Don't expose ports to the outside and fix a race condition by dgageot · Pull Request #1850 · GoogleContainerTools/skaffold

dgageot · 2019-03-21T08:56:08Z

Ports used for eventing shouldn't be exposed to the outside world. Also this removed an alert on OSX each time a port needs to be opened on the firewall.

I also took the opportunity to fix a race condition where a port could be said available when it is not.

codecov-io · 2019-03-21T09:31:44Z

Codecov Report

Merging #1850 into master will increase coverage by 0.2%.
The diff coverage is 83.33%.

@@            Coverage Diff            @@
##           master    #1850     +/-   ##
=========================================
+ Coverage   49.18%   49.38%   +0.2%     
=========================================
  Files         166      166             
  Lines        7287     7285      -2     
=========================================
+ Hits         3584     3598     +14     
+ Misses       3357     3340     -17     
- Partials      346      347      +1

Impacted Files	Coverage Δ
pkg/skaffold/event/server.go	`35.48% <100%> (ø)`	⬆️
pkg/skaffold/util/port.go	`85.18% <77.77%> (+54.15%)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e8ba045...8e3d233. Read the comment docs.

nkubala

nice find.

briandealwis · 2019-03-21T17:26:12Z

pkg/skaffold/util/port.go

 // See https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt,
 func GetAvailablePort(port int, forwardedPorts *sync.Map) int {
 	if isPortAvailable(port, forwardedPorts) {
-		forwardedPorts.Store(port, true)


~~These stores are necessary as there are race conditions: port-forwarding gets an available port but doesn't use it immediately~~ I missed that you moved this into isPortAvailable()

briandealwis · 2019-03-21T17:27:48Z

pkg/skaffold/util/port.go


 func isPortAvailable(p int, forwardedPorts *sync.Map) bool {
-	if _, ok := forwardedPorts.Load(p); ok {
+	alreadyUsed, loaded := forwardedPorts.LoadOrStore(p, true)


It seems odd for an is* method to mutate state

Maybe rename the method to something like getPortIfAvailable()?

tejal29 · 2019-03-21T17:55:56Z

pkg/skaffold/event/server.go

 	}

-	l, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
+	l, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port))


maybe move "127.0.0.1" to a constant.

Signed-off-by: David Gageot <david@gageot.net>

dgageot · 2019-03-22T09:44:33Z

@tejal29 @briandealwis should be all good now

briandealwis

LGTM: The tests could do more to check conditions like single-threaded map check, and with an actual open port, but it's better than what's there.

dgageot requested review from balopat, nkubala, priyawadhwa and r2d4 as code owners March 21, 2019 08:56

googlebot added the cla: yes label Mar 21, 2019

nkubala approved these changes Mar 21, 2019

View reviewed changes

briandealwis reviewed Mar 21, 2019

View reviewed changes

tejal29 suggested changes Mar 21, 2019

View reviewed changes

dgageot added 6 commits March 22, 2019 10:36

Don’t expose the events to the outside world

a051126

Signed-off-by: David Gageot <david@gageot.net>

Rearrange code to show a race condition

0b09870

Signed-off-by: David Gageot <david@gageot.net>

Add a unit test

5485511

Signed-off-by: David Gageot <david@gageot.net>

Show the race condition

d5eaa7e

Signed-off-by: David Gageot <david@gageot.net>

Fix the race condition

0e36e4d

Signed-off-by: David Gageot <david@gageot.net>

Introduce a constant for 127.0.0.1

6cd6fe7

Signed-off-by: David Gageot <david@gageot.net>

dgageot force-pushed the available-ports branch from 8e3d233 to 6cd6fe7 Compare March 22, 2019 09:44

briandealwis reviewed Mar 22, 2019

View reviewed changes

balopat approved these changes Mar 22, 2019

View reviewed changes

dgageot requested a review from tejal29 March 22, 2019 17:42

dgageot merged commit 6fd620f into GoogleContainerTools:master Mar 23, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Don't expose ports to the outside and fix a race condition#1850

Don't expose ports to the outside and fix a race condition#1850
dgageot merged 6 commits intoGoogleContainerTools:masterfrom
dgageot:available-ports

dgageot commented Mar 21, 2019

Uh oh!

codecov-io commented Mar 21, 2019

Uh oh!

nkubala left a comment

Uh oh!

briandealwis Mar 21, 2019 •

edited

Loading

Uh oh!

briandealwis Mar 21, 2019

Uh oh!

briandealwis Mar 21, 2019

Uh oh!

tejal29 Mar 21, 2019

Uh oh!

dgageot commented Mar 22, 2019

Uh oh!

briandealwis left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

Conversation

dgageot commented Mar 21, 2019

Uh oh!

codecov-io commented Mar 21, 2019

Codecov Report

Uh oh!

nkubala left a comment

Choose a reason for hiding this comment

Uh oh!

briandealwis Mar 21, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

briandealwis Mar 21, 2019

Choose a reason for hiding this comment

Uh oh!

briandealwis Mar 21, 2019

Choose a reason for hiding this comment

Uh oh!

tejal29 Mar 21, 2019

Choose a reason for hiding this comment

Uh oh!

dgageot commented Mar 22, 2019

Uh oh!

briandealwis left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

briandealwis Mar 21, 2019 •

edited

Loading