Using compartment identity client to get ADs for single stack clusters

Author: YashasG98

go.mod

@@ -43,10 +43,10 @@ require (
 	github.com/container-storage-interface/spec v1.9.0
 	github.com/golang/protobuf v1.5.4
 	github.com/kubernetes-csi/csi-lib-utils v0.17.0
-	github.com/kubernetes-csi/external-snapshotter/client/v6 v6.3.4
+	github.com/kubernetes-csi/external-snapshotter/client/v6 v6.3.0
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.32.0
-	github.com/oracle/oci-go-sdk/v65 v65.77.0
+	github.com/oracle/oci-go-sdk/v65 v65.78.1
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.17.0
 	github.com/spf13/cobra v1.8.1 // indirect

go.sum

@@ -186,8 +186,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
 github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
-github.com/oracle/oci-go-sdk/v65 v65.77.0 h1:lFdbyJq7/VsB9gAIemTGx/8sSK3uYEKlQTf5FaTnpTs=
-github.com/oracle/oci-go-sdk/v65 v65.77.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
+github.com/oracle/oci-go-sdk/v65 v65.78.1 h1:M9nLmaOsjTZJHQ5hlkF5UK6XV/sbFUodAgCfbM2Ve00=
+github.com/oracle/oci-go-sdk/v65 v65.78.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=

pkg/csi/driver/bv_controller_test.go

@@ -17,6 +17,7 @@ package driver
 import (
 	"context"
 	"fmt"
+	"os"
 	"reflect"
 	"strings"
 	"testing"
@@ -783,13 +784,19 @@ type MockIdentityClient struct {
 	common.BaseClient
 }
 
-func (client MockIdentityClient) ListAvailabilityDomains(ctx context.Context, compartmentID string) ([]identity.AvailabilityDomain, error) {
+func (mockClient MockIdentityClient) ListAvailabilityDomains(ctx context.Context, compartmentID string) ([]identity.AvailabilityDomain, error) {
 	return nil, nil
 }
 
 // ListAvailabilityDomains mocks the client ListAvailabilityDomains implementation
-func (client MockIdentityClient) GetAvailabilityDomainByName(ctx context.Context, compartmentID, name string) (*identity.AvailabilityDomain, error) {
-	ad1 := "AD1"
+func (mockClient MockIdentityClient) GetAvailabilityDomainByName(ctx context.Context, compartmentID, name string) (*identity.AvailabilityDomain, error) {
+	var ad1 string
+
+	if client.IsIpv6SingleStackCluster() {
+		ad1 = "AD1-compartments-response"
+	} else {
+		ad1 = "AD1"
+	}
 	return &identity.AvailabilityDomain{Name: &ad1}, nil
 }
 
@@ -2113,3 +2120,90 @@ func TestGetBVTags(t *testing.T) {
 		})
 	}
 }
+
+func TestClient_GetAvailabilityDomainByName(t *testing.T) {
+	tests := []struct {
+		name       string
+		ipFamilies string
+		want       *identity.AvailabilityDomain
+		wantErr    error
+	}{
+		{
+			name:       "Dual stack IPv4 preferred (identity client usage)",
+			ipFamilies: "IPv4,IPv6",
+			want: &identity.AvailabilityDomain{
+				Name: common.String("AD1"), // Default to AD1 since only exact IPv6 triggers change
+			},
+			wantErr: nil,
+		},
+		{
+			name:       "Dual stack IPv6 preferred (identity client usage)",
+			ipFamilies: "IPv6,IPv4",
+			want: &identity.AvailabilityDomain{
+				Name: common.String("AD1"), // Default to AD1 since only exact IPv6 triggers change
+			},
+			wantErr: nil,
+		},
+		{
+			name:       "IPv4 only (defaults to AD1)",
+			ipFamilies: "IPv4",
+			want: &identity.AvailabilityDomain{
+				Name: common.String("AD1"),
+			},
+			wantErr: nil,
+		},
+		{
+			name:       "IPv6 only",
+			ipFamilies: "IPv6",
+			want: &identity.AvailabilityDomain{
+				Name: common.String("AD1-compartments-response"), // Specific to IPv6
+			},
+			wantErr: nil,
+		},
+		{
+			name:       "Empty IP families (defaults to AD1)",
+			ipFamilies: "",
+			want: &identity.AvailabilityDomain{
+				Name: common.String("AD1"),
+			},
+			wantErr: nil,
+		},
+		{
+			name:       "Invalid IP families (defaults to AD1)",
+			ipFamilies: "Invalid",
+			want: &identity.AvailabilityDomain{
+				Name: common.String("AD1"), // Invalid defaults to AD1
+			},
+			wantErr: nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Set the environment variable for IP families
+			os.Setenv(client.ClusterIpFamilyEnv, tt.ipFamilies)
+			defer os.Unsetenv(client.ClusterIpFamilyEnv)
+
+			ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
+			defer cancel()
+
+			client := NewClientProvisioner(nil, &MockBlockStorageClient{}, nil)
+			got, err := client.Identity(nil).GetAvailabilityDomainByName(ctx, "ocid1.compartment.abcd", "AD-1")
+
+			// Check if the error matches what we expect
+			if tt.wantErr == nil && err != nil {
+				t.Errorf("got error %q, want none", err)
+			}
+			if tt.wantErr != nil && err == nil {
+				t.Errorf("want error %q, got none", tt.wantErr)
+			} else if tt.wantErr != nil && err != nil && !strings.Contains(err.Error(), tt.wantErr.Error()) {
+				t.Errorf("want error %q to include %q", err, tt.wantErr)
+			}
+
+			// Check if the result matches what we expect
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("client.Identity().GetAvailabilityDomainByName() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

