github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 10:51:29 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #59295 from nicksardo/sort-firewall

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 59097, 57076, 59295). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

GCE: sort firewall parameters

**What this PR does / why we need it**:
Make the firewall arguments deterministic.
Fixes #59294 

**Release note**:
```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-02-02 19:37:41 -08:00 committed by GitHub
commit 9174553b76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/cloudprovider/providers/gce/gce_util.go
View File

@ -22,6 +22,7 @@ import (
"net"
"net/http"
"regexp"
"sort"
"strings"
"k8s.io/api/core/v1"
@ -98,8 +99,13 @@ func firewallToGcloudArgs(fw *compute.Firewall, projectID string) string {
allPorts = append(allPorts, fmt.Sprintf("%v:%v", a.IPProtocol, p))
}
}
// Sort all slices to prevent the event from being duped
sort.Strings(allPorts)
allow := strings.Join(allPorts, ",")
sort.Strings(fw.SourceRanges)
srcRngs := strings.Join(fw.SourceRanges, ",")
sort.Strings(fw.TargetTags)
targets := strings.Join(fw.TargetTags, ",")
return fmt.Sprintf("--description %q --allow %v --source-ranges %v --target-tags %v --project %v", fw.Description, allow, srcRngs, targets, projectID)
}

24
pkg/cloudprovider/providers/gce/gce_util_test.go
View File

@ -88,3 +88,27 @@ func TestSubnetsInCIDR(t *testing.T) {
t.Errorf("autoSubnetInList() = %v, expected: %v", gotNames, expectedNames)
}
}
func TestFirewallToGcloudArgs(t *testing.T) {
firewall := compute.Firewall{
Description: "Last Line of Defense",
TargetTags: []string{"jock-nodes", "band-nodes"},
SourceRanges: []string{"3.3.3.3/20", "1.1.1.1/20", "2.2.2.2/20"},
Allowed: []*compute.FirewallAllowed{
{
IPProtocol: "udp",
Ports: []string{"321", "123-456", "123"},
},
{
IPProtocol: "tcp",
Ports: []string{"321", "123-456", "123"},
},
},
}
got := firewallToGcloudArgs(&firewall, "my-project")
var e = `--description "Last Line of Defense" --allow tcp:123,tcp:123-456,tcp:321,udp:123,udp:123-456,udp:321 --source-ranges 1.1.1.1/20,2.2.2.2/20,3.3.3.3/20 --target-tags band-nodes,jock-nodes --project my-project`
if got != e {
t.Errorf("%q does not equal %q", got, e)
}
}