in gke-windows-builder/builder/builder/network.go [89:105]
func CheckProjectFirewalls(ctx context.Context, netConfig *InstanceNetworkConfig) error {
var err error
var gceService *compute.Service
if gceService, err = newGCEService(ctx); err != nil {
return fmt.Errorf("Failed to start GCE service for setup: %+v", err)
}
networkUrl := ProjectNetworkUrl(netConfig)
project := *netConfig.NetworkProject
log.Printf("Checking WinRM firewall rule is present for project %s, network %s", project, networkUrl)
if !winRMIngressIsAllowed(gceService, project, networkUrl) {
return fmt.Errorf("Project %s does not have a firewall rule to allow WinRM ingress. Please run:\n gcloud compute firewall-rules create --project=%s allow-winrm-ingress --allow=tcp:5986 --direction=INGRESS --network=%s", project, project, networkUrl)
}
return nil
}