Merge pull request #5245 from nilo19/fix/cherry-pick-5225-1.27

fix: The case of load balancer name should be ignored when determing …

.github/workflows/trivy.yaml

@@ -51,32 +51,20 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: 'local/azure-cloud-controller-manager:${{ github.sha }}'
-          format: 'sarif'
-          output: 'trivy-ccm-results.sarif'
+          format: 'table'
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-ccm-results.sarif'
-          category: azure-cloud-controller-manager-image
       - name: Run Trivy scanner CNM
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: 'local/azure-cloud-node-manager:${{ github.sha }}-linux-amd64'
-          format: 'sarif'
-          output: 'trivy-cnm-linux-results.sarif'
+          format: 'table'
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-cnm-linux-results.sarif'
-          category: azure-cloud-node-manager-linux-image
 
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@master

go.mod

@@ -18,7 +18,7 @@ require (
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.4
-	golang.org/x/crypto v0.16.0
+	golang.org/x/crypto v0.17.0
 	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.15.0
 	golang.org/x/text v0.14.0

pkg/provider/azure_standard.go

@@ -277,10 +277,6 @@ func getIPConfigByIPFamily(nic network.Interface, IPv6 bool) (*network.Interface
 	return nil, fmt.Errorf("failed to determine the ipconfig(IPv6=%v). nicname=%q", IPv6, pointer.StringDeref(nic.Name, ""))
 }
 
-func isInternalLoadBalancer(lb *network.LoadBalancer) bool {
-	return strings.HasSuffix(*lb.Name, consts.InternalLoadBalancerNameSuffix)
-}
-
 // getBackendPoolName the LB BackendPool name for a service.
 // to ensure backward and forward compat:
 // SingleStack -v4 (pre v1.16) => BackendPool name == clusterName

pkg/provider/azure_utils.go

@@ -551,3 +551,7 @@ func getResourceGroupAndNameFromNICID(ipConfigurationID string) (string, string,
 	}
 	return nicResourceGroup, nicName, nil
 }
+
+func isInternalLoadBalancer(lb *network.LoadBalancer) bool {
+	return strings.HasSuffix(strings.ToLower(*lb.Name), consts.InternalLoadBalancerNameSuffix)
+}

pkg/provider/azure_utils_test.go

@@ -1061,3 +1061,41 @@ func TestFillSubnet(t *testing.T) {
 		})
 	}
 }
+
+func TestIsInternalLoadBalancer(t *testing.T) {
+	tests := []struct {
+		name     string
+		lb       network.LoadBalancer
+		expected bool
+	}{
+		{
+			name: "internal load balancer",
+			lb: network.LoadBalancer{
+				Name: pointer.String("test-internal"),
+			},
+			expected: true,
+		},
+		{
+			name: "internal load balancer",
+			lb: network.LoadBalancer{
+				Name: pointer.String("TEST-INTERNAL"),
+			},
+			expected: true,
+		},
+		{
+			name: "not internal load balancer",
+			lb: network.LoadBalancer{
+				Name: pointer.String("test"),
+			},
+			expected: false,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			lb := test.lb
+			result := isInternalLoadBalancer(&lb)
+			assert.Equal(t, test.expected, result)
+		})
+	}
+}

vendor/modules.txt

@@ -492,7 +492,7 @@ go.uber.org/zap/internal/color
 go.uber.org/zap/internal/exit
 go.uber.org/zap/zapcore
 go.uber.org/zap/zapgrpc
-# golang.org/x/crypto v0.16.0
+# golang.org/x/crypto v0.17.0
 ## explicit; go 1.18
 golang.org/x/crypto/cryptobyte
 golang.org/x/crypto/cryptobyte/asn1