1 package PVE
::API2
::Firewall
::Groups
;
5 use PVE
::JSONSchema
qw(get_standard_option);
6 use PVE
::Exception
qw(raise raise_param_exc);
9 use PVE
::API2
::Firewall
::Rules
;
12 use base
qw(PVE::RESTHandler);
14 my $get_security_group_list = sub {
15 my ($cluster_conf) = @_;
18 foreach my $group (sort keys %{$cluster_conf->{groups
}}) {
22 if (my $comment = $cluster_conf->{group_comments
}->{$group}) {
23 $data->{comment
} = $comment;
28 my ($list, $digest) = PVE
::Firewall
::copy_list_with_digest
($res);
30 return wantarray ?
($list, $digest) : $list;
33 __PACKAGE__-
>register_method({
34 name
=> 'list_security_groups',
37 description
=> "List security groups.",
38 permissions
=> { user
=> 'all' },
40 additionalProperties
=> 0,
48 group
=> get_standard_option
('pve-security-group-name'),
49 digest
=> get_standard_option
('pve-config-digest', { optional
=> 0} ),
56 links
=> [ { rel
=> 'child', href
=> "{group}" } ],
61 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
63 return &$get_security_group_list($cluster_conf);
66 __PACKAGE__-
>register_method({
67 name
=> 'create_security_group',
70 description
=> "Create new security group.",
73 check
=> ['perm', '/', [ 'Sys.Modify' ]],
76 additionalProperties
=> 0,
78 group
=> get_standard_option
('pve-security-group-name'),
83 rename => get_standard_option
('pve-security-group-name', {
84 description
=> "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group.",
87 digest
=> get_standard_option
('pve-config-digest'),
90 returns
=> { type
=> 'null' },
94 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
96 if ($param->{rename}) {
97 my (undef, $digest) = &$get_security_group_list($cluster_conf);
98 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
100 raise_param_exc
({ group
=> "Security group '$param->{rename}' does not exist" })
101 if !$cluster_conf->{groups
}->{$param->{rename}};
103 # prevent overwriting an existing group
104 raise_param_exc
({ group
=> "Security group '$param->{group}' does already exist" })
105 if $cluster_conf->{groups
}->{$param->{group
}} &&
106 $param->{group
} ne $param->{rename};
108 my $data = delete $cluster_conf->{groups
}->{$param->{rename}};
109 $cluster_conf->{groups
}->{$param->{group
}} = $data;
110 if (my $comment = delete $cluster_conf->{group_comments
}->{$param->{rename}}) {
111 $cluster_conf->{group_comments
}->{$param->{group
}} = $comment;
113 $cluster_conf->{group_comments
}->{$param->{group
}} = $param->{comment
} if defined($param->{comment
});
115 foreach my $name (keys %{$cluster_conf->{groups
}}) {
116 raise_param_exc
({ group
=> "Security group '$name' already exists" })
117 if $name eq $param->{group
};
120 $cluster_conf->{groups
}->{$param->{group
}} = [];
121 $cluster_conf->{group_comments
}->{$param->{group
}} = $param->{comment
} if defined($param->{comment
});
124 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
129 __PACKAGE__-
>register_method ({
130 subclass
=> "PVE::API2::Firewall::GroupRules",