use strict;
use warnings;
use PVE::JSONSchema qw(get_standard_option);
+use PVE::Exception qw(raise raise_param_exc);
use PVE::Firewall;
use PVE::API2::Firewall::Rules;
type => "object",
properties => {
name => get_standard_option('pve-security-group-name'),
+ comment => {
+ type => 'string',
+ optional => 1,
+ }
},
},
links => [ { rel => 'child', href => "{name}" } ],
my $res = [];
foreach my $group (keys %{$cluster_conf->{groups}}) {
- push @$res, { name => $group, count => scalar(@{$cluster_conf->{groups}->{$group}}) };
+ my $data = {
+ name => $group,
+ count => scalar(@{$cluster_conf->{groups}->{$group}})
+ };
+ if (my $comment = $cluster_conf->{group_comments}->{$group}) {
+ $data->{comment} = $comment;
+ }
+ push @$res, $data;
}
return $res;
additionalProperties => 0,
properties => {
name => get_standard_option('pve-security-group-name'),
+ comment => {
+ type => 'string',
+ optional => 1,
+ },
rename => get_standard_option('pve-security-group-name', {
- description => "Rename an existing security group.",
+ description => "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group.",
optional => 1,
}),
},
foreach my $name (keys %{$cluster_conf->{groups}}) {
raise_param_exc({ name => "Security group '$name' already exists" })
- if $name eq $param->{name};
+ if !$param->{rename} && $name eq $param->{name};
}
if ($param->{rename}) {
if !$cluster_conf->{groups}->{$param->{rename}};
my $data = delete $cluster_conf->{groups}->{$param->{rename}};
$cluster_conf->{groups}->{$param->{name}} = $data;
+ if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {
+ $cluster_conf->{group_comments}->{$param->{name}} = $comment;
+ }
+ $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
} else {
$cluster_conf->{groups}->{$param->{name}} = [];
+ $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
}
PVE::Firewall::save_clusterfw_conf($cluster_conf);
return undef;
}});
-
__PACKAGE__->register_method({
name => 'delete_security_group',
path => '{name}',
my $section;
my $group;
- my $res = { rules => [], options => {}, groups => {}, ipset => {} };
+ my $res = {
+ rules => [],
+ options => {},
+ groups => {},
+ group_comments => {},
+ ipset => {}
+ };
my $digest = Digest::SHA->new('sha1');
next;
}
- if ($line =~ m/^\[group\s+(\S+)\]\s*$/i) {
+ if ($line =~ m/^\[group\s+(\S+)\]\s*(?:#\s*(.*?)\s*)?$/i) {
$section = 'groups';
$group = lc($1);
+ my $comment = $2;
$res->{$section}->{$group} = [];
+ $res->{group_comments}->{$group} = $comment if $comment;
next;
}
foreach my $group (sort keys %{$cluster_conf->{groups}}) {
my $rules = $cluster_conf->{groups}->{$group};
- $raw .= "[group $group]\n\n";
+ if (my $comment = $cluster_conf->{group_comments}->{$group}) {
+ $raw .= "[group $group] # $comment\n\n";
+ } else {
+ $raw .= "[group $group]\n\n";
+ }
+
$raw .= &$format_rules($rules, 0);
$raw .= "\n";
}