compute: create default firewall rules #915
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related http://stackoverflow.com/questions/31509722/how-do-i-enable-http-traffic-for-gce-instance-templates
Fixes stephenplusplus/gcloud-deploy#4
We had a "maybe-bug" in our code that could lead to a user thinking they made a VM that accepts HTTP and/or HTTPS connections, but in actuality doesn't.
My theory about how the Dev Console UI works:
If you create an Instance and select "Allow HTTP traffic" and/or "Allow HTTPS traffic", it will create firewall rules in the default network:
default-allow-http
anddefault-allow-https
. The VM is created with tags to matchhttp-server
andhttps-server
, which are the target tags on the firewall rules.When I developed the behavior of
zone.createVM()
that acceptsconfig.http = true
andconfig.https = true
, I assumed all project's networks had these firewall rules by default. But, if my theory is right, I only had them because I used the UI to create an http/https VM before, so my project had the rules.So, this PR will attempt to create
default-allow-http
anddefault-allow-https
(when that functionality is asked for), and if they already exist, it just moves on and creates the VM. If they don't exist, it creates them, then the VM. In other words, this should basically work like the Dev Console UI does (if my theory is correct).