my $res = [];
foreach my $group (keys %{$cluster_conf->{groups}}) {
my $data = {
- name => $group,
+ group => $group,
};
if (my $comment = $cluster_conf->{group_comments}->{$group}) {
$data->{comment} = $comment;
path => '',
method => 'GET',
description => "List security groups.",
+ permissions => { user => 'all' },
parameters => {
additionalProperties => 0,
+ properties => {},
},
returns => {
type => 'array',
items => {
type => "object",
properties => {
- name => get_standard_option('pve-security-group-name'),
+ group => get_standard_option('pve-security-group-name'),
digest => get_standard_option('pve-config-digest', { optional => 0} ),
comment => {
type => 'string',
}
},
},
- links => [ { rel => 'child', href => "{name}" } ],
+ links => [ { rel => 'child', href => "{group}" } ],
},
code => sub {
my ($param) = @_;
method => 'POST',
description => "Create new security group.",
protected => 1,
+ permissions => {
+ check => ['perm', '/', [ 'Sys.Modify' ]],
+ },
parameters => {
additionalProperties => 0,
properties => {
- name => get_standard_option('pve-security-group-name'),
+ group => get_standard_option('pve-security-group-name'),
comment => {
type => 'string',
optional => 1,
my (undef, $digest) = &$get_security_group_list($cluster_conf);
PVE::Tools::assert_if_modified($digest, $param->{digest});
- raise_param_exc({ name => "Security group '$param->{rename}' does not exists" })
+ raise_param_exc({ group => "Security group '$param->{rename}' does not exists" })
if !$cluster_conf->{groups}->{$param->{rename}};
my $data = delete $cluster_conf->{groups}->{$param->{rename}};
- $cluster_conf->{groups}->{$param->{name}} = $data;
+ $cluster_conf->{groups}->{$param->{group}} = $data;
if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {
- $cluster_conf->{group_comments}->{$param->{name}} = $comment;
+ $cluster_conf->{group_comments}->{$param->{group}} = $comment;
}
- $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ $cluster_conf->{group_comments}->{$param->{group}} = $param->{comment} if defined($param->{comment});
} else {
foreach my $name (keys %{$cluster_conf->{groups}}) {
- raise_param_exc({ name => "Security group '$name' already exists" })
- if $name eq $param->{name};
+ raise_param_exc({ group => "Security group '$name' already exists" })
+ if $name eq $param->{group};
}
- $cluster_conf->{groups}->{$param->{name}} = [];
- $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ $cluster_conf->{groups}->{$param->{group}} = [];
+ $cluster_conf->{group_comments}->{$param->{group}} = $param->{comment} if defined($param->{comment});
}
PVE::Firewall::save_clusterfw_conf($cluster_conf);
return undef;
}});
-__PACKAGE__->register_method({
- name => 'delete_security_group',
- path => '{name}',
- method => 'DELETE',
- description => "Delete security group.",
- protected => 1,
- parameters => {
- additionalProperties => 0,
- properties => {
- name => get_standard_option('pve-security-group-name'),
- digest => get_standard_option('pve-config-digest'),
- },
- },
- returns => { type => 'null' },
- code => sub {
- my ($param) = @_;
-
- my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
-
- return undef if !$cluster_conf->{groups}->{$param->{name}};
-
- my (undef, $digest) = &$get_security_group_list($cluster_conf);
- PVE::Tools::assert_if_modified($digest, $param->{digest});
-
- die "Security group '$param->{name}' is not empty\n"
- if scalar(@{$cluster_conf->{groups}->{$param->{name}}});
-
- delete $cluster_conf->{groups}->{$param->{name}};
-
- PVE::Firewall::save_clusterfw_conf($cluster_conf);
-
- return undef;
- }});
-
__PACKAGE__->register_method ({
subclass => "PVE::API2::Firewall::GroupRules",
path => '{group}',