1 package PVE
::API2
::Firewall
::Groups
;
5 use PVE
::JSONSchema
qw(get_standard_option);
6 use PVE
::Exception
qw(raise raise_param_exc);
9 use PVE
::API2
::Firewall
::Rules
;
11 use Data
::Dumper
; # fixme: remove
13 use base
qw(PVE::RESTHandler);
15 my $get_security_group_list = sub {
16 my ($cluster_conf) = @_;
19 foreach my $group (sort keys %{$cluster_conf->{groups
}}) {
23 if (my $comment = $cluster_conf->{group_comments
}->{$group}) {
24 $data->{comment
} = $comment;
29 my ($list, $digest) = PVE
::Firewall
::copy_list_with_digest
($res);
31 return wantarray ?
($list, $digest) : $list;
34 __PACKAGE__-
>register_method({
35 name
=> 'list_security_groups',
38 description
=> "List security groups.",
39 permissions
=> { user
=> 'all' },
41 additionalProperties
=> 0,
49 group
=> get_standard_option
('pve-security-group-name'),
50 digest
=> get_standard_option
('pve-config-digest', { optional
=> 0} ),
57 links
=> [ { rel
=> 'child', href
=> "{group}" } ],
62 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
64 return &$get_security_group_list($cluster_conf);
67 __PACKAGE__-
>register_method({
68 name
=> 'create_security_group',
71 description
=> "Create new security group.",
74 check
=> ['perm', '/', [ 'Sys.Modify' ]],
77 additionalProperties
=> 0,
79 group
=> get_standard_option
('pve-security-group-name'),
84 rename => get_standard_option
('pve-security-group-name', {
85 description
=> "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group.",
88 digest
=> get_standard_option
('pve-config-digest'),
91 returns
=> { type
=> 'null' },
95 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
97 if ($param->{rename}) {
98 my (undef, $digest) = &$get_security_group_list($cluster_conf);
99 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
101 raise_param_exc
({ group
=> "Security group '$param->{rename}' does not exists" })
102 if !$cluster_conf->{groups
}->{$param->{rename}};
104 my $data = delete $cluster_conf->{groups
}->{$param->{rename}};
105 $cluster_conf->{groups
}->{$param->{group
}} = $data;
106 if (my $comment = delete $cluster_conf->{group_comments
}->{$param->{rename}}) {
107 $cluster_conf->{group_comments
}->{$param->{group
}} = $comment;
109 $cluster_conf->{group_comments
}->{$param->{group
}} = $param->{comment
} if defined($param->{comment
});
111 foreach my $name (keys %{$cluster_conf->{groups
}}) {
112 raise_param_exc
({ group
=> "Security group '$name' already exists" })
113 if $name eq $param->{group
};
116 $cluster_conf->{groups
}->{$param->{group
}} = [];
117 $cluster_conf->{group_comments
}->{$param->{group
}} = $param->{comment
} if defined($param->{comment
});
120 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
125 __PACKAGE__-
>register_method ({
126 subclass
=> "PVE::API2::Firewall::GroupRules",