Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--port option is missing from usage of the firewall {add,delete}-rule commands #733

Closed
jooola opened this issue Apr 18, 2024 · 2 comments
Closed

--port option is missing from usage of the firewall {add,delete}-rule commands #733

jooola opened this issue Apr 18, 2024 · 2 comments
Labels
bug

Comments

@jooola
Copy link
Member

jooola commented Apr 18, 2024
edited
Loading

TL;DR

The --port flag is missing from the hcloud firewall add-rule and hcloud firewall delete-rule commands.

I don't know if this is expected, are only required flags part of the usage?

Expected behavior

That the --port flag is also part of the command usage.

Observed behavior

$ hcloud firewall add-rule --help
Add a single rule to a firewall

Usage:
  hcloud firewall add-rule [options] (--direction in --source-ips <ips> | --direction out --destination-ips <ips>) --protocol <icmp|udp|tcp|esp|gre> <firewall>

Flags:
      --description string            Description of the firewall rule
      --destination-ips stringArray   Destination IPs (CIDR Notation) (required when direction is out)
      --direction string              Direction (in, out) (required)
  -h, --help                          help for add-rule
      --port string                   Port to which traffic will be allowed, only applicable for protocols TCP and UDP, you can specify port ranges, sample: 80-85
      --protocol string               Protocol (icmp, esp, gre, udp or tcp) (required)
      --source-ips stringArray        Source IPs (CIDR Notation) (required when direction is in)

Minimal working example

$ hcloud firewall add-rule --help
$ hcloud firewall delete-rule --help

Log output

No response

Additional information

No response
@jooola jooola added the bug label Apr 18, 2024
@jooola jooola changed the title --port option is missing from usage of the firewall {add,delete}-rule commands --port option is missing from usage of the firewall {add,delete}-rule commands Apr 18, 2024
@apricote
Copy link
Member

I think this was missed because --port is not a globally required flag, only when using --protocol <tcp|udp> it becomes required.

While testing this, I also found that we do not print the invalid_input details. Which would help users in case our local validation is missing something:

--- Response:
{
  "error": {
    "message": "invalid input in field 'rules'",
    "code": "invalid_input",
    "details": {
      "fields": [
        {
          "name": "rules.port",
          "messages": [
            "tcp and udp protocols requires the port parameter to be specified"
          ]
        }
      ]
    }
  }
}

--- CLI Output:
hcloud: invalid input in field 'rules' (invalid_input)

This was referenced Apr 19, 2024
Merged
Merged
phm07 added a commit that referenced this issue Apr 19, 2024
@phm07
fix(firewall): missing error when not setting port for tcp rule (#734)
c5ad470 
Switch cases don't fall through by default in Go, which lead to there
being no user-friendly error emitted when the user attempts to create a
TCP rule without specifying a port.

Related to #733
phm07 added a commit that referenced this issue Apr 19, 2024
@phm07
docs(firewall): port flag in add/delete-rule usage string (#735)
6fb4886 
See #733
@apricote
Copy link
Member

Fixed by #734 and #735.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@apricote @jooola