From 9567aa9160afb99986c37be328cf1a886b005649 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 9 Apr 2014 08:53:58 +0200
Subject: [PATCH] complete security group API

---
 src/PVE/API2/Firewall/Groups.pm | 73 ++++++++++++++++++++++++++++++++-
 1 file changed, 72 insertions(+), 1 deletion(-)

diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index 23b33ef..0a6126a 100644
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -12,7 +12,7 @@ use Data::Dumper; # fixme: remove
 use base qw(PVE::RESTHandler);
 
 __PACKAGE__->register_method({
-    name => 'list',
+    name => 'list_security_groups',
     path => '',
     method => 'GET',
     description => "List security groups.",
@@ -42,6 +42,77 @@ __PACKAGE__->register_method({
 	return $res;
     }});
 
+__PACKAGE__->register_method({
+    name => 'create_security_group',
+    path => '',
+    method => 'POST',
+    description => "Create new security group.",
+    protected => 1,
+    parameters => {
+	additionalProperties => 0,
+	properties => { 
+	    name => get_standard_option('pve-security-group-name'),
+	    rename => get_standard_option('pve-security-group-name', {
+		description => "Rename an existing security group.",
+		optional => 1,
+	    }),
+	},
+    },
+    returns => { type => 'null' },
+    code => sub {
+	my ($param) = @_;
+
+	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+
+	foreach my $name (keys %{$cluster_conf->{groups}}) {
+	    raise_param_exc({ name => "Security group '$name' already exists" }) 
+		if $name eq $param->{name};
+	}
+
+	if ($param->{rename}) {
+	    raise_param_exc({ name => "Security group '$param->{rename}' does not exists" }) 
+		if !$cluster_conf->{groups}->{$param->{rename}};
+	    my $data = delete $cluster_conf->{groups}->{$param->{rename}};
+	    $cluster_conf->{groups}->{$param->{name}} = $data;
+	} else {
+	    $cluster_conf->{groups}->{$param->{name}} = [];
+	}
+
+	PVE::Firewall::save_clusterfw_conf($cluster_conf);
+	
+	return undef;
+    }});
+
+
+__PACKAGE__->register_method({
+    name => 'delete_security_group',
+    path => '{name}',
+    method => 'DELETE',
+    description => "Delete security group.",
+    protected => 1,
+    parameters => {
+	additionalProperties => 0,
+	properties => { 
+	    name => get_standard_option('pve-security-group-name'),
+	}
+    },
+    returns => { type => 'null' },
+    code => sub {
+	my ($param) = @_;
+	    
+	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+
+	return undef if !$cluster_conf->{groups}->{$param->{name}};
+
+	die "Security group '$param->{name}' is not empty\n" 
+	    if scalar(@{$cluster_conf->{groups}->{$param->{name}}});
+
+	delete $cluster_conf->{groups}->{$param->{name}};
+
+	PVE::Firewall::save_clusterfw_conf($cluster_conf);
+
+	return undef;
+    }});
 
 __PACKAGE__->register_method ({
     subclass => "PVE::API2::Firewall::GroupRules",  
-- 
2.39.2