From 45840ffc3fd8be633f4a8eed3e7ba4a1f568f0a1 Mon Sep 17 00:00:00 2001 From: Sumit Kalra <44450797+sumit-kalra@users.noreply.github.com> Date: Thu, 26 Sep 2019 15:35:55 -0700 Subject: [PATCH] Ensuring that specifying allowed inbound IP and VNet are mutually exclusive (#2) --- builder/azure/arm/config.go | 8 +++++-- builder/azure/arm/config_test.go | 28 ++++++++++++++++++++-- website/source/docs/builders/azure.html.md | 3 +++ 3 files changed, 35 insertions(+), 4 deletions(-) diff --git a/builder/azure/arm/config.go b/builder/azure/arm/config.go index aafd1bca4..9e7234e09 100644 --- a/builder/azure/arm/config.go +++ b/builder/azure/arm/config.go @@ -676,8 +676,12 @@ func assertRequiredParametersSet(c *Config, errs *packer.MultiError) { } if c.AllowedInboundIpAddresses != nil && len(c.AllowedInboundIpAddresses) >= 1 { - if ok, err := assertAllowedInboundIpAddresses(c.AllowedInboundIpAddresses, "allowed_inbound_ip_addresses"); !ok { - errs = packer.MultiErrorAppend(errs, err) + if c.VirtualNetworkName != "" { + errs = packer.MultiErrorAppend(errs, fmt.Errorf("If virtual_network_name is specified, allowed_inbound_ip_addresses cannot be specified")) + } else { + if ok, err := assertAllowedInboundIpAddresses(c.AllowedInboundIpAddresses, "allowed_inbound_ip_addresses"); !ok { + errs = packer.MultiErrorAppend(errs, err) + } } } diff --git a/builder/azure/arm/config_test.go b/builder/azure/arm/config_test.go index 9175c3d26..a3617dc19 100644 --- a/builder/azure/arm/config_test.go +++ b/builder/azure/arm/config_test.go @@ -308,7 +308,6 @@ func TestConfigShouldAcceptCorrectInboundIpAddresses(t *testing.T) { "subscription_id": "ignore", "os_type": constants.Target_Linux, "communicator": "none", - "virtual_network_name": "MyVirtualNetwork", } config["allowed_inbound_ip_addresses"] = ipValue0 @@ -355,7 +354,6 @@ func TestConfigShouldRejectIncorrectInboundIpAddresses(t *testing.T) { "subscription_id": "ignore", "os_type": constants.Target_Linux, "communicator": "none", - "virtual_network_name": "MyVirtualNetwork", } config["allowed_inbound_ip_addresses"] = []string{"127.0.0.1", "127.0.0.two"} @@ -372,6 +370,32 @@ func TestConfigShouldRejectIncorrectInboundIpAddresses(t *testing.T) { } } +func TestConfigShouldRejectInboundIpAddressesWithVirtualNetwork(t *testing.T) { + config := map[string]interface{}{ + "capture_name_prefix": "ignore", + "capture_container_name": "ignore", + "location": "ignore", + "image_url": "ignore", + "storage_account": "ignore", + "resource_group_name": "ignore", + "subscription_id": "ignore", + "os_type": constants.Target_Linux, + "communicator": "none", + "allowed_inbound_ip_addresses": "127.0.0.1", + } + + _, _, err := newConfig(config, getPackerConfiguration()) + if err != nil { + t.Fatal(err) + } + + config["virtual_network_name"] = "some_vnet_name" + _, _, err = newConfig(config, getPackerConfiguration()) + if err == nil { + t.Errorf("Expected configuration creation to fail, but it succeeded with allowed_inbound_ip_addresses and virtual_network_name both specified") + } +} + func TestConfigShouldDefaultToPublicCloud(t *testing.T) { c, _, _ := newConfig(getArmBuilderConfiguration(), getPackerConfiguration()) diff --git a/website/source/docs/builders/azure.html.md b/website/source/docs/builders/azure.html.md index 37c62eda1..6b6c09218 100644 --- a/website/source/docs/builders/azure.html.md +++ b/website/source/docs/builders/azure.html.md @@ -341,6 +341,9 @@ Providing `temp_resource_group_name` or `location` in combination with Network Security Group will be created with corresponding rules and be bound to the NIC attached to the VM. + Providing `allowed_inbound_ip_addresses` in combination with + `virtual_network_name` is not allowed. + - `virtual_network_subnet_name` (string) If virtual\_network\_name is set, this value **may** also be set. If virtual\_network\_name is set, and this value is not set the builder attempts to determine the subnet to use with