cleanup firewall service implementation
[pve-firewall.git] / src / PVE / API2 / Firewall / Groups.pm
CommitLineData
8f119284
DM
1package PVE::API2::Firewall::Groups;
2
3use strict;
4use warnings;
5use PVE::JSONSchema qw(get_standard_option);
0d22acb3 6use PVE::Exception qw(raise raise_param_exc);
8f119284
DM
7
8use PVE::Firewall;
86791289 9use PVE::API2::Firewall::Rules;
8f119284
DM
10
11use Data::Dumper; # fixme: remove
12
13use base qw(PVE::RESTHandler);
14
5d38d64f
DM
15my $get_security_group_list = sub {
16 my ($cluster_conf) = @_;
17
18 my $res = [];
19 foreach my $group (keys %{$cluster_conf->{groups}}) {
20 my $data = {
9e553e57 21 group => $group,
5d38d64f
DM
22 };
23 if (my $comment = $cluster_conf->{group_comments}->{$group}) {
24 $data->{comment} = $comment;
25 }
26 push @$res, $data;
27 }
28
29 my ($list, $digest) = PVE::Firewall::copy_list_with_digest($res);
30
31 return wantarray ? ($list, $digest) : $list;
32};
33
8f119284 34__PACKAGE__->register_method({
9567aa91 35 name => 'list_security_groups',
8f119284
DM
36 path => '',
37 method => 'GET',
38 description => "List security groups.",
8f119284
DM
39 parameters => {
40 additionalProperties => 0,
e2beb7aa 41 properties => {},
8f119284
DM
42 },
43 returns => {
44 type => 'array',
45 items => {
46 type => "object",
d1c53b3e 47 properties => {
9e553e57 48 group => get_standard_option('pve-security-group-name'),
2ba5e893 49 digest => get_standard_option('pve-config-digest', { optional => 0} ),
0d22acb3
DM
50 comment => {
51 type => 'string',
52 optional => 1,
53 }
d1c53b3e 54 },
8f119284 55 },
9e553e57 56 links => [ { rel => 'child', href => "{group}" } ],
8f119284
DM
57 },
58 code => sub {
59 my ($param) = @_;
60
fca39c2c 61 my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
8f119284 62
5d38d64f 63 return &$get_security_group_list($cluster_conf);
d1c53b3e
DM
64 }});
65
9567aa91
DM
66__PACKAGE__->register_method({
67 name => 'create_security_group',
68 path => '',
69 method => 'POST',
70 description => "Create new security group.",
71 protected => 1,
72 parameters => {
73 additionalProperties => 0,
74 properties => {
9e553e57 75 group => get_standard_option('pve-security-group-name'),
0d22acb3
DM
76 comment => {
77 type => 'string',
78 optional => 1,
79 },
9567aa91 80 rename => get_standard_option('pve-security-group-name', {
0d22acb3 81 description => "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group.",
9567aa91
DM
82 optional => 1,
83 }),
2ba5e893 84 digest => get_standard_option('pve-config-digest'),
9567aa91
DM
85 },
86 },
87 returns => { type => 'null' },
88 code => sub {
89 my ($param) = @_;
90
91 my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
92
9567aa91 93 if ($param->{rename}) {
5d38d64f
DM
94 my (undef, $digest) = &$get_security_group_list($cluster_conf);
95 PVE::Tools::assert_if_modified($digest, $param->{digest});
96
9e553e57 97 raise_param_exc({ group => "Security group '$param->{rename}' does not exists" })
9567aa91 98 if !$cluster_conf->{groups}->{$param->{rename}};
5d38d64f 99
9567aa91 100 my $data = delete $cluster_conf->{groups}->{$param->{rename}};
9e553e57 101 $cluster_conf->{groups}->{$param->{group}} = $data;
0d22acb3 102 if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {
9e553e57 103 $cluster_conf->{group_comments}->{$param->{group}} = $comment;
0d22acb3 104 }
9e553e57 105 $cluster_conf->{group_comments}->{$param->{group}} = $param->{comment} if defined($param->{comment});
9567aa91 106 } else {
5d38d64f 107 foreach my $name (keys %{$cluster_conf->{groups}}) {
9e553e57
DM
108 raise_param_exc({ group => "Security group '$name' already exists" })
109 if $name eq $param->{group};
5d38d64f
DM
110 }
111
9e553e57
DM
112 $cluster_conf->{groups}->{$param->{group}} = [];
113 $cluster_conf->{group_comments}->{$param->{group}} = $param->{comment} if defined($param->{comment});
9567aa91
DM
114 }
115
116 PVE::Firewall::save_clusterfw_conf($cluster_conf);
117
118 return undef;
119 }});
120
9567aa91
DM
121__PACKAGE__->register_method({
122 name => 'delete_security_group',
9e553e57 123 path => '{group}',
9567aa91
DM
124 method => 'DELETE',
125 description => "Delete security group.",
126 protected => 1,
127 parameters => {
128 additionalProperties => 0,
129 properties => {
9e553e57 130 group => get_standard_option('pve-security-group-name'),
2ba5e893 131 digest => get_standard_option('pve-config-digest'),
d72c631c 132 },
9567aa91
DM
133 },
134 returns => { type => 'null' },
135 code => sub {
136 my ($param) = @_;
137
138 my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
139
9e553e57 140 return undef if !$cluster_conf->{groups}->{$param->{group}};
9567aa91 141
5d38d64f
DM
142 my (undef, $digest) = &$get_security_group_list($cluster_conf);
143 PVE::Tools::assert_if_modified($digest, $param->{digest});
144
9e553e57
DM
145 die "Security group '$param->{group}' is not empty\n"
146 if scalar(@{$cluster_conf->{groups}->{$param->{group}}});
9567aa91 147
9e553e57 148 delete $cluster_conf->{groups}->{$param->{group}};
9567aa91
DM
149
150 PVE::Firewall::save_clusterfw_conf($cluster_conf);
151
152 return undef;
153 }});
387d0ffc 154
86791289
DM
155__PACKAGE__->register_method ({
156 subclass => "PVE::API2::Firewall::GroupRules",
d1c53b3e 157 path => '{group}',
86791289 158});
9c7e0858 159
8f119284 1601;