OCPCLOUD-2266: IBMCloud: MAPI Service Endpoint overrides

go.mod

@@ -3,17 +3,17 @@ module github.com/openshift/machine-api-provider-ibmcloud
 go 1.19
 
 require (
-	github.com/IBM/go-sdk-core/v5 v5.4.2
-	github.com/IBM/platform-services-go-sdk v0.18.16
-	github.com/IBM/vpc-go-sdk v0.6.0
+	github.com/IBM/go-sdk-core/v5 v5.14.1
+	github.com/IBM/platform-services-go-sdk v0.52.1
+	github.com/IBM/vpc-go-sdk v0.42.0
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/coreos/ignition/v2 v2.14.0
 	github.com/go-logr/logr v1.2.4
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/golang/mock v1.6.0
 	github.com/onsi/ginkgo/v2 v2.9.5
 	github.com/onsi/gomega v1.27.7
-	github.com/openshift/api v0.0.0-20231010075512-1ccc6058c62d
+	github.com/openshift/api v0.0.0-20231113114413-39964e6af314
 	github.com/openshift/machine-api-operator v0.2.1-0.20230524144558-2430daf07c93
 	k8s.io/api v0.28.2
 	k8s.io/apimachinery v0.28.2
@@ -41,17 +41,16 @@ require (
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/color v1.15.0 // indirect
-	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
-	github.com/go-openapi/errors v0.19.8 // indirect
+	github.com/go-openapi/errors v0.20.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/strfmt v0.20.1 // indirect
+	github.com/go-openapi/strfmt v0.21.5 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-playground/locales v0.13.0 // indirect
-	github.com/go-playground/universal-translator v0.17.0 // indirect
-	github.com/go-stack/stack v1.8.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.13.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gobuffalo/flect v0.2.5 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -67,12 +66,12 @@ require (
 	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.2.0 // indirect
-	github.com/hashicorp/go-retryablehttp v0.6.6 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/leodido/go-urn v1.2.0 // indirect
+	github.com/leodido/go-urn v1.2.3 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@@ -100,8 +99,9 @@ require (
 	github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect
 	github.com/vincent-petithory/dataurl v1.0.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	go.mongodb.org/mongo-driver v1.5.1 // indirect
+	go.mongodb.org/mongo-driver v1.11.3 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
+	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/net v0.13.0 // indirect
 	golang.org/x/oauth2 v0.8.0 // indirect
@@ -114,7 +114,6 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
-	gopkg.in/go-playground/validator.v9 v9.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

pkg/actuators/client/client.go

@@ -23,10 +23,15 @@ import (
 	"github.com/IBM/platform-services-go-sdk/resourcemanagerv2"
 	"github.com/IBM/vpc-go-sdk/vpcv1"
 	"github.com/golang-jwt/jwt"
+	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/machine-api-operator/pkg/controller/machine"
+	klog "k8s.io/klog/v2"
 
 	ibmcloudclienterrors "github.com/openshift/machine-api-provider-ibmcloud/pkg/actuators/client/errors"
+	ibmcloudutil "github.com/openshift/machine-api-provider-ibmcloud/pkg/actuators/util"
 	ibmcloudproviderv1 "github.com/openshift/machine-api-provider-ibmcloud/pkg/apis/ibmcloudprovider/v1"
+
+	coreClient "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 // Client is a wrapper object for IBM SDK clients
@@ -58,16 +63,44 @@ type ibmCloudClient struct {
 }
 
 // IbmcloudClientBuilderFuncType is function type for building ibm cloud client
-type IbmcloudClientBuilderFuncType func(credentialVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (Client, error)
+type IbmcloudClientBuilderFuncType func(client coreClient.Client, credentialVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (Client, error)
 
