1 package PVE
::API2
::Firewall
::Groups
;
5 use PVE
::JSONSchema
qw(get_standard_option);
6 use PVE
::Exception
qw(raise raise_param_exc);
9 use PVE
::API2
::Firewall
::Rules
;
11 use Data
::Dumper
; # fixme: remove
13 use base
qw(PVE::RESTHandler);
15 __PACKAGE__-
>register_method({
16 name
=> 'list_security_groups',
19 description
=> "List security groups.",
21 additionalProperties
=> 0,
28 name
=> get_standard_option
('pve-security-group-name'),
29 digest
=> get_standard_option
('pve-config-digest', { optional
=> 0} ),
36 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
41 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
43 my $digest = $cluster_conf->{digest
};
46 foreach my $group (keys %{$cluster_conf->{groups
}}) {
50 count
=> scalar(@{$cluster_conf->{groups
}->{$group}})
52 if (my $comment = $cluster_conf->{group_comments
}->{$group}) {
53 $data->{comment
} = $comment;
61 __PACKAGE__-
>register_method({
62 name
=> 'create_security_group',
65 description
=> "Create new security group.",
68 additionalProperties
=> 0,
70 name
=> get_standard_option
('pve-security-group-name'),
75 rename => get_standard_option
('pve-security-group-name', {
76 description
=> "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group.",
79 digest
=> get_standard_option
('pve-config-digest'),
82 returns
=> { type
=> 'null' },
86 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
88 my $digest = $cluster_conf->{digest
};
90 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
92 foreach my $name (keys %{$cluster_conf->{groups
}}) {
93 raise_param_exc
({ name
=> "Security group '$name' already exists" })
94 if !$param->{rename} && $name eq $param->{name
};
97 if ($param->{rename}) {
98 raise_param_exc
({ name
=> "Security group '$param->{rename}' does not exists" })
99 if !$cluster_conf->{groups
}->{$param->{rename}};
100 my $data = delete $cluster_conf->{groups
}->{$param->{rename}};
101 $cluster_conf->{groups
}->{$param->{name
}} = $data;
102 if (my $comment = delete $cluster_conf->{group_comments
}->{$param->{rename}}) {
103 $cluster_conf->{group_comments
}->{$param->{name
}} = $comment;
105 $cluster_conf->{group_comments
}->{$param->{name
}} = $param->{comment
} if defined($param->{comment
});
107 $cluster_conf->{groups
}->{$param->{name
}} = [];
108 $cluster_conf->{group_comments
}->{$param->{name
}} = $param->{comment
} if defined($param->{comment
});
111 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
116 __PACKAGE__-
>register_method({
117 name
=> 'delete_security_group',
120 description
=> "Delete security group.",
123 additionalProperties
=> 0,
125 name
=> get_standard_option
('pve-security-group-name'),
126 digest
=> get_standard_option
('pve-config-digest'),
129 returns
=> { type
=> 'null' },
133 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
135 PVE
::Tools
::assert_if_modified
($cluster_conf->{digest
}, $param->{digest
});
137 return undef if !$cluster_conf->{groups
}->{$param->{name
}};
139 die "Security group '$param->{name}' is not empty\n"
140 if scalar(@{$cluster_conf->{groups
}->{$param->{name
}}});
142 delete $cluster_conf->{groups
}->{$param->{name
}};
144 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
149 __PACKAGE__-
>register_method ({
150 subclass
=> "PVE::API2::Firewall::GroupRules",