cbbdb7db2509f95a88beba80db697762966c5ff8
1 package PVE
::CLI
::pveum
;
6 use PVE
::AccessControl
;
7 use PVE
::RPCEnvironment
;
12 use PVE
::API2
::AccessControl
;
14 use PVE
::API2
::Domains
;
15 use PVE
::CLIFormatter
;
17 use PVE
::JSONSchema
qw(get_standard_option);
20 use PVE
::Tools
qw(extract_param);
22 use base
qw(PVE::CLIHandler);
24 sub setup_environment
{
25 PVE
::RPCEnvironment-
>setup_default_cli_env();
32 'change_password' => [
33 PVE
::CLIHandler
::get_standard_mapping
('pve-password'),
36 PVE
::CLIHandler
::get_standard_mapping
('pve-password', {
38 # do not accept values given on cmdline
39 return PVE
::PTY
::read_password
('Enter password: ');
45 return $mapping->{$name};
48 my $print_api_result = sub {
49 my ($data, $schema, $options) = @_;
50 PVE
::CLIFormatter
::print_api_result
($data, $schema, undef, $options);
53 my $print_perm_result = sub {
54 my ($data, $schema, $options) = @_;
56 if (!defined($options->{'output-format'}) || $options->{'output-format'} eq 'text') {
62 'path' => { type
=> 'string', title
=> 'ACL path' },
63 'permissions' => { type
=> 'string', title
=> 'Permissions' },
68 foreach my $path (sort keys %$data) {
70 my $curr = $data->{$path};
71 foreach my $perm (sort keys %$curr) {
72 $value .= "\n" if $value;
74 $value .= " (*)" if $curr->{$perm};
76 push @$table_data, { path
=> $path, permissions
=> $value };
78 PVE
::CLIFormatter
::print_api_result
($table_data, $table_schema, undef, $options);
79 print "Permissions marked with '(*)' have the 'propagate' flag set.\n";
81 PVE
::CLIFormatter
::print_api_result
($data, $schema, undef, $options);
85 __PACKAGE__-
>register_method({
86 name
=> 'token_permissions',
87 path
=> 'token_permissions',
89 description
=> 'Retrieve effective permissions of given token.',
91 additionalProperties
=> 0,
93 userid
=> get_standard_option
('userid'),
94 tokenid
=> get_standard_option
('token-subid'),
95 path
=> get_standard_option
('acl-path', {
96 description
=> "Only dump this specific path, not the whole tree.",
103 description
=> 'Hash of structure "path" => "privilege" => "propagate boolean".',
108 my $token_subid = extract_param
($param, "tokenid");
109 $param->{userid
} = PVE
::AccessControl
::join_tokenid
($param->{userid
}, $token_subid);
111 return PVE
::API2
::AccessControl-
>permissions($param);
116 add
=> [ 'PVE::API2::User', 'create_user', ['userid'] ],
117 modify
=> [ 'PVE::API2::User', 'update_user', ['userid'] ],
118 delete => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
119 list
=> [ 'PVE::API2::User', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
120 permissions
=> [ 'PVE::API2::AccessControl', 'permissions', ['userid'], {}, $print_perm_result, $PVE::RESTHandler
::standard_output_options
],
122 delete => [ 'PVE::API2::AccessControl', 'change_tfa', ['userid'], { action
=> 'delete', key
=> undef, config
=> undef, response
=> undef, }, ],
125 add
=> [ 'PVE::API2::User', 'generate_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
126 modify
=> [ 'PVE::API2::User', 'update_token_info', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
127 remove
=> [ 'PVE::API2::User', 'remove_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
128 list
=> [ 'PVE::API2::User', 'token_index', ['userid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
129 permissions
=> [ __PACKAGE__
, 'token_permissions', ['userid', 'tokenid'], {}, $print_perm_result, $PVE::RESTHandler
::standard_output_options
],
133 add
=> [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
134 modify
=> [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
135 delete => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
136 list
=> [ 'PVE::API2::Group', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
139 add
=> [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
140 modify
=> [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
141 delete => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
142 list
=> [ 'PVE::API2::Role', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
145 modify
=> [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
146 delete => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
147 list
=> [ 'PVE::API2::ACL', 'read_acl', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
150 add
=> [ 'PVE::API2::Pool', 'create_pool', ['poolid'] ],
151 modify
=> [ 'PVE::API2::Pool', 'update_pool', ['poolid'] ],
152 delete => [ 'PVE::API2::Pool', 'delete_pool', ['poolid'] ],
153 list
=> [ 'PVE::API2::Pool', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
156 add
=> [ 'PVE::API2::Domains', 'create', ['realm'] ],
157 modify
=> [ 'PVE::API2::Domains', 'update', ['realm'] ],
158 delete => [ 'PVE::API2::Domains', 'delete', ['realm'] ],
159 list
=> [ 'PVE::API2::Domains', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
160 sync
=> [ 'PVE::API2::Domains', 'sync', ['realm'], ],
163 ticket
=> [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
166 print "$res->{ticket}\n";
169 passwd
=> [ 'PVE::API2::AccessControl', 'change_password', ['userid'] ],
171 useradd
=> { alias
=> 'user add' },
172 usermod
=> { alias
=> 'user modify' },
173 userdel
=> { alias
=> 'user delete' },
175 groupadd
=> { alias
=> 'group add' },
176 groupmod
=> { alias
=> 'group modify' },
177 groupdel
=> { alias
=> 'group delete' },
179 roleadd
=> { alias
=> 'role add' },
180 rolemod
=> { alias
=> 'role modify' },
181 roledel
=> { alias
=> 'role delete' },
183 aclmod
=> { alias
=> 'acl modify' },
184 acldel
=> { alias
=> 'acl delete' },