diff --git a/manifests/00-ingress-credentials-request.yaml b/manifests/00-ingress-credentials-request.yaml index 6446977d9..cd9489fd5 100644 --- a/manifests/00-ingress-credentials-request.yaml +++ b/manifests/00-ingress-credentials-request.yaml @@ -145,35 +145,4 @@ spec: value: "dns-svcs" secretRef: name: cloud-credentials - namespace: openshift-ingress-operator ---- -apiVersion: cloudcredential.openshift.io/v1 -kind: CredentialsRequest -metadata: - name: openshift-ingress-alibabacloud - namespace: openshift-ingress-operator - annotations: - capability.openshift.io/name: CloudCredential+Ingress -spec: - providerSpec: - apiVersion: cloudcredential.openshift.io/v1 - kind: AlibabaCloudProviderSpec - statementEntries: - - action: - - alidns:AddDomainRecord - - alidns:UpdateDomainRecord - - alidns:DeleteDomainRecord - - alidns:DescribeDomainRecords - effect: Allow - resource: '*' - - action: - - pvtz:AddZoneRecord - - pvtz:UpdateZoneRecord - - pvtz:DeleteZoneRecord - - pvtz:DescribeZoneRecords - - pvtz:DescribeZones - resource: '*' - effect: Allow - secretRef: - name: cloud-credentials - namespace: openshift-ingress-operator + namespace: openshift-ingress-operator \ No newline at end of file diff --git a/pkg/dns/alibaba/dns.go b/pkg/dns/alibaba/dns.go deleted file mode 100644 index 686d8954d..000000000 --- a/pkg/dns/alibaba/dns.go +++ /dev/null @@ -1,129 +0,0 @@ -package alibaba - -import ( - "fmt" - "github.com/aliyun/alibaba-cloud-sdk-go/sdk" - configv1 "github.com/openshift/api/config/v1" - iov1 "github.com/openshift/api/operatoringress/v1" - "github.com/openshift/cluster-ingress-operator/pkg/dns" - logf "github.com/openshift/cluster-ingress-operator/pkg/log" - "strings" -) - -// zoneType is a type of DNS zone: public or private. -type zoneType string - -// action is an action that can be performed on a DNS record by this DNS provider. -type action string - -const ( - zoneTypePublicZone zoneType = "public" - zoneTypePrivateZone zoneType = "private" - - actionEnsure action = "ensure" - actionReplace action = "replace" - actionDelete action = "delete" -) - -var ( - log = logf.Logger.WithName("dns") -) - -type Config struct { - Region string - AccessKeyID string - AccessSecret string -} - -type ZoneInfo struct { - // Type is type of the zone. - Type zoneType - // ID is the value used in OpenAPI to leverage dns records via Service. - // In public zone, it should be domain name. In private zone, it should be zone name. - ID string - // Domain is domain name of the zone - Domain string -} - -type provider struct { - config Config - services map[zoneType]Service -} - -func NewProvider(config Config) (dns.Provider, error) { - sdkClient, err := sdk.NewClientWithAccessKey(config.Region, config.AccessKeyID, config.AccessSecret) - if err != nil { - return nil, fmt.Errorf("failed to create alibabacloud api service: %w", err) - } - - client := NewClient(sdkClient, config.Region) - return &provider{ - config: config, - services: map[zoneType]Service{ - zoneTypePublicZone: NewPublicZoneService(client), - zoneTypePrivateZone: NewPrivateZoneService(client), - }, - }, nil -} - -// parseZone parses the zone id to ZoneInfo. -func (p *provider) parseZone(zone configv1.DNSZone) (ZoneInfo, error) { - typeString, ok := zone.Tags["type"] - if !ok { - return ZoneInfo{}, fmt.Errorf("cannot find tag \"type\" in DNSZone") - } - - return ZoneInfo{ - Type: zoneType(typeString), - ID: zone.ID, - // For now, Domain is equal to zone ID, - Domain: zone.ID, - }, nil -} - -// getRR should get record name from a full qualified domain name. -// If dnsName is not a subdomain of domainName, -// it will return the dnsName instead (without the trailing dot). -func getRR(dnsName, domainName string) string { - dnsName = strings.TrimSuffix(dnsName, ".") - return strings.TrimSuffix(dnsName, "."