From ac2d5fe8abc5de1dd2026bd36deb4bfb80e34aff Mon Sep 17 00:00:00 2001 From: cjschaef Date: Tue, 6 Feb 2024 10:24:04 -0600 Subject: [PATCH] OCPBUGS-28870: IBMCloud: Restrict CIS and DNS Service lookup Restrict when the CIS and DNS Service instances are looked up in IBM Cloud, based on the PublishingStrategy, CIS for External, DNS Services for Internal. Preventing a baseDomain in each service resulting in both instances being found for metadata generation. Related: https://issues.redhat.com/browse/OCPBUGS-28870 --- pkg/asset/installconfig/ibmcloud/metadata.go | 10 +++++++--- pkg/asset/installconfig/ibmcloud/metadata_test.go | 7 +++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/pkg/asset/installconfig/ibmcloud/metadata.go b/pkg/asset/installconfig/ibmcloud/metadata.go index 4c814ab63e..08e79a27c3 100644 --- a/pkg/asset/installconfig/ibmcloud/metadata.go +++ b/pkg/asset/installconfig/ibmcloud/metadata.go @@ -27,6 +27,7 @@ type Metadata struct { computeSubnets map[string]Subnet controlPlaneSubnets map[string]Subnet dnsInstance *DNSInstance + publishStrategy types.PublishingStrategy serviceEndpoints []configv1.IBMCloudServiceEndpoint mutex sync.Mutex @@ -46,6 +47,7 @@ func NewMetadata(config *types.InstallConfig) *Metadata { BaseDomain: config.BaseDomain, ComputeSubnetNames: config.Platform.IBMCloud.ComputeSubnets, ControlPlaneSubnetNames: config.Platform.IBMCloud.ControlPlaneSubnets, + publishStrategy: config.Publish, Region: config.Platform.IBMCloud.Region, serviceEndpoints: config.Platform.IBMCloud.ServiceEndpoints, } @@ -79,7 +81,8 @@ func (m *Metadata) CISInstanceCRN(ctx context.Context) (string, error) { m.mutex.Lock() defer m.mutex.Unlock() - if m.cisInstanceCRN == "" { + // Only attempt to find the CIS instance if using ExternalPublishingStrategy and we have not collected it already + if m.publishStrategy == types.ExternalPublishingStrategy && m.cisInstanceCRN == "" { client, err := m.Client() if err != nil { return "", err @@ -111,8 +114,9 @@ func (m *Metadata) DNSInstance(ctx context.Context) (*DNSInstance, error) { m.mutex.Lock() defer m.mutex.Unlock() - // Prevent multiple attempts to retrieve (set) the dnsInstance if it hasn't been set (multiple threads reach mutex concurrently) - if m.dnsInstance == nil { + // Only attempt to find the DNS Services instance if using InternalPublishingStrategy and also + // prevent multiple attempts to retrieve (set) the dnsInstance if it hasn't been set (multiple threads reach mutex concurrently) + if m.publishStrategy == types.InternalPublishingStrategy && m.dnsInstance == nil { client, err := m.Client() if err != nil { return nil, err diff --git a/pkg/asset/installconfig/ibmcloud/metadata_test.go b/pkg/asset/installconfig/ibmcloud/metadata_test.go index e87bd26350..c8b58d8ada 100644 --- a/pkg/asset/installconfig/ibmcloud/metadata_test.go +++ b/pkg/asset/installconfig/ibmcloud/metadata_test.go @@ -178,9 +178,14 @@ func baseMetadata() *Metadata { Region: region, }, }, + Publish: types.ExternalPublishingStrategy, }) } +func setInternalPublishingStrategy(m *Metadata) { + m.publishStrategy = types.InternalPublishingStrategy +} + func TestAccountID(t *testing.T) { testCases := []struct { name string @@ -406,6 +411,7 @@ func TestDNSInstance(t *testing.T) { for _, tCase := range testCases { t.Run(tCase.name, func(t *testing.T) { metadata := baseMetadata() + setInternalPublishingStrategy(metadata) metadata.client = ibmcloudClient for _, edit := range tCase.edits { edit(metadata) @@ -438,6 +444,7 @@ func TestSetDNSInstance(t *testing.T) { for _, tCase := range testCases { t.Run(tCase.name, func(t *testing.T) { metadata := baseMetadata() + setInternalPublishingStrategy(metadata) metadata.dnsInstance = &DNSInstance{ ID: tCase.dnsID,