pkg/oci/client/client.go

@@ -51,10 +51,11 @@ type Interface interface {
 }
 
 type OCIClientConfig struct {
-	SaToken *authv1.TokenRequest
+	SaToken      *authv1.TokenRequest
 	ParentRptURL string
-	TenancyId string
+	TenancyId    string
 }
+
 // RateLimiter reader and writer.
 type RateLimiter struct {
 	Reader flowcontrol.RateLimiter
@@ -170,6 +171,11 @@ type identityClient interface {
 	ListAvailabilityDomains(ctx context.Context, request identity.ListAvailabilityDomainsRequest) (identity.ListAvailabilityDomainsResponse, error)
 }
 
+// TODO: Uncomment when compartments is available in OCI Go-SDK
+//type compartmentClient interface {
+//	ListAvailabilityDomains(ctx context.Context, request compartments.ListAvailabilityDomainsRequest) (compartments.ListAvailabilityDomainsResponse, error)
+//}
+
 type client struct {
 	compute             computeClient
 	network             virtualNetworkClient
@@ -178,6 +184,7 @@ type client struct {
 	filestorage         filestorageClient
 	bs                  blockstorageClient
 	identity            identityClient
+	//compartment 		compartmentClient
 
 	requestMetadata common.RequestMetadata
 	rateLimiter     RateLimiter
@@ -239,6 +246,17 @@ func New(logger *zap.SugaredLogger, cp common.ConfigurationProvider, opRateLimit
 		return nil, errors.Wrap(err, "configuring identity service client custom transport")
 	}
 
+	// TODO: Uncomment when compartments is available in OCI Go-SDK
+	//compartment, err := compartments.NewCompartmentsClientWithConfigurationProvider(cp)
+	//if err != nil {
+	//	return nil, errors.Wrap(err, "NewCompartmentsClientWithConfigurationProvider")
+	//}
+	//
+	//err = configureCustomTransport(logger, &compartment.BaseClient)
+	//if err != nil {
+	//	return nil, errors.Wrap(err, "configuring compartment service client custom transport")
+	//}
+
 	bs, err := core.NewBlockstorageClientWithConfigurationProvider(cp)
 	if err != nil {
 		return nil, errors.Wrap(err, "NewBlockstorageClientWithConfigurationProvider")
@@ -282,6 +300,7 @@ func New(logger *zap.SugaredLogger, cp common.ConfigurationProvider, opRateLimit
 		networkloadbalancer: &networkloadbalancer,
 		bs:                  &bs,
 		filestorage:         &fss,
+		//compartment:     	 &compartment,
 
 		rateLimiter:     *opRateLimiter,
 		requestMetadata: requestMetadata,
@@ -360,7 +379,7 @@ func (c *client) LoadBalancer(logger *zap.SugaredLogger, lbType string, targetTe
 }
 
 func (c *client) Networking(ociClientConfig *OCIClientConfig) NetworkingInterface {
-	if ociClientConfig == nil{
+	if ociClientConfig == nil {
 		return c
 	}
 	if ociClientConfig.SaToken != nil {
@@ -374,7 +393,7 @@ func (c *client) Networking(ociClientConfig *OCIClientConfig) NetworkingInterfac
 
 		err = configureCustomTransport(c.logger, &network.BaseClient)
 		if err != nil {
-			 c.logger.Error("Failed configure custom transport for Network Client %v", err)
+			c.logger.Error("Failed configure custom transport for Network Client %v", err)
 			return nil
 		}
 
@@ -410,16 +429,30 @@ func (c *client) Identity(ociClientConfig *OCIClientConfig) IdentityInterface {
 
 		err = configureCustomTransport(c.logger, &identity.BaseClient)
 		if err != nil {
-			 c.logger.Error("Failed configure custom transport for Identity Client %v", err)
+			c.logger.Error("Failed configure custom transport for Identity Client %v", err)
 			return nil
 		}
 
