Descriptionprovider/openstack: bug #1226996 SecurityGroup
We intended to allow access to any port for any instance in the
default security group. However, we didn't specify a CIDR and we
didn't reference the Source Group Id. Which meant we actually were
exposing *all* ports to *all* machines.
I do have some tests that the security group we get back from
EnsureGroup has the right bits set. I was hoping for a slightly better
cross-provider test that actually runs a service on a random port and
ensures that we are unable to actually connect to that port.
However, I think this is a nice small fix for 1.14 which is worthy of
landing.
https://code.launchpad.net/~jameinel/juju-core/security-group-group-id-1226996/+merge/186321
(do not edit description out of merge proposal)
Patch Set 1 #Patch Set 2 : provider/openstack: bug #1226996 SecurityGroup #
Total comments: 11
Patch Set 3 : provider/openstack: bug #1226996 SecurityGroup #
MessagesTotal messages: 7
|