From 2147b730540dd614ad8d8bc39c1d646d2bc693dd Mon Sep 17 00:00:00 2001
From: llDrLove <oliver.love.34@gmail.com>
Date: Wed, 2 Aug 2023 12:44:56 -0400
Subject: [PATCH] Deleting annotations does not remove the corresponding
 firewall rules (allow/deny) on the load balancer (#642)

---
 CHANGELOG.md                                      | 11 ++++++++---
 cloud-controller-manager/do/loadbalancers.go      | 10 ++--------
 cloud-controller-manager/do/loadbalancers_test.go |  7 +++++--
 3 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index de67f6c11..e11478f6f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,15 @@
 ## unreleased
+* Remove deny and allow load balancer firewall rules when annotations are removed (@olove) 
 
 ## v0.1.43 (beta) - May 25, 2023
+* Updates kubernetes dependencies: (@olove)
+  - k8s.io/api@v0.27.2
+  - k8s.io/apimachinery@v0.27.2
+  - k8s.io/client-go@v0.27.2
+  - k8s.io/cloud-provider@v0.27.2
+  - k8s.io/component-base@v0.27.2
 
-## v0.1.42 (beta) - January 10, 2023
-
-## v0.1.42 (beta) - January  9, 2023
+## v0.1.42 (beta) - January  10, 2023
 * Updates kubernetes dependencies: (@olove)
   - k8s.io/api@v0.26.0
   - k8s.io/apimachinery@v0.26.0
diff --git a/cloud-controller-manager/do/loadbalancers.go b/cloud-controller-manager/do/loadbalancers.go
index ce905652d..c33701eec 100644
--- a/cloud-controller-manager/do/loadbalancers.go
+++ b/cloud-controller-manager/do/loadbalancers.go
@@ -795,15 +795,9 @@ func buildForwardingRule(service *v1.Service, port *v1.ServicePort, protocol, ce
 }
 
 func buildFirewall(service *v1.Service) *godo.LBFirewall {
-	denyRules := getStrings(service, annDODenyRules)
-	allowRules := getStrings(service, annDOAllowRules)
-	if len(denyRules) == 0 && len(allowRules) == 0 {
-		return nil
-	}
-
 	return &godo.LBFirewall{
-		Deny:  denyRules,
-		Allow: allowRules,
+		Deny:  getStrings(service, annDODenyRules),
+		Allow: getStrings(service, annDOAllowRules),
 	}
 }
 
diff --git a/cloud-controller-manager/do/loadbalancers_test.go b/cloud-controller-manager/do/loadbalancers_test.go
index 038494770..2afca3baf 100644
--- a/cloud-controller-manager/do/loadbalancers_test.go
+++ b/cloud-controller-manager/do/loadbalancers_test.go
@@ -4203,6 +4203,9 @@ func Test_buildLoadBalancerRequest(t *testing.T) {
 				lbActiveTimeout:   2,
 				lbActiveCheckTick: 1,
 			}
+			if test.lbr != nil {
+				test.lbr.Firewall = &godo.LBFirewall{}
+			}
 
 			lbr, err := lb.buildLoadBalancerRequest(context.Background(), test.service, test.nodes)
 
@@ -5652,7 +5655,7 @@ func Test_buildFirewall(t *testing.T) {
 					Annotations: map[string]string{},
 				},
 			},
-			expectedFirewall: nil,
+			expectedFirewall: &godo.LBFirewall{},
 		},
 		{
 			name: "annotations empty",
@@ -5666,7 +5669,7 @@ func Test_buildFirewall(t *testing.T) {
 					},
 				},
 			},
-			expectedFirewall: nil,
+			expectedFirewall: &godo.LBFirewall{},
 		},
 		{
 			name: "annotations set",