src/PVE/API2/Firewall/Groups.pm

   1 package PVE::API2::Firewall::Groups;
   2
   3 use strict;
   4 use warnings;
   5 use PVE::JSONSchema qw(get_standard_option);
   6
   7 use PVE::Firewall;
   8 use PVE::API2::Firewall::Rules;
   9
  10 use Data::Dumper; # fixme: remove
  11
  12 use base qw(PVE::RESTHandler);
  13
  14 __PACKAGE__->register_method({
  15     name => 'list_security_groups',
  16     path => '',
  17     method => 'GET',
  18     description => "List security groups.",
  19     parameters => {
  20         additionalProperties => 0,
  21     },
  22     returns => {
  23         type => 'array',
  24         items => {
  25             type => "object",
  26             properties => {
  27                 name => get_standard_option('pve-security-group-name'),
  28             },
  29         },
  30         links => [ { rel => 'child', href => "{name}" } ],
  31     },
  32     code => sub {
  33         my ($param) = @_;
  34
  35         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  36
  37         my $res = [];
  38         foreach my $group (keys %{$cluster_conf->{groups}}) {
  39             push @$res, { name => $group, count => scalar(@{$cluster_conf->{groups}->{$group}}) };
  40         }
  41
  42         return $res;
  43     }});
  44
  45 __PACKAGE__->register_method({
  46     name => 'create_security_group',
  47     path => '',
  48     method => 'POST',
  49     description => "Create new security group.",
  50     protected => 1,
  51     parameters => {
  52         additionalProperties => 0,
  53         properties => {
  54             name => get_standard_option('pve-security-group-name'),
  55             rename => get_standard_option('pve-security-group-name', {
  56                 description => "Rename an existing security group.",
  57                 optional => 1,
  58             }),
  59         },
  60     },
  61     returns => { type => 'null' },
  62     code => sub {
  63         my ($param) = @_;
  64
  65         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  66
  67         foreach my $name (keys %{$cluster_conf->{groups}}) {
  68             raise_param_exc({ name => "Security group '$name' already exists" })
  69                 if $name eq $param->{name};
  70         }
  71
  72         if ($param->{rename}) {
  73             raise_param_exc({ name => "Security group '$param->{rename}' does not exists" })
  74                 if !$cluster_conf->{groups}->{$param->{rename}};
  75             my $data = delete $cluster_conf->{groups}->{$param->{rename}};
  76             $cluster_conf->{groups}->{$param->{name}} = $data;
  77         } else {
  78             $cluster_conf->{groups}->{$param->{name}} = [];
  79         }
  80
  81         PVE::Firewall::save_clusterfw_conf($cluster_conf);
  82
  83         return undef;
  84     }});
  85
  86
  87 __PACKAGE__->register_method({
  88     name => 'delete_security_group',
  89     path => '{name}',
  90     method => 'DELETE',
  91     description => "Delete security group.",
  92     protected => 1,
  93     parameters => {
  94         additionalProperties => 0,
  95         properties => {
  96             name => get_standard_option('pve-security-group-name'),
  97         }
  98     },
  99     returns => { type => 'null' },
 100     code => sub {
 101         my ($param) = @_;
 102
 103         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
 104
 105         return undef if !$cluster_conf->{groups}->{$param->{name}};
 106
 107         die "Security group '$param->{name}' is not empty\n"
 108             if scalar(@{$cluster_conf->{groups}->{$param->{name}}});
 109
 110         delete $cluster_conf->{groups}->{$param->{name}};
 111
 112         PVE::Firewall::save_clusterfw_conf($cluster_conf);
 113
 114         return undef;
 115     }});
 116
 117 __PACKAGE__->register_method ({
 118     subclass => "PVE::API2::Firewall::GroupRules",
 119     path => '{group}',
 120 });
 121
 122 1;