[pve-devel] [PATCH firewall 7/7] rules: verify referenced security group exists

Fabian Grünbichler Wed, 29 Apr 2020 01:54:22 -0700

while this was already handled properly (as empty rules), adding this as
error makes it much more visible (in the GUI as well).


Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---
 src/PVE/Firewall.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 4d86032..40468e4 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1623,6 +1623,8 @@ sub verify_rule {
                if !$allow_groups;
            &$add_error('action', "invalid characters in security group name")
                if $action && ($action !~ m/^${security_group_name_pattern}$/);
+           &$add_error('action', "security group '$action' does not exist")
+               if $action && !defined($cluster_conf->{groups}->{$action});
        } else {
            &$add_error('type', "unknown rule type '$type'");
        }
-- 
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH firewall 7/7] rules: verify referenced security group exists

Reply via email to