+		// TODO: Uncomment when compartments is available in OCI Go-SDK
+		//compartment, err := compartments.NewCompartmentsClientWithConfigurationProvider(configProvider)
+		//if err != nil {
+		//	c.logger.Errorf("Failed to create Compartments workload identity client  %v", err)
+		//	return nil
+		//}
+		//
+		//err = configureCustomTransport(c.logger, &compartment.BaseClient)
+		//if err != nil {
+		//	c.logger.Error("Failed configure custom transport for Compartments Client %v", err)
+		//	return nil
+		//}
+
 		return &client{
-			identity:        &identity,
-			requestMetadata: c.requestMetadata,
-			rateLimiter:     c.rateLimiter,
-			subnetCache:     cache.NewTTLStore(subnetCacheKeyFn, time.Duration(24)*time.Hour),
-			logger:          c.logger,
+			//compartment: 	     &compartment,
+			identity:            &identity,
+			requestMetadata:     c.requestMetadata,
+			rateLimiter:         c.rateLimiter,
+			subnetCache:         cache.NewTTLStore(subnetCacheKeyFn, time.Duration(24)*time.Hour),
+			logger:              c.logger,
 		}
 	}
 	return c

pkg/oci/client/identity.go

@@ -28,19 +28,66 @@ import (
 // by the volume provisioner.
 type IdentityInterface interface {
 	GetAvailabilityDomainByName(ctx context.Context, compartmentID, name string) (*identity.AvailabilityDomain, error)
-	ListAvailabilityDomains(ctx context.Context, compartmentID string) ([]identity.AvailabilityDomain, error)
 }
 
-func (c *client) ListAvailabilityDomains(ctx context.Context, compartmentID string) ([]identity.AvailabilityDomain, error) {
+func (c *client) GetAvailabilityDomainByName(ctx context.Context, compartmentID, name string) (*identity.AvailabilityDomain, error) {
 	if !c.rateLimiter.Reader.TryAccept() {
 		return nil, RateLimitError(false, "ListAvailabilityDomains")
 	}
 
+	var availabilityDomains []identity.AvailabilityDomain
+	var err error
+
+	// TODO: Uncomment when compartments is available in OCI Go-SDK
+	//if IsIpv6SingleStackCluster() {
+	//	availabilityDomains, err = c.listAvailabilityDomainsV6(ctx, compartmentID)
+	//} else {
+	availabilityDomains, err = c.listAvailabilityDomains(ctx, compartmentID)
+	//}
+
+	if err != nil {
+		return nil, err
+	}
+
+	// Find the desired availability domain by name
+	for _, ad := range availabilityDomains {
+		if strings.HasSuffix(strings.ToLower(*ad.Name), strings.ToLower(name)) {
+			return &ad, nil
+		}
+	}
+	return nil, fmt.Errorf("availability domain '%s' not found in list: %v", name, availabilityDomains)
+}
+
+// listAvailabilityDomainsV6 lists availability domains for IPv6 single-stack clusters.
+//func (c *client) listAvailabilityDomainsV6(ctx context.Context, compartmentID string) ([]identity.AvailabilityDomain, error) {
+//	resp, err := c.compartment.ListAvailabilityDomains(ctx, compartments.ListAvailabilityDomainsRequest{
+//		CompartmentId:   &compartmentID,
+//		RequestMetadata: c.requestMetadata,
+//	})
+//	if resp.OpcRequestId != nil {
+//		c.logger.With("service", "Compartment", "verb", listVerb).
+//			With("OpcRequestId", *(resp.OpcRequestId)).With("statusCode", util.GetHttpStatusCode(err)).
+//			Info("OPC Request ID recorded for Compartment ListAvailabilityDomains call.")
+//	}
+//	incRequestCounter(err, listVerb, availabilityDomainResource)
+//	if err != nil {
+//		return nil, errors.WithStack(err)
+//	}
+//
+//	availabilityDomains := make([]identity.AvailabilityDomain, len(resp.Items))
+//	for i, ad := range resp.Items {
+//		availabilityDomains[i] = identity.AvailabilityDomain{Name: ad.Name}
+//	}
+//	return availabilityDomains, nil
+//}
+
+// listAvailabilityDomains lists availability domains for regular clusters.
+func (c *client) listAvailabilityDomains(ctx context.Context, compartmentID string) ([]identity.AvailabilityDomain, error) {
 	resp, err := c.identity.ListAvailabilityDomains(ctx, identity.ListAvailabilityDomainsRequest{
 		CompartmentId:   &compartmentID,
 		RequestMetadata: c.requestMetadata,
 	})
-	if resp.OpcRequestId != nil{
+	if resp.OpcRequestId != nil {
 		c.logger.With("service", "Identity", "verb", listVerb).
 			With("OpcRequestId", *(resp.OpcRequestId)).With("statusCode", util.GetHttpStatusCode(err)).
 			Info("OPC Request ID recorded for ListAvailabilityDomains call.")
@@ -52,17 +99,3 @@ func (c *client) ListAvailabilityDomains(ctx context.Context, compartmentID stri
 
 	return resp.Items, nil
 }
-
-func (c *client) GetAvailabilityDomainByName(ctx context.Context, compartmentID, name string) (*identity.AvailabilityDomain, error) {
-	ads, err := c.ListAvailabilityDomains(ctx, compartmentID)
-	if err != nil {
-		return nil, err
-	}
-	// TODO: Add paging when implemented in oci-go-sdk.
-	for _, ad := range ads {
-		if strings.HasSuffix(strings.ToLower(*ad.Name), strings.ToLower(name)) {
-			return &ad, nil
-		}
-	}
-	return nil, fmt.Errorf("error looking up availability domain '%s':%v", name, ads)
-}