compute:createFirewall: add protocol options

stephenplusplus · stephenplusplus · commit 1dc33768215f · 2016-06-06T14:27:28.000-04:00
diff --git a/lib/compute/index.js b/lib/compute/index.js
@@ -155,6 +155,8 @@ nodeutil.inherits(Compute, Service);
  * @param {object} config.protocols - A map of protocol to port range. The keys
  *     of the object refer to a protocol (e.g. `tcp`, `udp`) and the value for
  *     the key are the ports/port-ranges that are allowed to make a connection.
+ *     If a `true` value, that means all ports on that protocol will be opened.
+ *     If `false`, all traffic on that protocol will be blocked.
  * @param {string[]} config.ranges - The IP address blocks that this rule
  *     applies to, expressed in
  *     [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
@@ -210,11 +212,15 @@ Compute.prototype.createFirewall = function(name, config, callback) {
         IPProtocol: protocol
       };
 
-      var ports = arrify(body.protocols[protocol]);
-      if (ports.length > 0) {
-        allowedConfig.ports = ports;
+      var ports = body.protocols[protocol];
+
+      if (ports === false || ports.length === 0) {
+        continue;
       }
 
+      // If the port is `true`, open up all ports on this protocol.
+      allowedConfig.ports = ports === true ? [] : arrify(ports);
+
       body.allowed.push(allowedConfig);
     }
 
diff --git a/system-test/compute.js b/system-test/compute.js
@@ -235,7 +235,8 @@ describe('Compute', function() {
     var CONFIG = {
       protocols: {
         tcp: [3000],
-        udp: []
+        icmp: true, // This should open all ports on this protocol
+        udp: [] // This should not open ports on this protocol at all
       },
 
       ranges: ['0.0.0.0/0']
@@ -248,7 +249,7 @@ describe('Compute', function() {
           ports: ['3000']
         },
         {
-          IPProtocol: 'udp'
+          IPProtocol: 'icmp'
         }
       ],
 
diff --git a/test/compute/index.js b/test/compute/index.js
@@ -211,7 +211,9 @@ describe('Compute', function() {
           protocols: {
             https: [8080, 9000],
             ssh: 22,
-            ftp: []
+            ftp: [],
+            ah: false,
+            icmp: true
           }
         };
 
@@ -220,7 +222,7 @@ describe('Compute', function() {
             { IPProtocol: 'http', ports: [8000] },
             { IPProtocol: 'https', ports: [8080, 9000] },
             { IPProtocol: 'ssh', ports: [22] },
-            { IPProtocol: 'ftp' }
+            { IPProtocol: 'icmp', ports: [] }
           ]);
           assert.strictEqual(reqOpts.json.protocols, undefined);
           done();
