change notes on firewall targets

2017-04-07 14:41:48 -07:00 · 2017-04-07 14:41:48 -07:00 · 5679831ace
commit 5679831ace
parent daffef14b2
3 changed files with 6 additions and 4 deletions
--- a/controllers/gce/firewalls/fakes.go
+++ b/controllers/gce/firewalls/fakes.go
@ -63,6 +63,7 @@ func (f *fakeFirewallsProvider) CreateFirewall(name, msgTag string, srcRange net
 		Name:         prefixedName,
 		SourceRanges: srcRange.StringSlice(),
 		Allowed:      []*compute.FirewallAllowed{{Ports: strPorts}},
+		TargetTags:   hosts, // WARNING: This is actually not correct, but good enough for testing this package
 	}
 	return nil
 }
@ -96,6 +97,7 @@ func (f *fakeFirewallsProvider) UpdateFirewall(name, msgTag string, srcRange net
 		Name:         name,
 		SourceRanges: srcRange.StringSlice(),
 		Allowed:      []*compute.FirewallAllowed{{Ports: strPorts}},
+		TargetTags:   hosts, // WARNING: This is actually not correct, but good enough for testing this package
 	}
 	return nil
 }
--- a/controllers/gce/firewalls/firewalls.go
+++ b/controllers/gce/firewalls/firewalls.go
@ -79,6 +79,8 @@ func (fr *FirewallRules) Sync(nodePorts []int64, nodeNames []string) error {
 	requiredCIDRs := sets.NewString(l7SrcRanges...)
 	existingCIDRs := sets.NewString(rule.SourceRanges...)

+	// Do not update if ports and source cidrs are not outdated.
+	// NOTE: We are not checking if nodeNames matches the firwall targetTags
 	if requiredPorts.Equal(existingPorts) && requiredCIDRs.Equal(existingCIDRs) {
 		return nil
 	}
--- a/controllers/gce/firewalls/firewalls_test.go
+++ b/controllers/gce/firewalls/firewalls_test.go
@ -47,7 +47,8 @@ func TestSyncFirewallPool(t *testing.T) {
 	}
 	verifyFirewallRule(fwp, ruleName, nodePorts, nodes, l7SrcRanges, t)

-	// Add node and expect firwall to change nodes list
+	// Add node and expect firwall to remain the same
+	// NOTE: See computeHostTag(..) in gce cloudprovider
 	nodes = []string{"node-a", "node-b", "node-c", "node-d"}
 	err = fp.Sync(nodePorts, nodes)
 	if err != nil {
@ -89,7 +90,4 @@ func verifyFirewallRule(fwp *fakeFirewallsProvider, ruleName string, expectedPor
 	if !sets.NewString(f.SourceRanges...).Equal(sets.NewString(expectedCIDRs...)) {
 		t.Errorf("source CIDRs doesn't equal expected CIDRs. Actual: %v, Expected: %v", f.SourceRanges, expectedCIDRs)
 	}
-
-	// Verify firwall rule has correct nodes
-	// TODO: Check host tags are updated
 }