rules: verify referenced security group exists

while this was already handled properly (as empty rules), adding this as
error makes it much more visible (in the GUI as well).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index e349ee7769a6d529a3414075bf04520085e31d06..aa4fb0184d298262a2326b6e1a976ecb04442fc2 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1623,6 +1623,8 @@ sub verify_rule {
                if !$allow_groups;
            &$add_error('action', "invalid characters in security group name")
                if $action && ($action !~ m/^${security_group_name_pattern}$/);
                if !$allow_groups;
            &$add_error('action', "invalid characters in security group name")
                if $action && ($action !~ m/^${security_group_name_pattern}$/);

+           &$add_error('action', "security group '$action' does not exist")
+               if $action && !defined($cluster_conf->{groups}->{$action});

        } else {
            &$add_error('type', "unknown rule type '$type'");
        }
        } else {
            &$add_error('type', "unknown rule type '$type'");
        }