	PVE::Cluster::gen_auth_key();
	43
	44	my $read_password = sub {
	45
	46	# return $ENV{PVE_PW_TICKET} if defined($ENV{PVE_PW_TICKET});
	47
	48	my $term = new Term::ReadLine ('pveum');
	49	my $attribs = $term->Attribs;
	50	$attribs->{redisplay_function} = $attribs->{shadow_redisplay};
	51	my $input = $term->readline('Enter new password: ');
	52	my $conf = $term->readline('Retype new password: ');
	53	die "Passwords do not match.\n" if ($input ne $conf);
	54	return $input;
	55	};
	56
	57	my $cmddef = {
	58	ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
	59	sub {
	60	my ($res) = @_;
	61	print "$res->{ticket}\n";
	62	}],
	63	useradd => [ 'PVE::API2::User', 'create_user', ['userid'] ],
	64	usermod => [ 'PVE::API2::User', 'update_user', ['userid'] ],
	65	userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
	66
	67	groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
	68	groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
	69	groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
	70
	71	roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
	72	rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
	73	roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
	74
	75	aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path', 'roles'], { delete => 0 }],
	76	acldel => [ 'PVE::API2::ACL', 'update_acl', ['path', 'roles'], { delete => 1 }],
	77	};
	78
	79	my $cmd = shift;
	80
	81	if ($cmd && $cmd eq 'verifyapi') {
	82	PVE::RESTHandler::validate_method_schemas();
	83	exit 0;
	84	}
	85
	86	PVE::CLIHandler::handle_cmd($cmddef, "pveum", $cmd, \@ARGV, $read_password);
	87
	88	exit 0;
	89
	90	__END__
	91
	92	=head1 NAME
	93
	94	pveum - PVE User Manager
	95
	96	=head1 SYNOPSIS
	97
	98	pveum <COMMAND> [OPTIONS]
	99
	100	=head1 DESCRIPTION
	101
	102	no description available