github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-08 11:38:15 +00:00
Code Issues Projects Releases Wiki Activity

Openstack null-support for load balancer source

Browse Source 
We return an error if the user specifies a non 0.0.0.0/0 load balancer
source restriction on OpenStack, where we can't enforce the restriction
(currently).
This commit is contained in:
Justin Santa Barbara 2016-02-24 11:10:56 -05:00
parent 49e1149227
commit 818925cc25
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/cloudprovider/providers/openstack/openstack.go
View File

@ -685,6 +685,15 @@ func (lb *LoadBalancer) EnsureLoadBalancer(name, region string, loadBalancerIP n
return nil, fmt.Errorf("unsupported load balancer affinity: %v", affinity) return nil, fmt.Errorf("unsupported load balancer affinity: %v", affinity)
} }
sourceRanges, err := cloudprovider.GetSourceRangeAnnotations(annotations)
if err != nil {
return nil, err
}
if !cloudprovider.IsAllowAll(sourceRanges) {
return nil, fmt.Errorf("Source range restrictions are not supported for openstack load balancers")
}
glog.V(2).Infof("Checking if openstack load balancer already exists: %s", name) glog.V(2).Infof("Checking if openstack load balancer already exists: %s", name)
_, exists, err := lb.GetLoadBalancer(name, region) _, exists, err := lb.GetLoadBalancer(name, region)
if err != nil { if err != nil {

15
pkg/cloudprovider/utils.go
View File

@ -67,6 +67,11 @@ func (l IPNetSet) Equal(r IPNetSet) bool {
return true return true
} }
// Len returns the size of the set.
func (s IPNetSet) Len() int {
return len(s)
}
// GetSourceRangeAnnotations verifies and parses the LBAnnotationAllowSourceRange annotation from a service, // GetSourceRangeAnnotations verifies and parses the LBAnnotationAllowSourceRange annotation from a service,
// extracting the source ranges to allow, and if not present returns a default (allow-all) value. // extracting the source ranges to allow, and if not present returns a default (allow-all) value.
func GetSourceRangeAnnotations(annotation map[string]string) (IPNetSet, error) { func GetSourceRangeAnnotations(annotation map[string]string) (IPNetSet, error) {
@ -82,3 +87,13 @@ func GetSourceRangeAnnotations(annotation map[string]string) (IPNetSet, error) {
} }
return ipnets, nil return ipnets, nil
} }
// IsAllowAll checks whether the IPNetSet contains the default allow-all policy
func IsAllowAll(ipnets IPNetSet) bool {
for _, s := range ipnets.StringSlice() {
if s == "0.0.0.0/0" {
return true
}
}
return false
}