Skip to content

Commit 2896f02

Browse files
barbacbdbarbacbd
committed
CORS-4260: Remove xpn only checks for firewall permissions
1 parent 56c0afd commit 2896f02

File tree

2 files changed

+22
-24
lines changed

2 files changed

+22
-24
lines changed

pkg/infrastructure/gcp/clusterapi/clusterapi.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -261,15 +261,15 @@ func (p Provider) DestroyBootstrap(ctx context.Context, in clusterapi.BootstrapD
261261
projectID := in.Metadata.GCP.ProjectID
262262
if in.Metadata.GCP.NetworkProjectID != "" {
263263
projectID = in.Metadata.GCP.NetworkProjectID
264-
265-
createFwRules, err := icgcp.HasPermissions(ctx, projectID, []string{icgcp.DeleteGCPFirewallPermission}, in.Metadata.GCP.ServiceEndpoints)
266-
if err != nil {
267-
return fmt.Errorf("failed to remove bootstrap firewall rules: %w", err)
268-
}
269-
if !createFwRules {
270-
return nil
271-
}
272264
}
265+
createFwRules, err := icgcp.HasPermissions(ctx, projectID, []string{icgcp.DeleteGCPFirewallPermission}, in.Metadata.GCP.ServiceEndpoints)
266+
if err != nil {
267+
return fmt.Errorf("failed to remove bootstrap firewall rules: %w", err)
268+
}
269+
if !createFwRules {
270+
return nil
271+
}
272+
273273
if err := removeBootstrapFirewallRules(ctx, in.Metadata.InfraID, projectID, in.Metadata.GCP.ServiceEndpoints); err != nil {
274274
return fmt.Errorf("failed to remove bootstrap firewall rules: %w", err)
275275
}

pkg/infrastructure/gcp/clusterapi/firewallrules.go

Lines changed: 14 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -204,14 +204,13 @@ func createFirewallRules(ctx context.Context, in clusterapi.InfraReadyInput, net
204204
projectID := in.InstallConfig.Config.Platform.GCP.ProjectID
205205
if in.InstallConfig.Config.GCP.NetworkProjectID != "" {
206206
projectID = in.InstallConfig.Config.GCP.NetworkProjectID
207-
208-
createFwRules, err := gcpconfig.HasPermissions(ctx, projectID, []string{gcpconfig.CreateGCPFirewallPermission}, in.InstallConfig.Config.GCP.ServiceEndpoints)
209-
if err != nil {
210-
return fmt.Errorf("failed to create cluster firewall rules: %w", err)
211-
}
212-
if !createFwRules {
213-
return nil
214-
}
207+
}
208+
createFwRules, err := gcpconfig.HasPermissions(ctx, projectID, []string{gcpconfig.CreateGCPFirewallPermission}, in.InstallConfig.Config.GCP.ServiceEndpoints)
209+
if err != nil {
210+
return fmt.Errorf("failed to create cluster firewall rules: %w", err)
211+
}
212+
if !createFwRules {
213+
return nil
215214
}
216215

217216
svc, err := gcpconfig.GetComputeService(ctx, in.InstallConfig.Config.GCP.ServiceEndpoints)
@@ -292,14 +291,13 @@ func createBootstrapFirewallRules(ctx context.Context, in clusterapi.InfraReadyI
292291
projectID := in.InstallConfig.Config.Platform.GCP.ProjectID
293292
if in.InstallConfig.Config.Platform.GCP.NetworkProjectID != "" {
294293
projectID = in.InstallConfig.Config.Platform.GCP.NetworkProjectID
295-
296-
createFwRules, err := gcpconfig.HasPermissions(ctx, projectID, []string{gcpconfig.CreateGCPFirewallPermission}, in.InstallConfig.Config.GCP.ServiceEndpoints)
297-
if err != nil {
298-
return fmt.Errorf("failed to create bootstrap firewall rules: %w", err)
299-
}
300-
if !createFwRules {
301-
return nil
302-
}
294+
}
295+
createFwRules, err := gcpconfig.HasPermissions(ctx, projectID, []string{gcpconfig.CreateGCPFirewallPermission}, in.InstallConfig.Config.GCP.ServiceEndpoints)
296+
if err != nil {
297+
return fmt.Errorf("failed to create bootstrap firewall rules: %w", err)
298+
}
299+
if !createFwRules {
300+
return nil
303301
}
304302

305303
svc, err := gcpconfig.GetComputeService(ctx, in.InstallConfig.Config.GCP.ServiceEndpoints)

0 commit comments

Comments
 (0)