From 0d22acb3445afea9d33a9ed80addb912ad116f7e Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 9 Apr 2014 12:53:12 +0200
Subject: [PATCH] support comments on group sections

---
 src/PVE/API2/Firewall/Groups.pm | 28 ++++++++++++++++++++++++----
 src/PVE/API2/Firewall/Rules.pm  |  1 +
 src/PVE/Firewall.pm             | 19 ++++++++++++++++---
 3 files changed, 41 insertions(+), 7 deletions(-)

diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index 0a6126a..0317af8 100644
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -3,6 +3,7 @@ package PVE::API2::Firewall::Groups;
 use strict;
 use warnings;
 use PVE::JSONSchema qw(get_standard_option);
+use PVE::Exception qw(raise raise_param_exc);
 
 use PVE::Firewall;
 use PVE::API2::Firewall::Rules;
@@ -25,6 +26,10 @@ __PACKAGE__->register_method({
 	    type => "object",
 	    properties => { 
 		name => get_standard_option('pve-security-group-name'),
+		comment => { 
+		    type => 'string',
+		    optional => 1,
+		}
 	    },
 	},
 	links => [ { rel => 'child', href => "{name}" } ],
@@ -36,7 +41,14 @@ __PACKAGE__->register_method({
 
 	my $res = [];
 	foreach my $group (keys %{$cluster_conf->{groups}}) {
-	    push @$res, { name => $group, count => scalar(@{$cluster_conf->{groups}->{$group}}) };
+	    my $data = { 
+		name => $group,
+		count => scalar(@{$cluster_conf->{groups}->{$group}}) 
+	    };
+	    if (my $comment = $cluster_conf->{group_comments}->{$group}) {
+		$data->{comment} = $comment;
+	    }
+	    push @$res, $data;
 	}
 
 	return $res;
@@ -52,8 +64,12 @@ __PACKAGE__->register_method({
 	additionalProperties => 0,
 	properties => { 
 	    name => get_standard_option('pve-security-group-name'),
+	    comment => {
+		type => 'string',
+		optional => 1,
+	    },
 	    rename => get_standard_option('pve-security-group-name', {
-		description => "Rename an existing security group.",
+		description => "Rename/update an existing security group. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing group.",
 		optional => 1,
 	    }),
 	},
@@ -66,7 +82,7 @@ __PACKAGE__->register_method({
 
 	foreach my $name (keys %{$cluster_conf->{groups}}) {
 	    raise_param_exc({ name => "Security group '$name' already exists" }) 
-		if $name eq $param->{name};
+		if !$param->{rename} && $name eq $param->{name};
 	}
 
 	if ($param->{rename}) {
@@ -74,8 +90,13 @@ __PACKAGE__->register_method({
 		if !$cluster_conf->{groups}->{$param->{rename}};
 	    my $data = delete $cluster_conf->{groups}->{$param->{rename}};
 	    $cluster_conf->{groups}->{$param->{name}} = $data;
+	    if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {
+		$cluster_conf->{group_comments}->{$param->{name}} = $comment;
+	    }
+	    $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
 	} else {
 	    $cluster_conf->{groups}->{$param->{name}} = [];
+	    $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
 	}
 
 	PVE::Firewall::save_clusterfw_conf($cluster_conf);
@@ -83,7 +104,6 @@ __PACKAGE__->register_method({
 	return undef;
     }});
 
-
 __PACKAGE__->register_method({
     name => 'delete_security_group',
     path => '{name}',
diff --git a/src/PVE/API2/Firewall/Rules.pm b/src/PVE/API2/Firewall/Rules.pm
index 4837880..46fdd56 100644
--- a/src/PVE/API2/Firewall/Rules.pm
+++ b/src/PVE/API2/Firewall/Rules.pm
@@ -3,6 +3,7 @@ package PVE::API2::Firewall::RulesBase;
 use strict;
 use warnings;
 use PVE::JSONSchema qw(get_standard_option);
+use PVE::Exception qw(raise raise_param_exc);
 
 use PVE::Firewall;
 
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 336aedb..6a96341 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1976,7 +1976,13 @@ sub parse_cluster_fw_rules {
     my $section;
     my $group;
 
-    my $res = { rules => [], options => {}, groups => {}, ipset => {} };
+    my $res = { 
+	rules => [], 
+	options => {}, 
+	groups => {}, 
+	group_comments => {}, 
+	ipset => {} 
+    };
 
     my $digest = Digest::SHA->new('sha1');
 
@@ -1994,10 +2000,12 @@ sub parse_cluster_fw_rules {
 	    next;
 	}
 
-	if ($line =~ m/^\[group\s+(\S+)\]\s*$/i) {
+	if ($line =~ m/^\[group\s+(\S+)\]\s*(?:#\s*(.*?)\s*)?$/i) {
 	    $section = 'groups';
 	    $group = lc($1);
+	    my $comment = $2;
 	    $res->{$section}->{$group} = [];
+	    $res->{group_comments}->{$group} = $comment if $comment;
 	    next;
 	}
 
@@ -2415,7 +2423,12 @@ sub save_clusterfw_conf {
 
     foreach my $group (sort keys %{$cluster_conf->{groups}}) {
 	my $rules = $cluster_conf->{groups}->{$group};
-	$raw .= "[group $group]\n\n";
+	if (my $comment = $cluster_conf->{group_comments}->{$group}) {
+	    $raw .= "[group $group] # $comment\n\n";
+	} else {
+	    $raw .= "[group $group]\n\n";
+	}
+
 	$raw .= &$format_rules($rules, 0);
 	$raw .= "\n";
     }
-- 
2.39.2