 // NewClient initilizes a new validated client
-func NewClient(credentialVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (Client, error) {
+func NewClient(client coreClient.Client, credentialVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (Client, error) {
+	// Get the Infrastructure config to vet for any IBM Cloud Service endpoint overrides
+	infraConfig, err := ibmcloudutil.GetInfrastructureConfig(client)
+	if err != nil {
+		return nil, err
+	}
+
+	var iamEndpointOverride, rmEndpointOverride, vpcEndpointOverride string
+	// If there are any Service endpoint overrides, attempt to load those required for this component
+	if infraConfig.Status.PlatformStatus != nil && infraConfig.Status.PlatformStatus.IBMCloud != nil && infraConfig.Status.PlatformStatus.IBMCloud.ServiceEndpoints != nil {
+		for _, endpoint := range infraConfig.Status.PlatformStatus.IBMCloud.ServiceEndpoints {
+			switch endpoint.Name {
+			case configv1.IBMCloudServiceIAM:
+				iamEndpointOverride = endpoint.URL
+			case configv1.IBMCloudServiceResourceManager:
+				rmEndpointOverride = endpoint.URL
+			case configv1.IBMCloudServiceVPC:
+				vpcEndpointOverride = endpoint.URL
+			default:
+				klog.Infof("ignoring unused service endpoint: %s", endpoint.Name)
+			}
+		}
+	}
 
 	// Authenticator
 	authenticator := &core.IamAuthenticator{
 		ApiKey: credentialVal,
 	}
 
+	// If an endpoint override for IAM was in Infrastructure, set it now
+	if iamEndpointOverride != "" {
+		authenticator.URL = iamEndpointOverride
+		klog.Infof("override %s endpoint: %s", configv1.IBMCloudServiceIAM, iamEndpointOverride)
+	}
+
 	// Retrieve IAM Token
 	iamToken, err := authenticator.RequestToken()
 	if err != nil {
@@ -98,34 +131,53 @@ func NewClient(credentialVal string, providerSpec ibmcloudproviderv1.IBMCloudMac
 	}
 
 	// IC Virtual Private Cloud (VPC) API
-	vpcService, err := vpcv1.NewVpcV1(&vpcv1.VpcV1Options{
+	vpcOptions := &vpcv1.VpcV1Options{
 		Authenticator: authenticator,
-	})
+	}
+
+	// If an endpoint override for VPC was in Infrastructure, set it now
+	if vpcEndpointOverride != "" {
+		vpcOptions.URL = vpcEndpointOverride
+		klog.Infof("override %s endpoint: %s", configv1.IBMCloudServiceVPC, vpcEndpointOverride)
+	}
+
+	vpcService, err := vpcv1.NewVpcV1(vpcOptions)
 	if err != nil {
 		return nil, err
 	}
 
 	// IC Resource Manager API
-	resourceManagerService, err := resourcemanagerv2.NewResourceManagerV2(&resourcemanagerv2.ResourceManagerV2Options{
+	rmOptions := &resourcemanagerv2.ResourceManagerV2Options{
 		Authenticator: authenticator,
-	})
-	if err != nil {
-		return nil, err
 	}
 
-	// Get Region and Set Service URL
-	regionName := providerSpec.Region
-	region, _, err := vpcService.GetRegion(vpcService.NewGetRegionOptions(regionName))
-	if err != nil {
-		return nil, err
+	// If an endpoint override for ResourceManager was in Infrastructure, set it now
+	if rmEndpointOverride != "" {
+		rmOptions.URL = rmEndpointOverride
+		klog.Infof("override %s endpoint: %s", configv1.IBMCloudServiceResourceManager, rmEndpointOverride)
 	}
 
-	// Set the Service URL
-	err = vpcService.SetServiceURL(fmt.Sprintf("%s/v1", *region.Endpoint))
+	resourceManagerService, err := resourcemanagerv2.NewResourceManagerV2(rmOptions)
 	if err != nil {
 		return nil, err
 	}
 
+	// Setup VPC endpoint if an override wasn't provided
+	if vpcEndpointOverride == "" {
+		// Get Region and Set Service URL
+		regionName := providerSpec.Region
+		region, _, err := vpcService.GetRegion(vpcService.NewGetRegionOptions(regionName))
+		if err != nil {
+			return nil, err
+		}
+
+		// Set the Service URL
+		err = vpcService.SetServiceURL(fmt.Sprintf("%s/v1", *region.Endpoint))
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return &ibmCloudClient{
 		AccountID:              accountID,
 		vpcService:             vpcService,
@@ -448,7 +500,7 @@ func (c *ibmCloudClient) GetResourceGroupIDByName(resourceGroupName string) (str
 	// Get Resource Group
 	resourceGroup, _, err := c.resourceManagerService.ListResourceGroups(resourceGroupOptions)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to list resource groups: %w", err)
 	}
 