+domainName) -} - -func (p *provider) Ensure(record *iov1.DNSRecord, zone configv1.DNSZone) error { - return p.doRequest(zone, record, actionEnsure) -} - -func (p *provider) Delete(record *iov1.DNSRecord, zone configv1.DNSZone) error { - return p.doRequest(zone, record, actionDelete) -} - -func (p *provider) Replace(record *iov1.DNSRecord, zone configv1.DNSZone) error { - return p.doRequest(zone, record, actionReplace) -} - -func (p *provider) doRequest(zone configv1.DNSZone, record *iov1.DNSRecord, action action) error { - zoneInfo, err := p.parseZone(zone) - if err != nil { - return err - } - - service, ok := p.services[zoneInfo.Type] - if !ok { - return fmt.Errorf("unknown zone type %s", zoneInfo.Type) - } - - rr := getRR(record.Spec.DNSName, zoneInfo.Domain) - - switch action { - case actionEnsure: - err = service.Add(zoneInfo.ID, rr, string(record.Spec.RecordType), record.Spec.Targets[0], record.Spec.RecordTTL) - case actionReplace: - err = service.Update(zoneInfo.ID, rr, string(record.Spec.RecordType), record.Spec.Targets[0], record.Spec.RecordTTL) - case actionDelete: - err = service.Delete(zoneInfo.ID, rr, record.Spec.Targets[0]) - default: - err = fmt.Errorf("unknown action %q", action) - } - - return err -} diff --git a/pkg/dns/alibaba/dns_test.go b/pkg/dns/alibaba/dns_test.go deleted file mode 100644 index 24c4ab951..000000000 --- a/pkg/dns/alibaba/dns_test.go +++ /dev/null @@ -1,202 +0,0 @@ -package alibaba - -import ( - configv1 "github.com/openshift/api/config/v1" - iov1 "github.com/openshift/api/operatoringress/v1" - "github.com/openshift/cluster-ingress-operator/pkg/dns" - "github.com/stretchr/testify/assert" - "testing" -) - -type fakeService struct { - // records for id+rr to target - records map[string]string - // lastAction records the last action performed - // can be "add", "update" or "delete" - lastAction string -} - -func (p *fakeService) Add(id, rr, recordType, target string, ttl int64) error { - p.records[id+rr] = target - p.lastAction = "add" - return nil -} - -func (p *fakeService) Update(id, rr, recordType, target string, ttl int64) error { - p.records[id+rr] = target - p.lastAction = "update" - return nil -} - -func (p *fakeService) Delete(id, rr, target string) error { - delete(p.records, id+rr) - p.lastAction = "delete" - return nil -} - -// getLastAction returns lastAction and sets it to empty -func (p *fakeService) getLastAction() string { - action := p.lastAction - p.lastAction = "" - return action -} - -func newFakeService() *fakeService { - return &fakeService{ - records: make(map[string]string), - } -} - -func newFakeProvider(public, private Service) dns.Provider { - return &provider{ - services: map[zoneType]Service{ - zoneTypePublicZone: public, - zoneTypePrivateZone: private, - }, - } -} - -func Test_getRR(t *testing.T) { - cases := []struct { - dnsName string - domainName string - expected string - }{ - { - dnsName: "test.example.com.", - domainName: "example.com", - expected: "test", - }, - { - dnsName: "test.subdomain.example.com.", - domainName: "example.com", - expected: "test.subdomain", - }, - { - dnsName: "test.subdomain.example.com.", - domainName: "subdomain.example.com", - expected: "test", - }, - { - dnsName: "without.domain.", - domainName: "example.com", - expected: "without.domain", - }, - } - - for _, c := range cases { - rr := getRR(c.dnsName, c.domainName) - assert.Equal(t, c.expected, rr) - } -} - -func Test_parseZone(t *testing.T) { - cases := []struct { - id string - tags map[string]string - zoneType zoneType - error bool - }{ - { - id: "public.example.com", - tags: map[string]string{ - "type": "public", - }, - error: false, - zoneType: zoneTypePublicZone, - }, - { - id: "private.example.com", - tags: map[string]string{ - "type": "private", - }, - error: false, - zoneType: zoneTypePrivateZone, - }, - { - id: "error.example.com", - tags: map[string]string{}, - error: true, - }, - } - - p := &provider{} - for _, c := range cases { - info, err := p.parseZone(configv1.DNSZone{ - ID: c.id, - Tags: c.tags, - }) - - if c.error { - assert.Error(t, err) - continue - } - - assert.NoError(t, err) - assert.Equal(t, c.id, info.ID) - assert.Equal(t, c.zoneType, info.Type) - } -} - -func TestProvider(t *testing.T) { - servicePublic := newFakeService() - servicePrivate := newFakeService() - provider := newFakeProvider(servicePublic, servicePrivate) - - record := &iov1.DNSRecord{ - Spec: iov1.DNSRecordSpec{ - DNSName: "test.example.com.", - Targets: []string{"123.123.123.123"}, - RecordType: "A", - RecordTTL: 60, - }, - } - - dnsZonePublic := configv1.DNSZone{ - ID: "example.com", - Tags: map[string]string{ - "type": "public", - }, - } - - dnsZonePrivate := configv1.DNSZone{ - ID: "example.com", - Tags: map[string]string{ - "type": "private", - }, - } - - assert.Equal(t, "", servicePublic.getLastAction()) - assert.Equal(t, "", servicePublic.getLastAction()) - - // test public zone ensure - assert.NoError(t, provider.Ensure(record, dnsZonePublic)) - assert.Equal(t, "add", servicePublic.getLastAction()) - assert.Equal(t, "", servicePrivate.getLastAction()) - - // test private zone replace - assert.NoError(t, provider.Replace(record, dnsZonePrivate)) - assert.Equal(t, "", servicePublic.getLastAction()) - assert.Equal(t, "update", servicePrivate.getLastAction()) - - // test public zone delete - assert.NoError(t, provider.Delete(record, dnsZonePublic)) - assert.Equal(t, "delete", servicePublic.getLastAction()) - assert.Equal(t, "", servicePrivate.getLastAction()) - - // test zone type unknown, should return error - dnsZoneUnknown := configv1.DNSZone{ - ID: "example.com", - Tags: map[string]string{ - "type": "unknown", - }, - } - assert.Error(t, provider.Ensure(record, dnsZoneUnknown)) - - // test zone without type, should return error - dnsZoneNoType := configv1.DNSZone{ - ID: "example.com", - Tags: map[string]string{}, - } - assert.Error(t, provider.Ensure(record, dnsZoneNoType)) -} diff --git a/pkg/dns/alibaba/service.go b/pkg/dns/alibaba/service.go deleted file mode 100644 index a7acac88a..000000000 --- a/pkg/dns/alibaba/service.go +++ /dev/null @@ -1,300 +0,0 @@ -package alibaba - -import ( - "fmt" - "github.com/aliyun/alibaba-cloud-sdk-go/sdk" - "github.com/aliyun/alibaba-cloud-sdk-go/sdk/endpoints" - "github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests" - "github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses" - "github.com/aliyun/alibaba-cloud-sdk-go/services/alidns" - "github.com/aliyun/alibaba-cloud-sdk-go/services/pvtz" - "github.com/openshift/cluster-ingress-operator/pkg/dns/alibaba/util" - "strings" - "sync" -) - -var ( - // defaultEndpoints saves the default endpoints (unrelated to region of the cluster) for the specified product. - // Only public zone(alidns) and private zone(pvtz) will be called in dns provider, so there are two entries here. - defaultEndpoints = map[string]string{ - "pvtz": "pvtz.aliyuncs.com", - "alidns": "alidns.aliyuncs.com", - } -) - -type Service interface { - Add(id, rr, recordType, target string, ttl int64) error - Update(id, rr, recordType, target string, ttl int64) error - Delete(id, rr, target string) error -} - -type Client struct { - *sdk.Client - RegionID string -} - -// publicZoneService is an implementation of the Service interface for public zones, -// and the public zone is called "alidns" on AlibabaCloud platform. -type publicZoneService struct { - client *Client -} - -func (d *publicZoneService) Add(id, rr, recordType, target string, ttl int64) error { - request := alidns.CreateAddDomainRecordRequest() - request.Scheme = "https" - request.DomainName = id - request.RR = rr - request.Type = recordType - request.Value = target - - // A valid TTL for public zone must be in the range of 600 to 86400. - clampedTTL := util.Clamp(ttl, 600, 86400) - if clampedTTL != ttl { - log.Info(fmt.Sprintf("record's TTL for public zone must be in the range of 600 to 86400, set it to %d", clampedTTL), "record", rr) - } - request.TTL = requests.NewInteger64(clampedTTL) - - response := alidns.CreateAddDomainRecordResponse() - return d.client.DoActionWithSetDomain(request, response) -} - -func (d *publicZoneService) Update(id, rr, recordType, target string, ttl int64) error { - recordID, err := d.getRecordID(id, rr, "") - if err != nil { - return err - } - - request := alidns.CreateUpdateDomainRecordRequest() - request.Scheme = "https" - request.RecordId = recordID - request.RR = rr - request.Type = recordType - request.Value = target - - // A valid TTL for public zone must be in the range of 600 to 86400. - clampedTTL := util.Clamp(ttl, 600, 86400) - if clampedTTL != ttl { - log.Info(fmt.Sprintf("record's TTL for public zone must be in the range of 600 to 86400, set it to %d", clampedTTL), "record", rr) - } - request.TTL = requests.NewInteger64(clampedTTL) - - response := alidns.CreateUpdateDomainRecordResponse() - return