Fix conditional so only matched pods are firewalled (#183)

bzub · web-flow · commit 5f58cd278627 · 2017-10-06T15:30:53.000-05:00
diff --git a/app/controllers/network_policy_controller.go b/app/controllers/network_policy_controller.go
@@ -636,7 +636,7 @@ func (npc *NetworkPolicyController) getFirewallEnabledPods(nodeIp string) (*map[
 				}
 
 				// An empty podSelector matches all pods in this namespace.
-				if len(policy.Spec.PodSelector.MatchLabels) == 0 || len(policy.Spec.PodSelector.MatchExpressions) == 0 {
+				if len(policy.Spec.PodSelector.MatchLabels) == 0 && len(policy.Spec.PodSelector.MatchExpressions) == 0 {
 					podNeedsFirewall = true
 					break
 				}

Original file line number	Diff line number	Diff line change
`@@ -636,7 +636,7 @@ func (npc NetworkPolicyController) getFirewallEnabledPods(nodeIp string) (map[`
`636`	`636`	`}`
`637`	`637`
`638`	`638`	`// An empty podSelector matches all pods in this namespace.`
`639`		`- if len(policy.Spec.PodSelector.MatchLabels) == 0 \|\| len(policy.Spec.PodSelector.MatchExpressions) == 0 {`
	`639`	`+ if len(policy.Spec.PodSelector.MatchLabels) == 0 && len(policy.Spec.PodSelector.MatchExpressions) == 0 {`
`640`	`640`	`podNeedsFirewall = true`
`641`	`641`	`break`
`642`	`642`	`}`