Skip to content

Commit

Permalink
fix firewall label length being too long with large svc names
Browse files Browse the repository at this point in the history
  • Loading branch information
julsemaan committed Feb 8, 2024
1 parent 63b9937 commit 12bd3a5
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion cloud/linode/loadbalancers.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ import (
"github.com/linode/linodego"
)

const (
maxFirewallRuleLabelLen = 32
)

var (
errNoNodesAvailable = errors.New("No nodes available for nodebalancer")
errInvalidFWConfig = errors.New("Specify either an allowList or a denyList for a firewall")
Expand Down Expand Up @@ -757,14 +761,22 @@ func (l *loadbalancers) getLoadBalancerTags(_ context.Context, clusterName strin
if ok {
return append(tags, strings.Split(tagStr, ",")...)
}

return tags
}

// processACL takes the IPs, aclType, label etc and formats them into the passed linodego.FirewallCreateOptions pointer.
func processACL(fwcreateOpts *linodego.FirewallCreateOptions, aclType, label, svcName, ports string, ips linodego.NetworkAddresses) {
ruleLabel := fmt.Sprintf("%s-%s", aclType, svcName)
if len(ruleLabel) > maxFirewallRuleLabelLen {
newLabel := ruleLabel[0:maxFirewallRuleLabelLen]
klog.Infof("Firewall label '%s' is too long. Stripping to '%s'", ruleLabel, newLabel)
ruleLabel = newLabel
}

fwcreateOpts.Rules.Inbound = append(fwcreateOpts.Rules.Inbound, linodego.FirewallRule{
Action: aclType,
Label: fmt.Sprintf("%s-%s", aclType, svcName),
Label: ruleLabel,
Description: fmt.Sprintf("Created by linode-ccm: %s, for %s", label, svcName),
Protocol: linodego.TCP, // Nodebalancers support only TCP.
Ports: ports,
Expand Down

0 comments on commit 12bd3a5

Please sign in to comment.