Skip to content

Commit

Permalink
Merge pull request #50260 from nbutton23/automated-cherry-pick-of-#49…
Browse files Browse the repository at this point in the history
…805-upstream-release-1.7

Automatic merge from submit-queue

Automated cherry pick of #49805

Cherry pick of #49805 on release-1.7.

#49805: We never want to modify the globally defined SG
  • Loading branch information
Kubernetes Submit Queue authored Aug 12, 2017
2 parents 0d3e620 + b5a07f5 commit 87e6b3b
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion pkg/cloudprovider/providers/aws/aws.go
Original file line number Diff line number Diff line change
Expand Up @@ -2072,6 +2072,11 @@ func isEqualUserGroupPair(l, r *ec2.UserIdGroupPair, compareGroupUserIDs bool) b
// Returns true if and only if changes were made
// The security group must already exist
func (c *Cloud) setSecurityGroupIngress(securityGroupID string, permissions IPPermissionSet) (bool, error) {
// We do not want to make changes to the Global defined SG
if securityGroupID == c.cfg.Global.ElbSecurityGroup {
return false, nil
}

group, err := c.findSecurityGroup(securityGroupID)
if err != nil {
glog.Warning("Error retrieving security group", err)
Expand Down Expand Up @@ -2142,6 +2147,11 @@ func (c *Cloud) setSecurityGroupIngress(securityGroupID string, permissions IPPe
// Returns true if and only if changes were made
// The security group must already exist
func (c *Cloud) addSecurityGroupIngress(securityGroupID string, addPermissions []*ec2.IpPermission) (bool, error) {
// We do not want to make changes to the Global defined SG
if securityGroupID == c.cfg.Global.ElbSecurityGroup {
return false, nil
}

group, err := c.findSecurityGroup(securityGroupID)
if err != nil {
glog.Warningf("Error retrieving security group: %v", err)
Expand Down Expand Up @@ -2198,6 +2208,11 @@ func (c *Cloud) addSecurityGroupIngress(securityGroupID string, addPermissions [
// Returns true if and only if changes were made
// If the security group no longer exists, will return (false, nil)
func (c *Cloud) removeSecurityGroupIngress(securityGroupID string, removePermissions []*ec2.IpPermission) (bool, error) {
// We do not want to make changes to the Global defined SG
if securityGroupID == c.cfg.Global.ElbSecurityGroup {
return false, nil
}

group, err := c.findSecurityGroup(securityGroupID)
if err != nil {
glog.Warningf("Error retrieving security group: %v", err)
Expand Down Expand Up @@ -2525,7 +2540,7 @@ func getPortSets(annotation string) (ports *portSets) {

// buildELBSecurityGroupList returns list of SecurityGroups which should be
// attached to ELB created by a service. List always consist of at least
// 1 member which is an SG created for this service. Extra groups can be
// 1 member which is an SG created for this service or a SG from the Global config. Extra groups can be
// specified via annotation
func (c *Cloud) buildELBSecurityGroupList(serviceName types.NamespacedName, loadBalancerName, annotation string) ([]string, error) {
var err error
Expand Down

0 comments on commit 87e6b3b

Please sign in to comment.