From 9f2b0188bc839f3dd3bedd38a0e53ca34eafcac1 Mon Sep 17 00:00:00 2001
From: Isaac Hollander McCreery <ihmccreery@google.com>
Date: Fri, 27 Oct 2017 16:01:08 -0700
Subject: [PATCH] Fix ENABLE_METADATA_CONCEALMENT firewall rules to respect
 true/false

---
 cluster/gce/configure-vm.sh         | 2 +-
 cluster/gce/gci/configure-helper.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cluster/gce/configure-vm.sh b/cluster/gce/configure-vm.sh
index 2c7131bbc35..ee5510d780d 100755
--- a/cluster/gce/configure-vm.sh
+++ b/cluster/gce/configure-vm.sh
@@ -93,7 +93,7 @@ function config-ip-firewall {
   iptables -N KUBE-METADATA-SERVER
   iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
 
-  if [[ -n "${ENABLE_METADATA_CONCEALMENT:-}" ]]; then
+  if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
     iptables -A KUBE-METADATA-SERVER -j DROP
   fi
 }
diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index 6327063d68d..12f7b6ec770 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -52,7 +52,7 @@ function config-ip-firewall {
   iptables -N KUBE-METADATA-SERVER
   iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
 
-  if [[ -n "${ENABLE_METADATA_CONCEALMENT:-}" ]]; then
+  if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
     iptables -A KUBE-METADATA-SERVER -j DROP
   fi
 }