support comments on group sections

diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index 0a6126afa0105642eb937e6c21f2aeec733872b9..0317af8849d9e54a46b8dfbccdc95bf79418d94b 100644 (file)
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -3,6 +3,7 @@ package PVE::API2::Firewall::Groups;
 use strict;
 use warnings;
 use PVE::JSONSchema qw(get_standard_option);
+use PVE::Exception qw(raise raise_param_exc);
 
 use PVE::Firewall;
 use PVE::API2::Firewall::Rules;
@@ -25,6 +26,10 @@ __PACKAGE__->register_method({
            type => "object",
            properties => { 
                name => get_standard_option('pve-security-group-name'),
+               comment => { 
+                   type => 'string',
+                   optional => 1,
+               }
            },
        },
        links => [ { rel => 'child', href => "{name}" } ],
@@ -36,7 +41,14 @@ __PACKAGE__->register_method({
 
        my $res = [];
        foreach my $group (keys %{$cluster_conf->{groups}}) {
-           push @$res, { name => $group, count => scalar(@{$cluster_conf->{groups}->{$group}}) };
+           my $data = { 
+               name => $group,
+               count => scalar(@{$cluster_conf->{groups}->{$group}}) 
+           };
+           if (my $comment = $cluster_conf->{group_comments}->{$group}) {
+               $data->{comment} = $comment;
+           }
+           push @$res, $data;
        }
 
        return $res;
@@ -52,8 +64,12 @@ __PACKAGE__->register_method({
        additionalProperties => 0,
        properties => { 
            name => get_standard_option('pve-security-group-name'),
+           comment => {
+               type => 'string',
+               optional => 1,
+           },
            rename => get_standard_option('pve-security-group-name', {
-               description => "Rename an existing security group.",
+               description => "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group.",
                optional => 1,
            }),
        },
@@ -66,7 +82,7 @@ __PACKAGE__->register_method({
 
        foreach my $name (keys %{$cluster_conf->{groups}}) {
            raise_param_exc({ name => "Security group '$name' already exists" }) 
-               if $name eq $param->{name};
+               if !$param->{rename} && $name eq $param->{name};
        }
 
        if ($param->{rename}) {
@@ -74,8 +90,13 @@ __PACKAGE__->register_method({
                if !$cluster_conf->{groups}->{$param->{rename}};
            my $data = delete $cluster_conf->{groups}->{$param->{rename}};
            $cluster_conf->{groups}->{$param->{name}} = $data;
+           if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {
+               $cluster_conf->{group_comments}->{$param->{name}} = $comment;
+           }
+           $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
        } else {
            $cluster_conf->{groups}->{$param->{name}} = [];
+           $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
        }
 
        PVE::Firewall::save_clusterfw_conf($cluster_conf);
@@ -83,7 +104,6 @@ __PACKAGE__->register_method({
        return undef;
     }});
 
-
 __PACKAGE__->register_method({
     name => 'delete_security_group',
     path => '{name}',

diff --git a/src/PVE/API2/Firewall/Rules.pm b/src/PVE/API2/Firewall/Rules.pm
index 4837880974041ee55e035fa0158161065e9a4a10..46fdd56cf80404ab81934098d5e0fa5cc0739d14 100644 (file)
--- a/src/PVE/API2/Firewall/Rules.pm
+++ b/src/PVE/API2/Firewall/Rules.pm
@@ -3,6 +3,7 @@ package PVE::API2::Firewall::RulesBase;
 use strict;
 use warnings;
 use PVE::JSONSchema qw(get_standard_option);
+use PVE::Exception qw(raise raise_param_exc);
 
 use PVE::Firewall;
 

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 336aedbd72cacd417e7533257495eb3f9aa9dba5..6a9634130aa298b5767fbc25132a86b529cd725b 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1976,7 +1976,13 @@ sub parse_cluster_fw_rules {
     my $section;
     my $group;
 
-    my $res = { rules => [], options => {}, groups => {}, ipset => {} };
+    my $res = { 
+       rules => [], 
+       options => {}, 
+       groups => {}, 
+       group_comments => {}, 
+       ipset => {} 
+    };
 
     my $digest = Digest::SHA->new('sha1');
 
@@ -1994,10 +2000,12 @@ sub parse_cluster_fw_rules {
            next;
        }
 
-       if ($line =~ m/^\[group\s+(\S+)\]\s*$/i) {
+       if ($line =~ m/^\[group\s+(\S+)\]\s*(?:#\s*(.*?)\s*)?$/i) {
            $section = 'groups';
            $group = lc($1);
+           my $comment = $2;
            $res->{$section}->{$group} = [];
+           $res->{group_comments}->{$group} = $comment if $comment;
            next;
        }
 
@@ -2415,7 +2423,12 @@ sub save_clusterfw_conf {
 
     foreach my $group (sort keys %{$cluster_conf->{groups}}) {
        my $rules = $cluster_conf->{groups}->{$group};
-       $raw .= "[group $group]\n\n";
+       if (my $comment = $cluster_conf->{group_comments}->{$group}) {
+           $raw .= "[group $group] # $comment\n\n";
+       } else {
+           $raw .= "[group $group]\n\n";
+       }
+
        $raw .= &$format_rules($rules, 0);
        $raw .= "\n";
     }