fix(lb): ACL with /32 subnets were not matching properly (#162)

scaleway · Feb 6, 2024 · 43358c4 · 43358c4
1 parent cea0d51
commit 43358c4
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/scaleway/loadbalancers.go b/scaleway/loadbalancers.go
@@ -2243,7 +2243,7 @@ func makeACLSpecs(service *v1.Service, nodes []*v1.Node, frontend *scwlb.Fronten
 	aclPrefix := makeACLPrefix(frontend)
 	whitelist := extractNodesInternalIps(nodes)
 	whitelist = append(whitelist, extractNodesExternalIps(nodes)...)
-	whitelist = append(whitelist, service.Spec.LoadBalancerSourceRanges...)
+	whitelist = append(whitelist, strip32SubnetMasks(service.Spec.LoadBalancerSourceRanges)...)
 
 	slices.Sort(whitelist)
 
@@ -2277,6 +2277,14 @@ func makeACLSpecs(service *v1.Service, nodes []*v1.Node, frontend *scwlb.Fronten
 	return acls
 }
 
+func strip32SubnetMasks(subnets []string) []string {
+	stripped := make([]string, len(subnets))
+	for idx, subnet := range subnets {
+		stripped[idx] = strings.TrimSuffix(subnet, "/32")
+	}
+	return stripped
+}
+
 func ptrInt32ToString(i *int32) string {
 	if i == nil {
 		return "<nil>"