]>
git.proxmox.com Git - pve-access-control.git/blob - src/PVE/CLI/pveum.pm
1 package PVE
::CLI
::pveum
;
6 use PVE
::AccessControl
;
7 use PVE
::RPCEnvironment
;
12 use PVE
::API2
::AccessControl
;
13 use PVE
::API2
::Domains
;
15 use PVE
::CLIFormatter
;
17 use PVE
::JSONSchema
qw(get_standard_option);
20 use PVE
::Tools
qw(extract_param);
22 use base
qw(PVE::CLIHandler);
24 sub setup_environment
{
25 PVE
::RPCEnvironment-
>setup_default_cli_env();
32 'change_password' => [
33 PVE
::CLIHandler
::get_standard_mapping
('pve-password'),
36 PVE
::CLIHandler
::get_standard_mapping
('pve-password', {
38 # do not accept values given on cmdline
39 return PVE
::PTY
::read_password
('Enter password: ');
45 return $mapping->{$name};
48 my $print_api_result = sub {
49 my ($data, $schema, $options) = @_;
50 PVE
::CLIFormatter
::print_api_result
($data, $schema, undef, $options);
53 my $print_perm_result = sub {
54 my ($data, $schema, $options) = @_;
56 if (!defined($options->{'output-format'}) || $options->{'output-format'} eq 'text') {
62 'path' => { type
=> 'string', title
=> 'ACL path' },
63 'permissions' => { type
=> 'string', title
=> 'Permissions' },
68 foreach my $path (sort keys %$data) {
70 my $curr = $data->{$path};
71 foreach my $perm (sort keys %$curr) {
72 $value .= "\n" if $value;
74 $value .= " (*)" if $curr->{$perm};
76 push @$table_data, { path
=> $path, permissions
=> $value };
78 PVE
::CLIFormatter
::print_api_result
($table_data, $table_schema, undef, $options);
79 print "Permissions marked with '(*)' have the 'propagate' flag set.\n";
81 PVE
::CLIFormatter
::print_api_result
($data, $schema, undef, $options);
85 __PACKAGE__-
>register_method({
86 name
=> 'token_permissions',
87 path
=> 'token_permissions',
89 description
=> 'Retrieve effective permissions of given token.',
91 additionalProperties
=> 0,
93 userid
=> get_standard_option
('userid'),
94 tokenid
=> get_standard_option
('token-subid'),
95 path
=> get_standard_option
('acl-path', {
96 description
=> "Only dump this specific path, not the whole tree.",
103 description
=> 'Hash of structure "path" => "privilege" => "propagate boolean".',
108 my $token_subid = extract_param
($param, "tokenid");
109 $param->{userid
} = PVE
::AccessControl
::join_tokenid
($param->{userid
}, $token_subid);
111 return PVE
::API2
::AccessControl-
>permissions($param);
116 add
=> [ 'PVE::API2::User', 'create_user', ['userid'] ],
117 modify
=> [ 'PVE::API2::User', 'update_user', ['userid'] ],
118 delete => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
119 list
=> [ 'PVE::API2::User', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
120 permissions
=> [ 'PVE::API2::AccessControl', 'permissions', ['userid'], {}, $print_perm_result, $PVE::RESTHandler
::standard_output_options
],
122 delete => [ 'PVE::API2::TFA', 'change_tfa', ['userid'], { action
=> 'delete', key
=> undef, config
=> undef, response
=> undef, }, ],
125 add
=> [ 'PVE::API2::User', 'generate_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
126 modify
=> [ 'PVE::API2::User', 'update_token_info', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
127 remove
=> [ 'PVE::API2::User', 'remove_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
128 list
=> [ 'PVE::API2::User', 'token_index', ['userid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
129 permissions
=> [ __PACKAGE__
, 'token_permissions', ['userid', 'tokenid'], {}, $print_perm_result, $PVE::RESTHandler
::standard_output_options
],
133 add
=> [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
134 modify
=> [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
135 delete => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
136 list
=> [ 'PVE::API2::Group', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
139 add
=> [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
140 modify
=> [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
141 delete => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
142 list
=> [ 'PVE::API2::Role', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
145 modify
=> [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
146 delete => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
147 list
=> [ 'PVE::API2::ACL', 'read_acl', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
150 add
=> [ 'PVE::API2::Domains', 'create', ['realm'] ],
151 modify
=> [ 'PVE::API2::Domains', 'update', ['realm'] ],
152 delete => [ 'PVE::API2::Domains', 'delete', ['realm'] ],
153 list
=> [ 'PVE::API2::Domains', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
154 sync
=> [ 'PVE::API2::Domains', 'sync', ['realm'], ],
157 ticket
=> [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
160 print "$res->{ticket}\n";
163 passwd
=> [ 'PVE::API2::AccessControl', 'change_password', ['userid'] ],
165 useradd
=> { alias
=> 'user add' },
166 usermod
=> { alias
=> 'user modify' },
167 userdel
=> { alias
=> 'user delete' },
169 groupadd
=> { alias
=> 'group add' },
170 groupmod
=> { alias
=> 'group modify' },
171 groupdel
=> { alias
=> 'group delete' },
173 roleadd
=> { alias
=> 'role add' },
174 rolemod
=> { alias
=> 'role modify' },
175 roledel
=> { alias
=> 'role delete' },
177 aclmod
=> { alias
=> 'acl modify' },
178 acldel
=> { alias
=> 'acl delete' },
181 # FIXME: HACK! The pool API is in pve-manager as it needs access to storage guest and RRD stats,
182 # so we only add the pool commands if the API module is available (required for boots-trapping)
185 require PVE
::API2
::Pool
;
186 PVE
::API2
::Pool-
>import();
190 if ($have_pool_api) {
192 add
=> [ 'PVE::API2::Pool', 'create_pool', ['poolid'] ],
193 modify
=> [ 'PVE::API2::Pool', 'update_pool', ['poolid'] ],
194 delete => [ 'PVE::API2::Pool', 'delete_pool', ['poolid'] ],
195 list
=> [ 'PVE::API2::Pool', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],