@@ -157,6 +157,18 @@ configuration parameters in order to have reports e-mailed to you:
control over the domain used by GCE_REPORT_EMAIL, you may need to
choose a different sender address.
+Other optional parameters include:
+
+* GCE_FIREWALL_RULES
+ * List of firewall rules to add to the GCP project if not already
+ present. By default a rule "allow-http" is created which makes
+ the gce-xfstests web interface accessible to anyone over the
+ Internet. It may be useful to override this if you want to
+ implement more restrictive firewall rules or disable access to the
+ web interface entirely. Note that existing firewall rules
+ associated with the GCP project will not be removed, and by
+ default there is a default-allow-ssh rule which allows SSH access.
+
An example ~/.config/gce-xfstests might look like this:
GS_BUCKET=tytso-xfstests
@@ -63,3 +63,7 @@ CONSOLE=" -serial mon:stdio"
# GCE_PROJECT=tytso-xfstests-project
# GCE_ZONE=us-central1-c
# GCE_KERNEL=/u1/ext4-64/arch/x86/boot/bzImage
+
+# List of firewall rules to create. By default the gce-xfstests web interface
+# is made available to everyone over the public Internet.
+GCE_FIREWALL_RULES=("allow-http --allow tcp:80 --target-tags http-server")
@@ -119,9 +119,14 @@ if test -n "$GCE_REPORT_EMAIL" ; then
fi
fi
-if test -z "$(gcloud compute firewall-rules list allow-http | sed -e 1d)"
-then
- gcloud compute --project "$GCE_PROJECT" firewall-rules create \
- allow-http --allow tcp:80 --target-tags http-server >& /dev/null &
-fi
+for rule in "${GCE_FIREWALL_RULES[@]}"; do
+ rule_name=$(echo $rule | cut -d' ' -f1)
+ if test -z "$(gcloud compute firewall-rules list $rule_name | sed -e 1d)"
+ then
+ echo "Creating $rule_name firewall rule..."
+ gcloud compute --project "$GCE_PROJECT" firewall-rules create $rule
+ fi
+done
+unset rule rule_name
+
exit 0