Merge pull request #47 from aws/fix/add-open-firewall-fules-back

Call openFirewallRules in CreateIsolatedNetwork to create an egress rule

Author: wongni

pkg/cloud/network.go

@@ -30,7 +30,7 @@ type NetworkIface interface {
 	ResolveNetworkStatuses(*capcv1.CloudStackCluster) error
 	ResolveNetwork(*capcv1.CloudStackCluster, *capcv1.Network) error
 	CreateIsolatedNetwork(*capcv1.CloudStackCluster) error
-	OpenFirewallRules(*capcv1.CloudStackCluster) error
+	OpenFirewallRules(networkID string) error
 	FetchPublicIP(*capcv1.CloudStackCluster) (*cloudstack.PublicIpAddress, error)
 	ResolveLoadBalancerRuleDetails(*capcv1.CloudStackCluster) error
 	GetOrCreateLoadBalancerRule(*capcv1.CloudStackCluster) error
@@ -146,6 +146,10 @@ func (c *client) CreateIsolatedNetwork(csCluster *capcv1.CloudStackCluster) (ret
 		return err
 	}
 
+	if err := c.OpenFirewallRules(zoneStatus.Network.ID); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -268,8 +272,8 @@ func (c *client) AssociatePublicIPAddress(csCluster *capcv1.CloudStackCluster) (
 	return nil
 }
 
-func (c *client) OpenFirewallRules(csCluster *capcv1.CloudStackCluster) (retErr error) {
-	p := c.cs.Firewall.NewCreateEgressFirewallRuleParams(csCluster.Status.PublicIPNetworkID, NetworkProtocolTCP)
+func (c *client) OpenFirewallRules(networkID string) (retErr error) {
+	p := c.cs.Firewall.NewCreateEgressFirewallRuleParams(networkID, NetworkProtocolTCP)
 	_, retErr = c.cs.Firewall.CreateEgressFirewallRule(p)
 	if retErr != nil && strings.Contains(strings.ToLower(retErr.Error()), "there is already") { // Already a firewall rule here.
 		retErr = nil

pkg/cloud/network_test.go

@@ -127,6 +127,10 @@ var _ = Describe("Network", func() {
 				PublicIpAddresses: []*csapi.PublicIpAddress{{Id: dummies.PublicIPID, Ipaddress: "fakeIP"}}}, nil)
 		as.EXPECT().NewAssociateIpAddressParams().Return(&csapi.AssociateIpAddressParams{})
 		as.EXPECT().AssociateIpAddress(gomock.Any())
+		fs.EXPECT().NewCreateEgressFirewallRuleParams(dummies.ISONet1.ID, cloud.NetworkProtocolTCP).
+			Return(&csapi.CreateEgressFirewallRuleParams{})
+		fs.EXPECT().CreateEgressFirewallRule(&csapi.CreateEgressFirewallRuleParams{}).
+			Return(&csapi.CreateEgressFirewallRuleResponse{}, nil)
 
 		// Will add cluster tag once to Network and once to PublicIP.
 		createdByResponse := &csapi.ListTagsResponse{Tags: []*csapi.Tag{{Key: cloud.CreatedByCAPCTagName, Value: "1"}}}
@@ -159,7 +163,7 @@ var _ = Describe("Network", func() {
 			fs.EXPECT().CreateEgressFirewallRule(&csapi.CreateEgressFirewallRuleParams{}).
 				Return(&csapi.CreateEgressFirewallRuleResponse{}, nil)
 
-			Ω(client.OpenFirewallRules(dummies.CSCluster)).Should(Succeed())
+			Ω(client.OpenFirewallRules(dummies.ISONet1.ID)).Should(Succeed())
 		})
 	})
 
@@ -174,7 +178,7 @@ var _ = Describe("Network", func() {
 			fs.EXPECT().CreateEgressFirewallRule(&csapi.CreateEgressFirewallRuleParams{}).
 				Return(&csapi.CreateEgressFirewallRuleResponse{}, errors.New("there is already a rule like this"))
 
-			Ω(client.OpenFirewallRules(dummies.CSCluster)).Should(Succeed())
+			Ω(client.OpenFirewallRules(dummies.ISONet1.ID)).Should(Succeed())
 		})
 	})