Fetch IPs from CP instead of TC to allow CP into TC (#1210)

Co-authored-by: Christian Bianchi <[email protected]>

service/controller/azure_config.go

@@ -461,10 +461,11 @@ func newAzureConfigResources(config AzureConfigConfig, certsSearcher certs.Inter
 	var workerMigrationResource resource.Interface
 	{
 		c := workermigration.Config{
-			CertsSearcher: certsSearcher,
-			ClientFactory: clientFactory,
-			CtrlClient:    config.K8sClient.CtrlClient(),
-			Logger:        config.Logger,
+			CertsSearcher:             certsSearcher,
+			ClientFactory:             clientFactory,
+			CPPublicIPAddressesClient: config.CPAzureClientSet.PublicIpAddressesClient,
+			CtrlClient:                config.K8sClient.CtrlClient(),
+			Logger:                    config.Logger,
 
 			InstallationName: config.InstallationName,
 			Location:         config.Azure.Location,

service/controller/resource/workermigration/internal/azure/api.go

@@ -2,7 +2,6 @@ package azure
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-07-01/compute"
 	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-11-01/network"
@@ -127,30 +126,3 @@ func (a *api) CreateOrUpdateNetworkSecurityGroup(ctx context.Context, resourceGr
 
 	return nil
 }
-
-func (a *api) ListPublicIPs(ctx context.Context, resourceGroupName string) ([]string, error) {
-	client, err := a.clientFactory.GetPublicIPAddressesClient(a.credentials.Namespace, a.credentials.Name)
-	if err != nil {
-		return nil, microerror.Mask(err)
-	}
-
-	allPublicIPs, err := client.ListComplete(ctx, resourceGroupName)
-	if err != nil {
-		return nil, microerror.Mask(err)
-	}
-
-	var ips []string
-	for allPublicIPs.NotDone() {
-		ip := allPublicIPs.Value()
-		// Masters use the API LB as egress gateway, the workers use the ingress LB.
-		if ip.Name != nil && *ip.Name == fmt.Sprintf("%s_ingress_ip", resourceGroupName) || *ip.Name == fmt.Sprintf("%s_api_ip", resourceGroupName) {
-			ips = append(ips, *ip.IPAddress)
-		}
-		err := allPublicIPs.NextWithContext(ctx)
-		if err != nil {
-			return nil, microerror.Mask(err)
-		}
-	}
-
-	return ips, nil
-}

service/controller/resource/workermigration/internal/azure/spec.go

@@ -29,7 +29,4 @@ type API interface {
 
 	// CreateOrUpdateNetworkSecurityGroup creates or updates existing network security group via Azure API.
 	CreateOrUpdateNetworkSecurityGroup(ctx context.Context, resourceGroupName, networkSecurityGroupName string, securityGroup network.SecurityGroup) error
-
-	// List all Public IPs from a given resource group via Azure API.
-	ListPublicIPs(ctx context.Context, resourceGroupName string) ([]string, error)
 }

service/controller/resource/workermigration/resource.go

@@ -1,6 +1,7 @@
 package workermigration
 
 import (
+	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-11-01/network"
 	providerv1alpha1 "github.com/giantswarm/apiextensions/v3/pkg/apis/provider/v1alpha1"
 	"github.com/giantswarm/certs/v3/pkg/certs"
 	"github.com/giantswarm/microerror"
@@ -17,27 +18,32 @@ const (
 )
 
 type Config struct {
-	CertsSearcher certs.Interface
-	ClientFactory *azureclient.Factory
-	CtrlClient    client.Client
-	Logger        micrologger.Logger
+	CertsSearcher             certs.Interface
+	ClientFactory             *azureclient.Factory
+	CPPublicIPAddressesClient *network.PublicIPAddressesClient
+	CtrlClient                client.Client
+	Logger                    micrologger.Logger
 
 	InstallationName string
 	Location         string
 }
 
 type Resource struct {
-	clientFactory       *azureclient.Factory
-	ctrlClient          client.Client
-	logger              micrologger.Logger
-	tenantClientFactory tenantcluster.Factory
-	wrapAzureAPI        func(cf *azureclient.Factory, credentials *providerv1alpha1.CredentialSecret) azure.API
+	clientFactory             *azureclient.Factory
+	cpPublicIPAddressesClient *network.PublicIPAddressesClient
+	ctrlClient                client.Client
+	logger                    micrologger.Logger
+	tenantClientFactory       tenantcluster.Factory
+	wrapAzureAPI              func(cf *azureclient.Factory, credentials *providerv1alpha1.CredentialSecret) azure.API
 
 	installationName string
 	location         string
 }
 
 func New(config Config) (*Resource, error) {
+	if config.CPPublicIPAddressesClient == nil {
+		return nil, microerror.Maskf(invalidConfigError, "%T.CPPublicIPAddressesClient must not be empty", config)
+	}
 	if config.ClientFactory == nil {
 		return nil, microerror.Maskf(invalidConfigError, "%T.ClientFactory must not be empty", config)
 	}
@@ -60,11 +66,12 @@ func New(config Config) (*Resource, error) {
 	}
 
 	newResource := &Resource{
-		clientFactory:       config.ClientFactory,
-		ctrlClient:          config.CtrlClient,
-		logger:              config.Logger,
-		tenantClientFactory: tenantClientFactory,
-		wrapAzureAPI:        azure.GetAPI,
+		cpPublicIPAddressesClient: config.CPPublicIPAddressesClient,
+		clientFactory:             config.ClientFactory,
+		ctrlClient:                config.CtrlClient,
+		logger:                    config.Logger,
+		tenantClientFactory:       tenantClientFactory,
+		wrapAzureAPI:              azure.GetAPI,
 
 		installationName: config.InstallationName,
 		location:         config.Location,

service/controller/resource/workermigration/security_groups.go

@@ -2,6 +2,7 @@ package workermigration
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-11-01/network"
 	"github.com/Azure/go-autorest/autorest/to"
@@ -59,7 +60,7 @@ func (r *Resource) ensureMasterEtcdLBSourcePrefixesUpdated(ctx context.Context,
 	var err error
 	var publicIPs []string
 	{
-		publicIPs, err = azureAPI.ListPublicIPs(ctx, r.installationName)
+		publicIPs, err = listPublicIPs(ctx, r.cpPublicIPAddressesClient, r.installationName)
 		if err != nil {
 			return microerror.Mask(err)
 		}
@@ -125,3 +126,25 @@ func contains(xs []string, v string) bool {
 
 	return false
 }
+
+func listPublicIPs(ctx context.Context, cpPublicIPAddressesClient *network.PublicIPAddressesClient, resourceGroupName string) ([]string, error) {
+	allPublicIPs, err := cpPublicIPAddressesClient.ListComplete(ctx, resourceGroupName)
+	if err != nil {
+		return nil, microerror.Mask(err)
+	}
+
+	var ips []string
+	for allPublicIPs.NotDone() {
+		ip := allPublicIPs.Value()
+		// Masters use the API LB as egress gateway, the workers use the ingress LB.
+		if ip.Name != nil && *ip.Name == fmt.Sprintf("%s_ingress_ip", resourceGroupName) || *ip.Name == fmt.Sprintf("%s_api_ip", resourceGroupName) {
+			ips = append(ips, *ip.IPAddress)
+		}
+		err := allPublicIPs.NextWithContext(ctx)
+		if err != nil {
+			return nil, microerror.Mask(err)
+		}
+	}
+
+	return ips, nil
+}