Add support for cloudflare source in loadbalaner firewall rules (#139)

* Add support for cloudflare source in loadbalaner firewall rules * Add firewall rules annotation to TestLoadbalancers_EnsureLoadBalancer unit test * Fix gofmt issue in loadbalancer_test.go
vultr · Dec 7, 2022 · 235119c · 235119c
1 parent c191e26
commit 235119c
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 7 deletions.
diff --git a/vultr/loadbalancer_test.go b/vultr/loadbalancer_test.go
@@ -92,10 +92,12 @@ func TestLoadbalancers_EnsureLoadBalancer(t *testing.T) {
 
 	svc := &v1.Service{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:        "lb-name",
-			Namespace:   v1.NamespaceDefault,
-			UID:         "lb-name",
-			Annotations: nil,
+			Name:      "lb-name",
+			Namespace: v1.NamespaceDefault,
+			UID:       "lb-name",
+			Annotations: map[string]string{
+				annoVultrFirewallRules: "cloudflare,80;10.0.0.0/8,80",
+			},
 		},
 		Spec: v1.ServiceSpec{
 			Ports: []v1.ServicePort{

diff --git a/vultr/loadbalancers.go b/vultr/loadbalancers.go
@@ -765,10 +765,13 @@ func buildFirewallRules(service *v1.Service) ([]govultr.LBFirewallRule, error) {
 		if len(rules) != 2 { //nolint
 			return nil, fmt.Errorf("loadbalancer fw rules : %s invalid configuration", rules)
 		}
+
 		source := rules[0]
-		_, _, err := net.ParseCIDR(source)
-		if err != nil {
-			return nil, fmt.Errorf("loadbalancer fw rules : source %s is invalid", source)
+		if source != "cloudflare" {
+			_, _, err := net.ParseCIDR(source)
+			if err != nil {
+				return nil, fmt.Errorf("loadbalancer fw rules : source %s is invalid", source)
+			}
 		}
 
 		port, err := strconv.Atoi(rules[1])