 	// Check resourceGroup is not nil and Resources[] is not empty

pkg/actuators/machine/actuator_test.go

@@ -295,11 +295,11 @@ func TestActuatorEvents(t *testing.T) {
 			}
 			gs.Eventually(getMachine, timeout).Should(Succeed())
 
-			ibmClientBuilder := func(secretVal string, providerSpec v1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
+			ibmClientBuilder := func(coreClient client.Client, secretVal string, providerSpec v1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
 				return mockIBMClient, nil
 			}
 			if tc.invalidMachineScope {
-				ibmClientBuilder = func(secretVal string, providerSpec v1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
+				ibmClientBuilder = func(coreClient client.Client, secretVal string, providerSpec v1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
 					return nil, errors.New("IBM Cloud client error")
 				}
 			}

pkg/actuators/machine/machine_scope.go

@@ -83,7 +83,7 @@ func newMachineScope(params machineScopeParams) (*machineScope, error) {
 		return nil, err
 	}
 
-	ibmClient, err := params.ibmClientBuilder(apikey, *providerSpec)
+	ibmClient, err := params.ibmClientBuilder(params.client, apikey, *providerSpec)
 	if err != nil {
 		return nil, machineapierrors.InvalidMachineConfiguration("error creating ibm client: %v", err.Error())
 	}

pkg/actuators/machine/machine_scope_test.go

@@ -87,10 +87,10 @@ func TestNewMachineScope(t *testing.T) {
 
 	g.Expect(err).ToNot(HaveOccurred())
 
-	ibmClientBuilder := func(secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
+	ibmClientBuilder := func(coreClient client.Client, secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
 		return mockIBMClient, nil
 	}
-	invalidIbmClientBuilder := func(secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
+	invalidIbmClientBuilder := func(coreClient client.Client, secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
 		return nil, errors.New("ibmc test error")
 	}
 
@@ -383,7 +383,7 @@ func TestPatchMachine(t *testing.T) {
 			machineScope, err := newMachineScope(machineScopeParams{
 				client:  k8sClient,
 				machine: machine,
-				ibmClientBuilder: func(secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
+				ibmClientBuilder: func(coreClient client.Client, secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
 					return nil, nil
 				},
 			})

pkg/actuators/machine/reconciler.go

@@ -307,7 +307,7 @@ func (r *Reconciler) reconcileMachineWithCloudState(conditionFailed *ibmcloudpro
 	}
 
 	// Update Machine Status Addresses
-	ipAddr := *newInstance.PrimaryNetworkInterface.PrimaryIpv4Address
+	ipAddr := *newInstance.PrimaryNetworkInterface.PrimaryIP.Address
 	if ipAddr != "" {
 		networkAddresses := []apicorev1.NodeAddress{{Type: apicorev1.NodeInternalDNS, Address: r.machine.Name}}
 		networkAddresses = append(networkAddresses, apicorev1.NodeAddress{Type: apicorev1.NodeInternalIP, Address: ipAddr})

pkg/actuators/machine/reconciler_test.go

@@ -34,6 +34,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	controllerfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
 )
 