d.client.DoActionWithSetDomain(request, response) -} - -func (d *publicZoneService) Delete(id, rr, target string) error { - recordID, err := d.getRecordID(id, rr, target) - if err != nil { - return err - } - - request := alidns.CreateDeleteDomainRecordRequest() - request.Scheme = "https" - request.RecordId = recordID - - response := alidns.CreateDeleteDomainRecordResponse() - return d.client.DoActionWithSetDomain(request, response) -} - -// getRecordID finds the ID by dns name and an optional argument target. -func (d *publicZoneService) getRecordID(id, dnsName, target string) (string, error) { - request := alidns.CreateDescribeDomainRecordsRequest() - request.Scheme = "https" - request.DomainName = id - request.KeyWord = dnsName - request.SearchMode = "EXACT" - - response := alidns.CreateDescribeDomainRecordsResponse() - if err := d.client.DoActionWithSetDomain(request, response); err != nil { - return "", fmt.Errorf("failed on describe domain records: %w", err) - } - - for _, record := range response.DomainRecords.Record { - if record.RR == dnsName && (target == "" || target == record.Value) { - return record.RecordId, nil - } - } - - return "", fmt.Errorf("cannot find record %q for domain %q", dnsName, id) -} - -// privateZoneService is an implementation of the Service interface for public zones, -// and the private zone is called "pvtz" on AlibabaCloud platform. -type privateZoneService struct { - client *Client - // pvtzIDs caches zone IDs with their associated zone names. - pvtzIDs map[string]string - mutex sync.Mutex -} - -func (p *privateZoneService) Add(zoneName, rr, recordType, target string, ttl int64) error { - // The first argument "id" in Service is actually zone name in the implementation of private zone. - // The zone name is used to lookup zone ID used in following requests. - id, err := p.lookupPrivateZoneID(zoneName) - if err != nil { - return fmt.Errorf("failed lookup private zone id: %w", err) - } - - request := pvtz.CreateAddZoneRecordRequest() - request.Scheme = "https" - request.ZoneId = id - request.Rr = rr - request.Type = recordType - request.Value = target - - // A valid TTL for private zone must be in the range of 5 to 86400. - clampedTTL := util.Clamp(ttl, 5, 86400) - if clampedTTL != ttl { - log.Info(fmt.Sprintf("record's TTL for private zone must be in the range of 600 to 86400, set it to %d", clampedTTL), "record", rr) - } - request.Ttl = requests.NewInteger64(clampedTTL) - - response := pvtz.CreateAddZoneRecordResponse() - return p.client.DoActionWithSetDomain(request, response) -} - -func (p *privateZoneService) Update(zoneName, rr, recordType, target string, ttl int64) error { - id, err := p.lookupPrivateZoneID(zoneName) - if err != nil { - return fmt.Errorf("failed lookup private zone id: %w", err) - } - - recordID, err := p.getRecordID(id, rr, "") - if err != nil { - return err - } - - request := pvtz.CreateUpdateZoneRecordRequest() - request.Scheme = "https" - request.RecordId = requests.NewInteger64(recordID) - request.Rr = rr - request.Type = recordType - request.Value = target - - // A valid TTL for private zone must be in the range of 5 to 86400. - clampedTTL := util.Clamp(ttl, 5, 86400) - if clampedTTL != ttl { - log.Info(fmt.Sprintf("record's TTL for private zone must be in the range of 600 to 86400, set it to %d", clampedTTL), "record", rr) - } - request.Ttl = requests.NewInteger64(clampedTTL) - - response := pvtz.CreateUpdateZoneRecordResponse() - return p.client.DoActionWithSetDomain(request, response) -} - -func (p *privateZoneService) Delete(zoneName, rr, target string) error { - id, err := p.lookupPrivateZoneID(zoneName) - if err != nil { - return fmt.Errorf("failed lookup private zone id: %w", err) - } - - recordID, err := p.getRecordID(id, rr, target) - if err != nil { - return err - } - - request := pvtz.CreateDeleteZoneRecordRequest() - request.Scheme = "https" - request.RecordId = requests.NewInteger64(recordID) - - response := pvtz.CreateDeleteZoneRecordResponse() - return p.client.DoActionWithSetDomain(request, response) -} - -// getRecordID finds the ID by dns name and an optional argument target. -func (p *privateZoneService) getRecordID(id, dnsName, target