Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cluster: fix bug when using custom SSH permissions
The cluster_group property applies all user-specified permissions when creating or fetching the cluster's security group. If the user customizes the SSH permissions StarCluster removes the public CIDR_IP permission in order to accomodate stricter CIDR_IP settings (e.g. limiting access to a single IP). This is needed because in general all CIDR_IPs for a given security group rule are allowed access which means if 0.0.0.0/0 is in the list then *all* users have access regardless of other CIDR_IPs. The previous logic would remove 0.0.0.0/0 from the CIDR_IP list if *any* ssh rule was specified by the user. This is fine except when users dont specify a custom CIDR_IP - in this case the code ends up removing the SSH rule completely given that only a single CIDR_IP (0.0.0.0/0) exists and it's blindly removed. Updated this logic to remove the public CIDR_IP (0.0.0.0/0) from the SSH rule *only* if the custom SSH permission explicitly specifies a CIDR_IP other than the public CIDR_IP. This avoids ever removing the SSH rule entirely and prevents locking users out of their cluster(s). closes gh-91
- Loading branch information