@@ -124,7 +125,7 @@ func TestCreate(t *testing.T) {
 				client:  controllerfake.NewFakeClient(),
 				// providerSpec:   providerSpec,
 				// providerStatus: &ibmcloudproviderv1.IBMCloudMachineProviderStatus{},
-				ibmClientBuilder: func(secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
+				ibmClientBuilder: func(coreClient client.Client, secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
 					return mockIBMClient, nil
 				},
 			})
@@ -234,7 +235,7 @@ func TestExists(t *testing.T) {
 			machineScope, err := newMachineScope(machineScopeParams{
 				machine: tc.machine(),
 				client:  controllerfake.NewFakeClient(),
-				ibmClientBuilder: func(secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
+				ibmClientBuilder: func(coreClient client.Client, secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
 					return tc.ibmClient(mockCtrl), nil
 				},
 			})
@@ -405,7 +406,7 @@ func TestReconcileMachineWithCloudState(t *testing.T) {
 		client:  controllerfake.NewFakeClient(),
 		// providerSpec:   providerSpec,
 		// providerStatus: &ibmcloudproviderv1.IBMCloudMachineProviderStatus{},
-		ibmClientBuilder: func(secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
+		ibmClientBuilder: func(coreClient client.Client, secretVal string, providerSpec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (ibmclient.Client, error) {
 			return mockIBMClient, nil
 		},
 	})

pkg/actuators/machine/stubs_util.go

@@ -31,16 +31,17 @@ func stubInstanceGetByName(name string, machineProviderConfig *ibmcloudproviderv
 	returnID := "0727_xyz-xyz-cccc-aaba-cacdaccad"
 	returnPrimaryNetID := "0727-xyz"
 	returnPrimaryNetName := "cold-breeze"
-	returnPrimaryNetIPv4Add := "10.0.0.1"
+	address := "10.0.0.1"
+	returnPrimaryIP := &vpcv1.ReservedIPReference{Address: &address}
 	returnRunning := "running"
 
 	return &vpcv1.Instance{
 		Name: &returnName,
 		ID:   &returnID,
 		PrimaryNetworkInterface: &vpcv1.NetworkInterfaceInstanceContextReference{
-			ID:                 &returnPrimaryNetID,
-			Name:               &returnPrimaryNetName,
-			PrimaryIpv4Address: &returnPrimaryNetIPv4Add,
+			ID:        &returnPrimaryNetID,
+			Name:      &returnPrimaryNetName,
+			PrimaryIP: returnPrimaryIP,
 		},
 		Status: &returnRunning,
 	}, nil

pkg/actuators/machineset/controller.go

@@ -88,7 +88,7 @@ func (r *Reconciler) getActualIbmClient(namespace string, providerSpec ibmcloudp
 		return nil, err
 	}
 
-	ibmClient, err := ibmclient.NewClient(apikey, providerSpec)
+	ibmClient, err := ibmclient.NewClient(r.Client, apikey, providerSpec)
 	if err != nil {
 		return nil, machineapierrors.InvalidMachineConfiguration("error creating ibm client: %v", err.Error())
 	}

pkg/actuators/util/common.go

@@ -20,17 +20,30 @@ import (
 	"context"
 	"fmt"
 
+	configv1 "github.com/openshift/api/config/v1"
 	machoneapierrors "github.com/openshift/machine-api-operator/pkg/controller/machine"
 	ibmcloudproviderv1 "github.com/openshift/machine-api-provider-ibmcloud/pkg/apis/ibmcloudprovider/v1"
 	apicorev1 "k8s.io/api/core/v1"
 	apimachineryerrors "k8s.io/apimachinery/pkg/api/errors"
+	apimachinerytypes "k8s.io/apimachinery/pkg/types"
 	controllerRuntimeClient "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 const (
 	credentialsSecretKey = "ibmcloud_api_key"
 )
 
+// GetInfrastructureConfig returns the cluster's Infrastructure config
+func GetInfrastructureConfig(coreClient controllerRuntimeClient.Client) (*configv1.Infrastructure, error) {
+	infraConfig := &configv1.Infrastructure{}
+
+	if err := coreClient.Get(context.Background(), apimachinerytypes.NamespacedName{Name: "cluster"}, infraConfig); err != nil {
+		return nil, fmt.Errorf("error getting infrastructure config: %v", err)
+	}
+
+	return infraConfig, nil
+}
+
 // GetCredentialsSecret returns base64 encoded credential secret data
 func GetCredentialsSecret(coreClient controllerRuntimeClient.Client, namespace string, spec ibmcloudproviderv1.IBMCloudMachineProviderSpec) (string, error) {
 	if spec.CredentialsSecret == nil {