src/PVE/API2/Firewall/Groups.pm

   1 package PVE::API2::Firewall::Groups;
   2
   3 use strict;
   4 use warnings;
   5 use PVE::JSONSchema qw(get_standard_option);
   6 use PVE::Exception qw(raise raise_param_exc);
   7
   8 use PVE::Firewall;
   9 use PVE::API2::Firewall::Rules;
  10
  11 use Data::Dumper; # fixme: remove
  12
  13 use base qw(PVE::RESTHandler);
  14
  15 my $get_security_group_list = sub {
  16     my ($cluster_conf) = @_;
  17
  18     my $res = [];
  19     foreach my $group (keys %{$cluster_conf->{groups}}) {
  20         my $data = {
  21             group => $group,
  22         };
  23         if (my $comment = $cluster_conf->{group_comments}->{$group}) {
  24             $data->{comment} = $comment;
  25         }
  26         push @$res, $data;
  27     }
  28
  29     my ($list, $digest) = PVE::Firewall::copy_list_with_digest($res);
  30
  31     return wantarray ? ($list, $digest) : $list;
  32 };
  33
  34 __PACKAGE__->register_method({
  35     name => 'list_security_groups',
  36     path => '',
  37     method => 'GET',
  38     description => "List security groups.",
  39     parameters => {
  40         additionalProperties => 0,
  41     },
  42     returns => {
  43         type => 'array',
  44         items => {
  45             type => "object",
  46             properties => {
  47                 group => get_standard_option('pve-security-group-name'),
  48                 digest => get_standard_option('pve-config-digest', { optional => 0} ),
  49                 comment => {
  50                     type => 'string',
  51                     optional => 1,
  52                 }
  53             },
  54         },
  55         links => [ { rel => 'child', href => "{group}" } ],
  56     },
  57     code => sub {
  58         my ($param) = @_;
  59
  60         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  61
  62         return &$get_security_group_list($cluster_conf);
  63     }});
  64
  65 __PACKAGE__->register_method({
  66     name => 'create_security_group',
  67     path => '',
  68     method => 'POST',
  69     description => "Create new security group.",
  70     protected => 1,
  71     parameters => {
  72         additionalProperties => 0,
  73         properties => {
  74             group => get_standard_option('pve-security-group-name'),
  75             comment => {
  76                 type => 'string',
  77                 optional => 1,
  78             },
  79             rename => get_standard_option('pve-security-group-name', {
  80                 description => "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group.",
  81                 optional => 1,
  82             }),
  83             digest => get_standard_option('pve-config-digest'),
  84         },
  85     },
  86     returns => { type => 'null' },
  87     code => sub {
  88         my ($param) = @_;
  89
  90         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  91
  92         if ($param->{rename}) {
  93             my (undef, $digest) = &$get_security_group_list($cluster_conf);
  94             PVE::Tools::assert_if_modified($digest, $param->{digest});
  95
  96             raise_param_exc({ group => "Security group '$param->{rename}' does not exists" })
  97                 if !$cluster_conf->{groups}->{$param->{rename}};
  98
  99             my $data = delete $cluster_conf->{groups}->{$param->{rename}};
 100             $cluster_conf->{groups}->{$param->{group}} = $data;
 101             if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {
 102                 $cluster_conf->{group_comments}->{$param->{group}} = $comment;
 103             }
 104             $cluster_conf->{group_comments}->{$param->{group}} = $param->{comment} if defined($param->{comment});
 105         } else {
 106             foreach my $name (keys %{$cluster_conf->{groups}}) {
 107                 raise_param_exc({ group => "Security group '$name' already exists" })
 108                     if $name eq $param->{group};
 109             }
 110
 111             $cluster_conf->{groups}->{$param->{group}} = [];
 112             $cluster_conf->{group_comments}->{$param->{group}} = $param->{comment} if defined($param->{comment});
 113         }
 114
 115         PVE::Firewall::save_clusterfw_conf($cluster_conf);
 116
 117         return undef;
 118     }});
 119
 120 __PACKAGE__->register_method({
 121     name => 'delete_security_group',
 122     path => '{group}',
 123     method => 'DELETE',
 124     description => "Delete security group.",
 125     protected => 1,
 126     parameters => {
 127         additionalProperties => 0,
 128         properties => {
 129             group => get_standard_option('pve-security-group-name'),
 130             digest => get_standard_option('pve-config-digest'),
 131         },
 132     },
 133     returns => { type => 'null' },
 134     code => sub {
 135         my ($param) = @_;
 136
 137         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
 138
 139         return undef if !$cluster_conf->{groups}->{$param->{group}};
 140
 141         my (undef, $digest) = &$get_security_group_list($cluster_conf);
 142         PVE::Tools::assert_if_modified($digest, $param->{digest});
 143
 144         die "Security group '$param->{group}' is not empty\n"
 145             if scalar(@{$cluster_conf->{groups}->{$param->{group}}});
 146
 147         delete $cluster_conf->{groups}->{$param->{group}};
 148
 149         PVE::Firewall::save_clusterfw_conf($cluster_conf);
 150
 151         return undef;
 152     }});
 153
 154 __PACKAGE__->register_method ({
 155     subclass => "PVE::API2::Firewall::GroupRules",
 156     path => '{group}',
 157 });
 158
 159 1;