OCPBUGS-28870: IBMCloud: Restrict CIS and DNS Service lookup

Restrict when the CIS and DNS Service instances are looked up in IBM Cloud, based on the PublishingStrategy, CIS for External, DNS Services for Internal. Preventing a baseDomain in each service resulting in both instances being found for metadata generation. Related: https://issues.redhat.com/browse/OCPBUGS-28870
openshift · Mar 21, 2024 · e288086 · e288086
1 parent 2bec4c1
commit e288086
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/pkg/asset/installconfig/ibmcloud/metadata.go b/pkg/asset/installconfig/ibmcloud/metadata.go
@@ -27,6 +27,7 @@ type Metadata struct {
 	computeSubnets      map[string]Subnet
 	controlPlaneSubnets map[string]Subnet
 	dnsInstance         *DNSInstance
+	publishStrategy     types.PublishingStrategy
 	serviceEndpoints    []configv1.IBMCloudServiceEndpoint
 
 	mutex       sync.Mutex
@@ -46,6 +47,7 @@ func NewMetadata(config *types.InstallConfig) *Metadata {
 		BaseDomain:              config.BaseDomain,
 		ComputeSubnetNames:      config.Platform.IBMCloud.ComputeSubnets,
 		ControlPlaneSubnetNames: config.Platform.IBMCloud.ControlPlaneSubnets,
+		publishStrategy:         config.Publish,
 		Region:                  config.Platform.IBMCloud.Region,
 		serviceEndpoints:        config.Platform.IBMCloud.ServiceEndpoints,
 	}
@@ -79,7 +81,8 @@ func (m *Metadata) CISInstanceCRN(ctx context.Context) (string, error) {
 	m.mutex.Lock()
 	defer m.mutex.Unlock()
 
-	if m.cisInstanceCRN == "" {
+	// Only attempt to find the CIS instance if using ExternalPublishingStrategy and we have not collected it already
+	if m.publishStrategy == types.ExternalPublishingStrategy && m.cisInstanceCRN == "" {
 		client, err := m.Client()
 		if err != nil {
 			return "", err
@@ -111,8 +114,9 @@ func (m *Metadata) DNSInstance(ctx context.Context) (*DNSInstance, error) {
 	m.mutex.Lock()
 	defer m.mutex.Unlock()
 
-	// Prevent multiple attempts to retrieve (set) the dnsInstance if it hasn't been set (multiple threads reach mutex concurrently)
-	if m.dnsInstance == nil {
+	// Only attempt to find the DNS Services instance if using InternalPublishingStrategy and also
+	// prevent multiple attempts to retrieve (set) the dnsInstance if it hasn't been set (multiple threads reach mutex concurrently)
+	if m.publishStrategy == types.InternalPublishingStrategy && m.dnsInstance == nil {
 		client, err := m.Client()
 		if err != nil {
 			return nil, err

diff --git a/pkg/asset/installconfig/ibmcloud/metadata_test.go b/pkg/asset/installconfig/ibmcloud/metadata_test.go
@@ -178,9 +178,14 @@ func baseMetadata() *Metadata {
 				Region: region,
 			},
 		},
+		Publish: types.ExternalPublishingStrategy,
 	})
 }
 
+func setInternalPublishingStrategy(m *Metadata) {
+	m.publishStrategy = types.InternalPublishingStrategy
+}
+
 func TestAccountID(t *testing.T) {
 	testCases := []struct {
 		name          string
@@ -406,6 +411,7 @@ func TestDNSInstance(t *testing.T) {
 	for _, tCase := range testCases {
 		t.Run(tCase.name, func(t *testing.T) {
 			metadata := baseMetadata()
+			setInternalPublishingStrategy(metadata)
 			metadata.client = ibmcloudClient
 			for _, edit := range tCase.edits {
 				edit(metadata)
@@ -438,6 +444,7 @@ func TestSetDNSInstance(t *testing.T) {
 	for _, tCase := range testCases {
 		t.Run(tCase.name, func(t *testing.T) {
 			metadata := baseMetadata()
+			setInternalPublishingStrategy(metadata)
 
 			metadata.dnsInstance = &DNSInstance{
 				ID:  tCase.dnsID,