]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Groups.pm
1 package PVE
:: API2
:: Firewall
:: Groups
;
5 use PVE
:: JSONSchema
qw(get_standard_option) ;
6 use PVE
:: Exception
qw(raise raise_param_exc) ;
9 use PVE
:: API2
:: Firewall
:: Rules
;
11 use Data
:: Dumper
; # fixme: remove
13 use base
qw(PVE::RESTHandler) ;
15 my $get_security_group_list = sub {
16 my ( $cluster_conf ) = @_ ;
19 foreach my $group ( keys %{ $cluster_conf ->{ groups
}}) {
23 if ( my $comment = $cluster_conf ->{ group_comments
}->{ $group }) {
24 $data ->{ comment
} = $comment ;
29 my ( $list, $digest ) = PVE
:: Firewall
:: copy_list_with_digest
( $res );
31 return wantarray ?
( $list, $digest ) : $list ;
34 __PACKAGE__-
> register_method ({
35 name
=> 'list_security_groups' ,
38 description
=> "List security groups." ,
40 additionalProperties
=> 0 ,
47 group
=> get_standard_option
( 'pve-security-group-name' ),
48 digest
=> get_standard_option
( 'pve-config-digest' , { optional
=> 0 } ),
55 links
=> [ { rel
=> 'child' , href
=> "{group}" } ],
60 my $cluster_conf = PVE
:: Firewall
:: load_clusterfw_conf
();
62 return & $get_security_group_list ( $cluster_conf );
65 __PACKAGE__-
> register_method ({
66 name
=> 'create_security_group' ,
69 description
=> "Create new security group." ,
72 additionalProperties
=> 0 ,
74 group
=> get_standard_option
( 'pve-security-group-name' ),
79 rename => get_standard_option
( 'pve-security-group-name' , {
80 description
=> "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group." ,
83 digest
=> get_standard_option
( 'pve-config-digest' ),
86 returns
=> { type
=> 'null' },
90 my $cluster_conf = PVE
:: Firewall
:: load_clusterfw_conf
();
92 if ( $param ->{ rename }) {
93 my ( undef , $digest ) = & $get_security_group_list ( $cluster_conf );
94 PVE
:: Tools
:: assert_if_modified
( $digest, $param ->{ digest
});
96 raise_param_exc
({ group
=> "Security group ' $param ->{rename}' does not exists" })
97 if ! $cluster_conf ->{ groups
}->{ $param ->{ rename }};
99 my $data = delete $cluster_conf ->{ groups
}->{ $param ->{ rename }};
100 $cluster_conf ->{ groups
}->{ $param ->{ group
}} = $data ;
101 if ( my $comment = delete $cluster_conf ->{ group_comments
}->{ $param ->{ rename }}) {
102 $cluster_conf ->{ group_comments
}->{ $param ->{ group
}} = $comment ;
104 $cluster_conf ->{ group_comments
}->{ $param ->{ group
}} = $param ->{ comment
} if defined ( $param ->{ comment
});
106 foreach my $name ( keys %{ $cluster_conf ->{ groups
}}) {
107 raise_param_exc
({ group
=> "Security group ' $name ' already exists" })
108 if $name eq $param ->{ group
};
111 $cluster_conf ->{ groups
}->{ $param ->{ group
}} = [];
112 $cluster_conf ->{ group_comments
}->{ $param ->{ group
}} = $param ->{ comment
} if defined ( $param ->{ comment
});
115 PVE
:: Firewall
:: save_clusterfw_conf
( $cluster_conf );
120 __PACKAGE__-
> register_method ({
121 name
=> 'delete_security_group' ,
124 description
=> "Delete security group." ,
127 additionalProperties
=> 0 ,
129 group
=> get_standard_option
( 'pve-security-group-name' ),
130 digest
=> get_standard_option
( 'pve-config-digest' ),
133 returns
=> { type
=> 'null' },
137 my $cluster_conf = PVE
:: Firewall
:: load_clusterfw_conf
();
139 return undef if ! $cluster_conf ->{ groups
}->{ $param ->{ group
}};
141 my ( undef , $digest ) = & $get_security_group_list ( $cluster_conf );
142 PVE
:: Tools
:: assert_if_modified
( $digest, $param ->{ digest
});
144 die "Security group ' $param ->{group}' is not empty \n "
145 if scalar (@{ $cluster_conf ->{ groups
}->{ $param ->{ group
}}});
147 delete $cluster_conf ->{ groups
}->{ $param ->{ group
}};
149 PVE
:: Firewall
:: save_clusterfw_conf
( $cluster_conf );
154 __PACKAGE__-
> register_method ({
155 subclass
=> "PVE::API2::Firewall::GroupRules" ,