fix #4268: add 'force' parameter to delete IPSet with members

Currently, trying to delete a non-empty IPSet will throw an error.
Manually deleting all members of the set might be a time-consuming
process, which the force parameter allows to bypass.

Signed-off-by: Leo Nunner <l.nunner@proxmox.com>

diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index ec9326f475f77d271b26bbda272a59d22b1b5065..a5f69e9ac4042c51ff783fd3f1c5b264b8c33567 100644 (file)
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -132,6 +132,11 @@ sub register_delete_ipset {
     my $properties = $class->additional_parameters();
 
     $properties->{name} = get_standard_option('ipset-name');
+    $properties->{force} = {
+       type => 'boolean',
+       optional => 1,
+       description => 'Delete all members of the IPSet, if there are any.',
+    };
 
     $class->register_method({
        name => 'delete_ipset',
@@ -154,7 +159,7 @@ sub register_delete_ipset {
                my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param);
 
                die "IPSet '$param->{name}' is not empty\n"
-                   if scalar(@$ipset);
+                   if scalar(@$ipset) && !$param->{force};
 
                $class->save_ipset($param, $fw_conf, undef);