From 235119c3af457cbc254933218a82f4f686f7090a Mon Sep 17 00:00:00 2001
From: Reuben Mannell <reuben@reubit.com>
Date: Thu, 8 Dec 2022 00:36:37 +1100
Subject: [PATCH] Add support for cloudflare source in loadbalaner firewall
 rules (#139)

* Add support for cloudflare source in loadbalaner firewall rules

* Add firewall rules annotation to TestLoadbalancers_EnsureLoadBalancer unit test

* Fix gofmt issue in loadbalancer_test.go
---
 vultr/loadbalancer_test.go | 10 ++++++----
 vultr/loadbalancers.go     |  9 ++++++---
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/vultr/loadbalancer_test.go b/vultr/loadbalancer_test.go
index 3378c523..67915b70 100644
--- a/vultr/loadbalancer_test.go
+++ b/vultr/loadbalancer_test.go
@@ -92,10 +92,12 @@ func TestLoadbalancers_EnsureLoadBalancer(t *testing.T) {
 
 	svc := &v1.Service{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:        "lb-name",
-			Namespace:   v1.NamespaceDefault,
-			UID:         "lb-name",
-			Annotations: nil,
+			Name:      "lb-name",
+			Namespace: v1.NamespaceDefault,
+			UID:       "lb-name",
+			Annotations: map[string]string{
+				annoVultrFirewallRules: "cloudflare,80;10.0.0.0/8,80",
+			},
 		},
 		Spec: v1.ServiceSpec{
 			Ports: []v1.ServicePort{
diff --git a/vultr/loadbalancers.go b/vultr/loadbalancers.go
index a5152cf1..e840d753 100644
--- a/vultr/loadbalancers.go
+++ b/vultr/loadbalancers.go
@@ -765,10 +765,13 @@ func buildFirewallRules(service *v1.Service) ([]govultr.LBFirewallRule, error) {
 		if len(rules) != 2 { //nolint
 			return nil, fmt.Errorf("loadbalancer fw rules : %s invalid configuration", rules)
 		}
+
 		source := rules[0]
-		_, _, err := net.ParseCIDR(source)
-		if err != nil {
-			return nil, fmt.Errorf("loadbalancer fw rules : source %s is invalid", source)
+		if source != "cloudflare" {
+			_, _, err := net.ParseCIDR(source)
+			if err != nil {
+				return nil, fmt.Errorf("loadbalancer fw rules : source %s is invalid", source)
+			}
 		}
 
 		port, err := strconv.Atoi(rules[1])