Comment 11 for bug 1287658
Revision history for this message
| John A Meinel (jameinel) wrote Re: [Bug 1287658] Re: Fine grain secgroup rules | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Again, a *charm* should not know where it should be open to, because CIDR
is a sysadmin rule. A charm shouldn't know where it is deployed.
If we did want that sort of flexibility, that is where the charm would
advertise multiple endpoints, and then have the charm label the "open-port"
with which endpoint it would be associated with. And then the sysadmin
would "juju expose APP:ENDPOINT CIDR".
That should put the knowledge and abstractions correctly. It does require
changes to 'open-port' to allow the binding and to 'juju expose' to allow
specifying both a CIDR/space and an endpoint.
On Wed, Oct 17, 2018 at 4:56 PM Junien Fridrick <email address hidden>
wrote:
> What if a charm wants to open a port to all, but another port to only a
> specific CIDR ?
>
> --
> You received this bug notification because you are subscribed to juju.
> Matching subscriptions: juju bugs
> https:/
>
> Title:
> Fine grain secgroup rules
>
> To manage notifications about this bug go to:
> https:/
>