Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't expose ports to the outside and fix a race condition #1850

Merged
merged 6 commits into from
Mar 23, 2019
Merged

Don't expose ports to the outside and fix a race condition #1850

merged 6 commits into from
Mar 23, 2019

Conversation

dgageot
Copy link
Contributor

@dgageot dgageot commented Mar 21, 2019

Ports used for eventing shouldn't be exposed to the outside world. Also this removed an alert on OSX each time a port needs to be opened on the firewall.

I also took the opportunity to fix a race condition where a port could be said available when it is not.

@codecov-io
Copy link

Codecov Report

Merging #1850 into master will increase coverage by 0.2%.
The diff coverage is 83.33%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master    #1850     +/-   ##
=========================================
+ Coverage   49.18%   49.38%   +0.2%     
=========================================
  Files         166      166             
  Lines        7287     7285      -2     
=========================================
+ Hits         3584     3598     +14     
+ Misses       3357     3340     -17     
- Partials      346      347      +1
Impacted Files Coverage Δ
pkg/skaffold/event/server.go 35.48% <100%> (ø) ⬆️
pkg/skaffold/util/port.go 85.18% <77.77%> (+54.15%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e8ba045...8e3d233. Read the comment docs.

nkubala
nkubala approved these changes Mar 21, 2019
View reviewed changes
Copy link
Contributor

@nkubala nkubala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice find.

briandealwis
briandealwis reviewed Mar 21, 2019
View reviewed changes
pkg/skaffold/util/port.go
@@ -32,7 +32,6 @@ import (
// See https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt,
func GetAvailablePort(port int, forwardedPorts *sync.Map) int {
if isPortAvailable(port, forwardedPorts) {
forwardedPorts.Store(port, true)
Copy link
Member

@briandealwis briandealwis Mar 21, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These stores are necessary as there are race conditions: port-forwarding gets an available port but doesn't use it immediately I missed that you moved this into isPortAvailable()

briandealwis
briandealwis reviewed Mar 21, 2019
View reviewed changes
pkg/skaffold/util/port.go
return p
}

func isPortAvailable(p int, forwardedPorts *sync.Map) bool {
if _, ok := forwardedPorts.Load(p); ok {
alreadyUsed, loaded := forwardedPorts.LoadOrStore(p, true)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems odd for an is* method to mutate state

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe rename the method to something like getPortIfAvailable()?

tejal29
tejal29 suggested changes Mar 21, 2019
View reviewed changes
pkg/skaffold/event/server.go Outdated
if err != nil {
return func() error { return nil }, err
}

l, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
l, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe move "127.0.0.1" to a constant.

@dgageot
Copy link
Contributor Author

dgageot commented Mar 22, 2019

@tejal29 @briandealwis should be all good now

briandealwis
briandealwis reviewed Mar 22, 2019
View reviewed changes
Copy link
Member

@briandealwis briandealwis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM: The tests could do more to check conditions like single-threaded map check, and with an actual open port, but it's better than what's there.

@dgageot dgageot requested a review from tejal29 March 22, 2019 17:42
@dgageot dgageot merged commit 6fd620f into GoogleContainerTools:master Mar 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@briandealwis briandealwis briandealwis left review comments

@balopat balopat balopat approved these changes

@nkubala nkubala nkubala approved these changes

@priyawadhwa priyawadhwa Awaiting requested review from priyawadhwa

@r2d4 r2d4 Awaiting requested review from r2d4

@tejal29 tejal29 Awaiting requested review from tejal29

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@dgageot @codecov-io @briandealwis @balopat @tejal29 @nkubala @googlebot