support multiple cidr vpc for nlb health check

This commit is contained in:
M00nF1sh 2019-02-05 17:31:16 -08:00
parent 1c557b9ce8
commit 416a98e030

View File

@ -645,7 +645,7 @@ func filterForIPRangeDescription(securityGroups []*ec2.SecurityGroup, lbName str
return response return response
} }
func (c *Cloud) getVpcCidrBlock() (*string, error) { func (c *Cloud) getVpcCidrBlocks() ([]string, error) {
vpcs, err := c.ec2.DescribeVpcs(&ec2.DescribeVpcsInput{ vpcs, err := c.ec2.DescribeVpcs(&ec2.DescribeVpcsInput{
VpcIds: []*string{aws.String(c.vpcID)}, VpcIds: []*string{aws.String(c.vpcID)},
}) })
@ -655,7 +655,12 @@ func (c *Cloud) getVpcCidrBlock() (*string, error) {
if len(vpcs.Vpcs) != 1 { if len(vpcs.Vpcs) != 1 {
return nil, fmt.Errorf("Error querying VPC for ELB, got %d vpcs for %s", len(vpcs.Vpcs), c.vpcID) return nil, fmt.Errorf("Error querying VPC for ELB, got %d vpcs for %s", len(vpcs.Vpcs), c.vpcID)
} }
return vpcs.Vpcs[0].CidrBlock, nil
cidrBlocks := make([]string, 0, len(vpcs.Vpcs[0].CidrBlockAssociationSet))
for _, cidr := range vpcs.Vpcs[0].CidrBlockAssociationSet {
cidrBlocks = append(cidrBlocks, aws.StringValue(cidr.CidrBlock))
}
return cidrBlocks, nil
} }
// abstraction for updating SG rules // abstraction for updating SG rules
@ -868,7 +873,7 @@ func (c *Cloud) updateInstanceSecurityGroupsForNLB(mappings []nlbPortMapping, in
return nil return nil
} }
vpcCidr, err := c.getVpcCidrBlock() vpcCidrBlocks, err := c.getVpcCidrBlocks()
if err != nil { if err != nil {
return err return err
} }
@ -953,7 +958,7 @@ func (c *Cloud) updateInstanceSecurityGroupsForNLB(mappings []nlbPortMapping, in
} }
// Run once for health check traffic // Run once for health check traffic
err = c.updateInstanceSecurityGroupsForNLBTraffic(actualGroups, desiredGroupIds, healthCheckPorts, lbName, []string{aws.StringValue(vpcCidr)}, false) err = c.updateInstanceSecurityGroupsForNLBTraffic(actualGroups, desiredGroupIds, healthCheckPorts, lbName, vpcCidrBlocks, false)
if err != nil { if err != nil {
return err return err
} }