Make isELBV2TargetInELBVPC more efficient

Don't need to check vpc.CidrBlock as it is part of vpc.CidrBlockAssociationSet. isIPinCIDR is now also a bit more robust in checking if an IP is part of a CIDR.

Signed-off-by: Stephen Hoekstra <[email protected]>

Author: shoekstra

pkg/targetgroupbinding/resource_manager.go

@@ -490,24 +490,27 @@ func isELBV2TargetGroupNotFoundError(err error) bool {
 }
 
 func isELBV2TargetInELBVPC(podIP string, vpc *ec2sdk.Vpc) bool {
-	// Check if the pod IP is in the primary VPC CIDR.
-	if isIPinCIDR(podIP, *vpc.CidrBlock) {
-		return true
-	}
-
-	// Check if the pod IP is from a secondary CIDR block.
+	// Check if the pod IP is found in a VPC CIDR block.
 	for _, v := range vpc.CidrBlockAssociationSet {
-		if isIPinCIDR(podIP, *v.CidrBlock) {
+		if isIPinCIDR(podIP, awssdk.StringValue(v.CidrBlock)) {
 			return true
 		}
 	}
 
-	// Cannot find pod IP in a VPC CIDR.
+	// Cannot find pod IP in a VPC CIDR block.
 	return false
 }
 
 func isIPinCIDR(ipAddr, cidrBlock string) bool {
-	_, cidr, _ := net.ParseCIDR(cidrBlock)
+	_, cidr, err := net.ParseCIDR(cidrBlock)
+	if err != nil {
+		return false
+	}
+
 	ip := net.ParseIP(ipAddr)
+	if ip == nil {
+		return false
+	}
+
 	return cidr.Contains(ip)
 }