Merge pull request #5164 from lodrem/refactor-lb/consolidate-security…

…-rules Refine LoadBalancer service access control and consolidating security-rules
kubernetes-sigs · Jan 5, 2024 · 1d8032f · 1d8032f
2 parents 05b4c16 + 87a5835
commit 1d8032f
Show file tree

Hide file tree

Showing 30 changed files with 8,712 additions and 3,758 deletions.
diff --git a/pkg/provider/azure_loadbalancer.go b/pkg/provider/azure_loadbalancer.go
diff --git a/pkg/provider/azure_loadbalancer_accesscontrol_test.go b/pkg/provider/azure_loadbalancer_accesscontrol_test.go
diff --git a/pkg/provider/azure_loadbalancer_test.go b/pkg/provider/azure_loadbalancer_test.go
diff --git a/pkg/provider/azure_test.go b/pkg/provider/azure_test.go
diff --git a/pkg/provider/azure_utils.go b/pkg/provider/azure_utils.go
@@ -196,31 +196,6 @@ func getExtendedLocationTypeFromString(extendedLocationType string) network.Exte
 	return network.EdgeZone
 }
 
-func getServiceAdditionalPublicIPs(service *v1.Service) ([]string, error) {
-	if service == nil {
-		return nil, nil
-	}
-
-	result := []string{}
-	if val, ok := service.Annotations[consts.ServiceAnnotationAdditionalPublicIPs]; ok {
-		pips := strings.Split(strings.TrimSpace(val), ",")
-		for _, pip := range pips {
-			ip := strings.TrimSpace(pip)
-			if ip == "" {
-				continue // skip empty string
-			}
-
-			if net.ParseIP(ip) == nil {
-				return nil, fmt.Errorf("%s is not a valid IP address", ip)
-			}
-
-			result = append(result, ip)
-		}
-	}
-
-	return result, nil
-}
-
 func getNodePrivateIPAddress(node *v1.Node, isIPv6 bool) string {
 	for _, nodeAddress := range node.Status.Addresses {
 		if strings.EqualFold(string(nodeAddress.Type), string(v1.NodeInternalIP)) &&

diff --git a/pkg/provider/azure_utils_test.go b/pkg/provider/azure_utils_test.go
@@ -17,7 +17,6 @@ limitations under the License.
 package provider
 
 import (
-	"fmt"
 	"sync"
 	"testing"
 	"time"
@@ -190,78 +189,6 @@ func TestReconcileTags(t *testing.T) {
 	}
 }
 
-func TestGetServiceAdditionalPublicIPs(t *testing.T) {
-	for _, testCase := range []struct {
-		description   string
-		service       *v1.Service
-		expectedIPs   []string
-		expectedError error
-	}{
-		{
-			description: "nil service should return empty IP list",
-		},
-		{
-			description: "service without annotation should return empty IP list",
-			service: &v1.Service{
-				ObjectMeta: metav1.ObjectMeta{
-					Annotations: map[string]string{},
-				},
-			},
-			expectedIPs: []string{},
-		},
-		{
-			description: "service without annotation should return empty IP list",
-			service: &v1.Service{
-				ObjectMeta: metav1.ObjectMeta{
-					Annotations: map[string]string{
-						consts.ServiceAnnotationAdditionalPublicIPs: "",
-					},
-				},
-			},
-			expectedIPs: []string{},
-		},
-		{
-			description: "service with one IP in annotation should return expected IPs",
-			service: &v1.Service{
-				ObjectMeta: metav1.ObjectMeta{
-					Annotations: map[string]string{
-						consts.ServiceAnnotationAdditionalPublicIPs: "1.2.3.4 ",
-					},
-				},
-			},
-			expectedIPs: []string{"1.2.3.4"},
-		},
-		{
-			description: "service with multiple IPs in annotation should return expected IPs",
-			service: &v1.Service{
-				ObjectMeta: metav1.ObjectMeta{
-					Annotations: map[string]string{
-						consts.ServiceAnnotationAdditionalPublicIPs: "1.2.3.4, 2.3.4.5 ",
-					},
-				},
-			},
-			expectedIPs: []string{"1.2.3.4", "2.3.4.5"},
-		},
-		{
-			description: "service with wrong IP in annotation should report an error",
-			service: &v1.Service{
-				ObjectMeta: metav1.ObjectMeta{
-					Annotations: map[string]string{
-						consts.ServiceAnnotationAdditionalPublicIPs: "invalid",
-					},
-				},
-			},
-			expectedError: fmt.Errorf("invalid is not a valid IP address"),
-		},
-	} {
-		t.Run(testCase.description, func(t *testing.T) {
-			ips, err := getServiceAdditionalPublicIPs(testCase.service)
-			assert.Equal(t, testCase.expectedIPs, ips)
-			assert.Equal(t, testCase.expectedError, err)
-		})
-	}
-}
-
 func TestGetNodePrivateIPAddress(t *testing.T) {
 	testcases := []struct {
 		desc       string