API fix: allow aliases in IPSets

[pve-firewall.git] / src / PVE / API2 / Firewall / IPSet.pm

diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index 56dd4f2ae01ada67438a3139b631cced55fb43ab..6c7ab5e6c681fdf76aa34122e5e5bf4b40dd674f 100644 (file)
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -12,7 +12,7 @@ use base qw(PVE::RESTHandler);
 my $api_properties = { 
     cidr => {
        description => "Network/IP specification in CIDR format.",
-       type => 'string', format => 'IPv4orCIDR',
+       type => 'string', format => 'IPv4orCIDRorAlias',
     },
     name => get_standard_option('ipset-name'),
     comment => {
@@ -145,6 +145,17 @@ sub register_delete_ipset {
        }});
 }
 
+my $verify_alias_exists = sub {
+    my ($cluster_conf, $fw_conf, $cidr) = @_;
+
+    if ($cidr !~ m/^\d/) {
+       my $alias = lc($cidr);
+       die "no such alias '$cidr'\n"
+           if !(($cluster_conf && $cluster_conf->{aliases}->{$alias}) || 
+                ($fw_conf && $fw_conf->{aliases}->{$alias}));
+    }
+};
+
 sub register_create_ip {
     my ($class) = @_;
 
@@ -178,7 +189,10 @@ sub register_create_ip {
                    if $entry->{cidr} eq $cidr;
            }
 
+           &$verify_alias_exists($cluster_conf, $fw_conf, $cidr);
+
            my $data = { cidr => $cidr };
+
            $data->{nomatch} = 1 if $param->{nomatch};
            $data->{comment} = $param->{comment} if $param->{comment};