From 746ef65cb90f053435ae34a98a575a4075dcf00e Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Wed, 26 Feb 2025 16:02:03 +0100
Subject: [PATCH] Make nft rules dynamic in connector class, SC-2670

---
 global/overlay/etc/puppet/modules/eid/manifests/connector.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/eid/manifests/connector.pp b/global/overlay/etc/puppet/modules/eid/manifests/connector.pp
index 2a9229ff..080198dd 100644
--- a/global/overlay/etc/puppet/modules/eid/manifests/connector.pp
+++ b/global/overlay/etc/puppet/modules/eid/manifests/connector.pp
@@ -22,8 +22,9 @@ class eid::connector (
   if $version {
 
     # Allow HTTPS from load balancer servers
+    $lb_ips = hiera_array("lb_${environment}_servers",[])
     sunet::nftables::allow { 'allow-https-from-lbs':
-      from => ['94.176.224.38', '94.176.224.166',],
+      from => $lb_ips,
       port => 443,
     }