Always public IAM endpoint for satellite cluster (#22)

GunaKKIBM · web-flow · commit f725cf02ca92 · 2023-04-25T09:58:03.000+05:30
* Always public IAM endpoint for satellite cluster

* Addressing comments - reducing redundancy

* Addressing comments - using cluster info to determine cluster provider

* Always use private URL, if unable to determine satellite

* Read URL provided in storage secret store for satellite
diff --git a/pkg/config/cluster_config.go b/pkg/config/cluster_config.go
@@ -18,7 +18,6 @@ package config
 
 import (
 	"encoding/json"
-	"os"
 	"strings"
 
 	"github.com/IBM/secret-utils-lib/pkg/k8s_utils"
@@ -41,8 +40,9 @@ const (
 
 // ClusterConfig ...
 type ClusterConfig struct {
-	ClusterID string `json:"cluster_id"`
-	MasterURL string `json:"master_url"`
+	ClusterID       string `json:"cluster_id"`
+	MasterURL       string `json:"master_url"`
+	ClusterProvider string `json:"cluster_provider"`
 }
 
 // GetClusterInfo ...
@@ -72,29 +72,31 @@ func FrameTokenExchangeURL(kc k8s_utils.KubernetesClient, providerType string, l
 		return cloudConf.TokenExchangeURL + tokenExchangePath
 	}
 
+	cc, err := GetClusterInfo(kc, logger)
+	if err != nil {
+		logger.Error("Error fetching cluster info", zap.Error(err))
+		return (utils.ProdPrivateIAMURL + tokenExchangePath)
+	}
+
+	isSatellite := IsSatellite(cc, logger)
+
 	logger.Info("Unable to fetch token exchange URL from cloud-conf")
 	secret, err := k8s_utils.GetSecretData(kc, utils.STORAGE_SECRET_STORE_SECRET, utils.SECRET_STORE_FILE)
 	if err == nil {
 		if secretConfig, err := ParseConfig(logger, secret); err == nil {
-			url, err := GetTokenExchangeURLfromStorageSecretStore(*secretConfig, providerType)
+			url, err := GetTokenExchangeURLfromStorageSecretStore(isSatellite, *secretConfig, providerType)
 			if err == nil {
 				return url
 			}
 		}
 	}
 
 	logger.Info("Unable to fetch token exchange URL using secret, forming url using cluster info")
-	cc, err := GetClusterInfo(kc, logger)
-	if err != nil {
-		logger.Error("Error fetching cluster master URL", zap.Error(err))
-		return (utils.ProdPublicIAMURL + tokenExchangePath)
-	}
-
-	return FrameTokenExchangeURLFromClusterInfo(cc, logger)
+	return FrameTokenExchangeURLFromClusterInfo(isSatellite, cc, logger)
 }
 
 // GetTokenExchangeURLfromStorageSecretStore ...
-func GetTokenExchangeURLfromStorageSecretStore(config Config, providerType string) (string, error) {
+func GetTokenExchangeURLfromStorageSecretStore(isSatellite bool, config Config, providerType string) (string, error) {
 
 	var url string
 	switch providerType {
@@ -110,28 +112,49 @@ func GetTokenExchangeURLfromStorageSecretStore(config Config, providerType strin
 		return "", utils.Error{Description: utils.WarnFetchingTokenExchangeURL}
 	}
 
-	// If the cluster is not satellite cluster, use PROD or STAGE URLs
-	if os.Getenv("IS_SATELLITE") != constTrue {
-		if !strings.Contains(url, "stage") && !strings.Contains(url, "test") {
-			url = utils.ProdPrivateIAMURL
-		} else {
-			url = utils.StagePrivateIAMURL
-		}
+	// If the cluster is satellite, first use the provided URL.
+	if isSatellite {
+		return url, nil
 	}
 
-	// Appending the base URL and token exchange path
-	url = url + tokenExchangePath
-
-	return url, nil
+	isProd := isProduction(url)
+	if isProd {
+		return utils.ProdPrivateIAMURL + tokenExchangePath, nil
+	}
+	return utils.StagePrivateIAMURL + tokenExchangePath, nil
 }
 
 // FrameTokenExchangeURLFromClusterInfo ...
-func FrameTokenExchangeURLFromClusterInfo(cc ClusterConfig, logger *zap.Logger) string {
+func FrameTokenExchangeURLFromClusterInfo(isSatellite bool, cc ClusterConfig, logger *zap.Logger) string {
+
 	if !strings.Contains(cc.MasterURL, stageMasterURLsubstr) {
 		logger.Info("Env-Production")
+		if isSatellite {
+			return (utils.ProdPublicIAMURL + tokenExchangePath)
+		}
 		return (utils.ProdPrivateIAMURL + tokenExchangePath)
 	}
 
 	logger.Info("Env-Stage")
+	if isSatellite {
+		return (utils.StagePublicIAMURL + tokenExchangePath)
+	}
 	return (utils.StagePrivateIAMURL + tokenExchangePath)
 }
+
+// isProduction determines if the env in which a pod is deployed is stage or production
+func isProduction(url string) bool {
+	if !strings.Contains(url, "stage") && !strings.Contains(url, "test") {
+		return true
+	}
+	return false
+}
+
+// IsSatellite checks if the cluster where the pod is currently running is a satellite cluster or not
+func IsSatellite(cc ClusterConfig, logger *zap.Logger) bool {
+	if cc.ClusterProvider == utils.SatelliteProvider {
+		return true
+	}
+
+	return false
+}
diff --git a/pkg/utils/constants.go b/pkg/utils/constants.go
@@ -55,4 +55,6 @@ const (
 	Bluemix = "bluemix"
 	// Softlayer ...
 	Softlayer = "softlayer"
+	// SatelliteProvider ...
+	SatelliteProvider = "upi"
 )

Original file line number	Diff line number	Diff line change
`@@ -55,4 +55,6 @@ const (`
`55`	`55`	`Bluemix = "bluemix"`
`56`	`56`	`// Softlayer ...`
`57`	`57`	`Softlayer = "softlayer"`
	`58`	`+ // SatelliteProvider ...`
	`59`	`+ SatelliteProvider = "upi"`
`58`	`60`	`)`