Skip to content

Commit 1ad840e

Browse files
committed
Don't create firewall rules if network's default egress policy is true
1 parent 53fea6e commit 1ad840e

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

pkg/cloud/isolated_network.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,19 @@ func (c *client) OpenFirewallRules(isoNet *infrav1.CloudStackIsolatedNetwork) (r
157157
if isoNet.Spec.VPC != nil && isoNet.Spec.VPC.ID != "" {
158158
return nil
159159
}
160+
161+
// If network's egress policy is true, then we don't need to open the firewall rules for all protocols
162+
network, count, err := c.cs.Network.GetNetworkByID(isoNet.Spec.ID, cloudstack.WithProject(c.user.Project.ID))
163+
if err != nil {
164+
return errors.Wrapf(err, "failed to get network by ID %s", isoNet.Spec.ID)
165+
}
166+
if count == 0 {
167+
return errors.Errorf("no network found with ID %s", isoNet.Spec.ID)
168+
}
169+
if network.Egressdefaultpolicy {
170+
return nil
171+
}
172+
160173
protocols := []string{NetworkProtocolTCP, NetworkProtocolUDP, NetworkProtocolICMP}
161174
for _, proto := range protocols {
162175
p := c.cs.Firewall.NewCreateEgressFirewallRuleParams(isoNet.Spec.ID, proto)

0 commit comments

Comments
 (0)