Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure protocol is TCP is HTTP rule is given #1048

Merged

Conversation

Projects
None yet
2 participants
@jpalardy
Copy link
Contributor

commented Mar 5, 2019

Description

This PR adds a check to make sure that combination of rules make sense together. Specifically, if an HTTP-level rule is given, the protocol has to be TCP.

Todos

  • Tests
  • Documentation
  • Release note

Release Note

Validate that protocol is set correctly if an HTTPMatch is specified in a NetworkPolicy
@@ -72,6 +72,7 @@ var (
overlapsV6LinkLocal = "IP pool range overlaps with IPv6 Link Local range fe80::/10"
protocolPortsMsg = "rules that specify ports must set protocol to TCP or UDP"
protocolIcmpMsg = "rules that specify ICMP fields must set protocol to ICMP"
protocolAndHTTPMsg = "rules that specify HTTP fields must set protocol to TCP"

This comment has been minimized.

Copy link
@jpalardy

jpalardy Mar 5, 2019

Author Contributor

the wording might need some work…

This comment has been minimized.

Copy link
@caseydavenport

caseydavenport Mar 6, 2019

Member

I think this looks alright to me - it matches the format of the other strings.

Maybe "can only set protocol to TCP" since "must" is a little bit strong?

or

"rules that specify HTTP fields must set protocol to TCP or empty" or something like that?

This comment has been minimized.

Copy link
@jpalardy

jpalardy Mar 6, 2019

Author Contributor

good good… I like the 2nd one better, I think.

This comment has been minimized.

Copy link
@jpalardy

jpalardy Mar 6, 2019

Author Contributor

Updated.

@caseydavenport caseydavenport added this to the Calico v3.7.0 milestone Mar 6, 2019

@caseydavenport caseydavenport merged commit 6c538fb into projectcalico:master Mar 7, 2019

2 checks passed

license/cla Contributor License Agreement is signed.
Details
semaphoreci The build passed on Semaphore.
Details

@jpalardy jpalardy deleted the jpalardy:restrict-protocol-on-httpmatch branch Mar 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.