func validatePortRange(protocol string, fromPort, toPort int) (network.PortRange, error) {
// Validate the given range.
newRange := network.PortRange{
Protocol: strings.ToLower(protocol),
FromPort: fromPort,
ToPort: toPort,
}
if err := newRange.Validate(); err != nil {
return network.PortRange{}, err
}
return newRange, nil
}
// Ports is specified in the Instance interface.
func (inst *azureInstance) Ports(machineId string) (ports []jujunetwork.PortRange, err error) {
inst.env.mu.Lock()
nsgClient := network.SecurityGroupsClient{inst.env.network}
inst.env.mu.Unlock()
securityGroupName := internalSecurityGroupName
nsg, err := nsgClient.Get(inst.env.resourceGroup, securityGroupName)
if err != nil {
return nil, errors.Annotate(err, "querying network security group")
}
if nsg.Properties.SecurityRules == nil {
return nil, nil
}
vmName := resourceName(names.NewMachineTag(machineId))
prefix := instanceNetworkSecurityRulePrefix(instance.Id(vmName))
for _, rule := range *nsg.Properties.SecurityRules {
if rule.Properties.Direction != network.Inbound {
continue
}
if rule.Properties.Access != network.Allow {
continue
}
if to.Int(rule.Properties.Priority) <= securityRuleInternalMax {
continue
}
if !strings.HasPrefix(to.String(rule.Name), prefix) {
continue
}
var portRange jujunetwork.PortRange
if *rule.Properties.DestinationPortRange == "*" {
portRange.FromPort = 0
portRange.ToPort = 65535
} else {
portRange, err = jujunetwork.ParsePortRange(
*rule.Properties.DestinationPortRange,
)
if err != nil {
return nil, errors.Annotatef(
err, "parsing port range for security rule %q",
to.String(rule.Name),
)
}
}
var protocols []string
switch rule.Properties.Protocol {
case network.SecurityRuleProtocolTCP:
protocols = []string{"tcp"}
case network.SecurityRuleProtocolUDP:
protocols = []string{"udp"}
default:
protocols = []string{"tcp", "udp"}
}
for _, protocol := range protocols {
portRange.Protocol = protocol
ports = append(ports, portRange)
}
}
return ports, nil
}
