diff --git a/pkg/cloudprovider/providers/aws/aws.go b/pkg/cloudprovider/providers/aws/aws.go index e73257b6572..fb85af28153 100644 --- a/pkg/cloudprovider/providers/aws/aws.go +++ b/pkg/cloudprovider/providers/aws/aws.go @@ -1595,6 +1595,10 @@ func (s *AWSCloud) createTags(request *ec2.CreateTagsInput) (*ec2.CreateTagsOutp func (s *AWSCloud) EnsureTCPLoadBalancer(name, region string, publicIP net.IP, ports []*api.ServicePort, hosts []string, affinity api.ServiceAffinity) (*api.LoadBalancerStatus, error) { glog.V(2).Infof("EnsureTCPLoadBalancer(%v, %v, %v, %v, %v)", name, region, publicIP, ports, hosts) + if region != s.region { + return nil, fmt.Errorf("requested load balancer region '%s' does not match cluster region '%s'", region, s.region) + } + if affinity != api.ServiceAffinityNone { // ELB supports sticky sessions, but only when configured for HTTP/HTTPS return nil, fmt.Errorf("unsupported load balancer affinity: %v", affinity) @@ -1729,6 +1733,10 @@ func (s *AWSCloud) EnsureTCPLoadBalancer(name, region string, publicIP net.IP, p // GetTCPLoadBalancer is an implementation of TCPLoadBalancer.GetTCPLoadBalancer func (s *AWSCloud) GetTCPLoadBalancer(name, region string) (*api.LoadBalancerStatus, bool, error) { + if region != s.region { + return nil, false, fmt.Errorf("requested load balancer region '%s' does not match cluster region '%s'", region, s.region) + } + lb, err := s.describeLoadBalancer(name) if err != nil { return nil, false, err @@ -1889,6 +1897,10 @@ func (s *AWSCloud) updateInstanceSecurityGroupsForLoadBalancer(lb *elb.LoadBalan // EnsureTCPLoadBalancerDeleted implements TCPLoadBalancer.EnsureTCPLoadBalancerDeleted. func (s *AWSCloud) EnsureTCPLoadBalancerDeleted(name, region string) error { + if region != s.region { + return fmt.Errorf("requested load balancer region '%s' does not match cluster region '%s'", region, s.region) + } + lb, err := s.describeLoadBalancer(name) if err != nil { return err @@ -1979,6 +1991,10 @@ func (s *AWSCloud) EnsureTCPLoadBalancerDeleted(name, region string) error { // UpdateTCPLoadBalancer implements TCPLoadBalancer.UpdateTCPLoadBalancer func (s *AWSCloud) UpdateTCPLoadBalancer(name, region string, hosts []string) error { + if region != s.region { + return fmt.Errorf("requested load balancer region '%s' does not match cluster region '%s'", region, s.region) + } + instances, err := s.getInstancesByNodeNames(hosts) if err != nil { return err diff --git a/pkg/cloudprovider/providers/aws/aws_test.go b/pkg/cloudprovider/providers/aws/aws_test.go index 07171a11827..67fa86de33f 100644 --- a/pkg/cloudprovider/providers/aws/aws_test.go +++ b/pkg/cloudprovider/providers/aws/aws_test.go @@ -17,6 +17,7 @@ limitations under the License. package aws_cloud import ( + "fmt" "io" "reflect" "strings" @@ -664,3 +665,35 @@ func TestFindVPCID(t *testing.T) { t.Errorf("Unexpected vpcID: %s", vpcID) } } + +func TestLoadBalancerMatchesClusterRegion(t *testing.T) { + awsServices := NewFakeAWSServices() + c, err := newAWSCloud(strings.NewReader("[global]"), awsServices) + if err != nil { + t.Errorf("Error building aws cloud: %v", err) + return + } + + badELBRegion := "bad-elb-region" + errorMessage := fmt.Sprintf("requested load balancer region '%s' does not match cluster region '%s'", badELBRegion, c.region) + + _, _, err = c.GetTCPLoadBalancer("elb-name", badELBRegion) + if err == nil || err.Error() != errorMessage { + t.Errorf("Expected GetTCPLoadBalancer region mismatch error.") + } + + _, err = c.EnsureTCPLoadBalancer("elb-name", badELBRegion, nil, nil, nil, api.ServiceAffinityNone) + if err == nil || err.Error() != errorMessage { + t.Errorf("Expected EnsureTCPLoadBalancer region mismatch error.") + } + + err = c.EnsureTCPLoadBalancerDeleted("elb-name", badELBRegion) + if err == nil || err.Error() != errorMessage { + t.Errorf("Expected EnsureTCPLoadBalancerDeleted region mismatch error.") + } + + err = c.UpdateTCPLoadBalancer("elb-name", badELBRegion, nil) + if err == nil || err.Error() != errorMessage { + t.Errorf("Expected UpdateTCPLoadBalancer region mismatch error.") + } +}