libcloud git commit: [google] Due to fact that you created source_tags, we shouldn't by default set also source_range = 0.0.0.0/0. This will be much more secure setting.

Tue, 14 Jul 2015 10:48:06 -0700 

Repository: libcloud
Updated Branches:
  refs/heads/trunk f23a6468b -> 2b01bc369


[google] Due to fact that you created source_tags, we shouldn't by default
set also source_range = 0.0.0.0/0. This will be much more secure setting.

Ref: https://cloud.google.com/compute/docs/reference/latest/firewalls#resource

Closes #535

Signed-off-by: Eric Johnson <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/2b01bc36
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/2b01bc36
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/2b01bc36

Branch: refs/heads/trunk
Commit: 2b01bc3696663106d7547465c7905aafd46e2dd7
Parents: f23a646
Author: Przemysław Szypowicz <[email protected]>
Authored: Mon Jun 15 11:52:43 2015 +0200
Committer: Eric Johnson <[email protected]>
Committed: Tue Jul 14 17:46:15 2015 +0000

----------------------------------------------------------------------
 libcloud/compute/drivers/gce.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/libcloud/blob/2b01bc36/libcloud/compute/drivers/gce.py
----------------------------------------------------------------------
diff --git a/libcloud/compute/drivers/gce.py b/libcloud/compute/drivers/gce.py
index 246bbd6..d62a9af 100644
--- a/libcloud/compute/drivers/gce.py
+++ b/libcloud/compute/drivers/gce.py
@@ -1971,9 +1971,10 @@ class GCENodeDriver(NodeDriver):
         firewall_data['name'] = name
         firewall_data['allowed'] = allowed
         firewall_data['network'] = nw.extra['selfLink']
-        if source_ranges is None:
+        if source_ranges is None and source_tags is None:
             source_ranges = ['0.0.0.0/0']
-        firewall_data['sourceRanges'] = source_ranges
+        if source_ranges is not None:
+            firewall_data['sourceRanges'] = source_ranges
         if source_tags is not None:
             firewall_data['sourceTags'] = source_tags
         if target_tags is not None:

Reply via email to