src/PVE/API2/Firewall/Groups.pm

   1 package PVE::API2::Firewall::Groups;
   2
   3 use strict;
   4 use warnings;
   5 use PVE::JSONSchema qw(get_standard_option);
   6 use PVE::Exception qw(raise raise_param_exc);
   7
   8 use PVE::Firewall;
   9 use PVE::API2::Firewall::Rules;
  10
  11 use Data::Dumper; # fixme: remove
  12
  13 use base qw(PVE::RESTHandler);
  14
  15 __PACKAGE__->register_method({
  16     name => 'list_security_groups',
  17     path => '',
  18     method => 'GET',
  19     description => "List security groups.",
  20     parameters => {
  21         additionalProperties => 0,
  22     },
  23     returns => {
  24         type => 'array',
  25         items => {
  26             type => "object",
  27             properties => {
  28                 name => get_standard_option('pve-security-group-name'),
  29                 digest => get_standard_option('pve-config-digest', { optional => 0} ),
  30                 comment => {
  31                     type => 'string',
  32                     optional => 1,
  33                 }
  34             },
  35         },
  36         links => [ { rel => 'child', href => "{name}" } ],
  37     },
  38     code => sub {
  39         my ($param) = @_;
  40
  41         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  42
  43         my $digest = $cluster_conf->{digest};
  44
  45         my $res = [];
  46         foreach my $group (keys %{$cluster_conf->{groups}}) {
  47             my $data = {
  48                 name => $group,
  49                 digest => $digest,
  50                 count => scalar(@{$cluster_conf->{groups}->{$group}})
  51             };
  52             if (my $comment = $cluster_conf->{group_comments}->{$group}) {
  53                 $data->{comment} = $comment;
  54             }
  55             push @$res, $data;
  56         }
  57
  58         return $res;
  59     }});
  60
  61 __PACKAGE__->register_method({
  62     name => 'create_security_group',
  63     path => '',
  64     method => 'POST',
  65     description => "Create new security group.",
  66     protected => 1,
  67     parameters => {
  68         additionalProperties => 0,
  69         properties => {
  70             name => get_standard_option('pve-security-group-name'),
  71             comment => {
  72                 type => 'string',
  73                 optional => 1,
  74             },
  75             rename => get_standard_option('pve-security-group-name', {
  76                 description => "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group.",
  77                 optional => 1,
  78             }),
  79             digest => get_standard_option('pve-config-digest'),
  80         },
  81     },
  82     returns => { type => 'null' },
  83     code => sub {
  84         my ($param) = @_;
  85
  86         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
  87
  88         my $digest = $cluster_conf->{digest};
  89
  90         PVE::Tools::assert_if_modified($digest, $param->{digest});
  91
  92         if (!$param->{rename}) {
  93             foreach my $name (keys %{$cluster_conf->{groups}}) {
  94                 raise_param_exc({ name => "Security group '$name' already exists" })
  95                     if $name eq $param->{name};
  96             }
  97         }
  98
  99         if ($param->{rename}) {
 100             raise_param_exc({ name => "Security group '$param->{rename}' does not exists" })
 101                 if !$cluster_conf->{groups}->{$param->{rename}};
 102             my $data = delete $cluster_conf->{groups}->{$param->{rename}};
 103             $cluster_conf->{groups}->{$param->{name}} = $data;
 104             if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {
 105                 $cluster_conf->{group_comments}->{$param->{name}} = $comment;
 106             }
 107             $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
 108         } else {
 109             $cluster_conf->{groups}->{$param->{name}} = [];
 110             $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
 111         }
 112
 113         PVE::Firewall::save_clusterfw_conf($cluster_conf);
 114
 115         return undef;
 116     }});
 117
 118 __PACKAGE__->register_method({
 119     name => 'delete_security_group',
 120     path => '{name}',
 121     method => 'DELETE',
 122     description => "Delete security group.",
 123     protected => 1,
 124     parameters => {
 125         additionalProperties => 0,
 126         properties => {
 127             name => get_standard_option('pve-security-group-name'),
 128             digest => get_standard_option('pve-config-digest'),
 129         },
 130     },
 131     returns => { type => 'null' },
 132     code => sub {
 133         my ($param) = @_;
 134
 135         my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
 136
 137         PVE::Tools::assert_if_modified($cluster_conf->{digest}, $param->{digest});
 138
 139         return undef if !$cluster_conf->{groups}->{$param->{name}};
 140
 141         die "Security group '$param->{name}' is not empty\n"
 142             if scalar(@{$cluster_conf->{groups}->{$param->{name}}});
 143
 144         delete $cluster_conf->{groups}->{$param->{name}};
 145
 146         PVE::Firewall::save_clusterfw_conf($cluster_conf);
 147
 148         return undef;
 149     }});
 150
 151 __PACKAGE__->register_method ({
 152     subclass => "PVE::API2::Firewall::GroupRules",
 153     path => '{group}',
 154 });
 155
 156 1;