string) (int64, error) { - request := pvtz.CreateDescribeZoneRecordsRequest() - request.Scheme = "https" - request.ZoneId = id - request.Keyword = dnsName - request.SearchMode = "EXACT" - - response := pvtz.CreateDescribeZoneRecordsResponse() - if err := p.client.DoActionWithSetDomain(request, response); err != nil { - return 0, fmt.Errorf("failed on describe pvtz records: %w", err) - } - - for _, record := range response.Records.Record { - if record.Rr == dnsName && (target == "" || target == record.Value) { - return record.RecordId, nil - } - } - - return 0, fmt.Errorf("cannot find record %q for pvtz %q", dnsName, id) -} - -// lookupPrivateZoneID finds zone ID, and caches it when the zone ID is retrieved successfully. -func (p *privateZoneService) lookupPrivateZoneID(zoneName string) (string, error) { - p.mutex.Lock() - defer p.mutex.Unlock() - - // lookup zoneName in cache first - if id, ok := p.pvtzIDs[zoneName]; ok { - return id, nil - } - - request := pvtz.CreateDescribeZonesRequest() - request.Scheme = "https" - request.QueryRegionId = p.client.RegionID - request.Keyword = zoneName - request.SearchMode = "EXACT" - request.PageSize = requests.NewInteger(100) - response := pvtz.CreateDescribeZonesResponse() - - if err := p.client.DoActionWithSetDomain(request, response); err != nil { - return "", fmt.Errorf("failed on describe private zones: %w", err) - } - - for _, zone := range response.Zones.Zone { - if zoneName == zone.ZoneName { - log.Info("found private zone ID %q for zone name %s, add it to cache", zone.ZoneId, zoneName) - p.pvtzIDs[zoneName] = zone.ZoneId - return zone.ZoneId, nil - } - } - - return "", fmt.Errorf("private zone id for name %q not found", zoneName) -} - -func NewPublicZoneService(client *Client) Service { - return &publicZoneService{ - client: client, - } -} - -func NewPrivateZoneService(client *Client) Service { - return &privateZoneService{ - client: client, - pvtzIDs: make(map[string]string), - } -} - -// NewClient creates a new AlibabaCloud OpenAPI client -func NewClient(sdkClient *sdk.Client, regionID string) *Client { - return &Client{ - Client: sdkClient, - RegionID: regionID, - } -} - -// DoActionWithSetDomain resolves the endpoint for the given API call, and does the request. -// For some reason, the SDK will return an error if there's no endpoint for this region, -// so it's necessary to set a default endpoint manually for now. -func (client *Client) DoActionWithSetDomain(request requests.AcsRequest, response responses.AcsResponse) error { - endpoint, err := endpoints.Resolve(&endpoints.ResolveParam{ - Product: strings.ToLower(request.GetProduct()), - RegionId: strings.ToLower(client.RegionID), - }) - if err != nil { - var ok bool - // although it should be guaranteed that product ID will always be found in defaultEndpoints, - // to be safety, it will return error here instead of panic. - endpoint, ok = defaultEndpoints[strings.ToLower(request.GetProduct())] - if !ok { - return fmt.Errorf("failed find default endpoint for product %s", request.GetProduct()) - } - } - request.SetDomain(endpoint) - - return client.DoAction(request, response) -} diff --git a/pkg/dns/alibaba/util/credentials.go b/pkg/dns/alibaba/util/credentials.go deleted file mode 100644 index ca2be25ae..000000000 --- a/pkg/dns/alibaba/util/credentials.go +++ /dev/null @@ -1,64 +0,0 @@ -package util - -import ( - "fmt" - "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials" - "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider" - "io/ioutil" - corev1 "k8s.io/api/core/v1" - "os" - "sync" -) - -var ( - mutex sync.Mutex -) - -// Credentials contains AccessKeyID and AccessKeySecret to grant access to AlibabaCloud OpenAPI -type Credentials struct { - AccessKeyID string - AccessKeySecret string -} - -// FetchAlibabaCredentialsIniFromSecret fetches secret from cloud credentials and returns Credentials -// which provides access key & secret key. -func FetchAlibabaCredentialsIniFromSecret(secret *corev1.Secret) (*Credentials, error) { - creds, ok := secret.Data["credentials"] - if !ok { - return nil, fmt.Errorf("failed to fetch key 'credentials' in secret data") - } - f, err := ioutil.TempFile("", "alibaba-creds-*") - if err != nil { - return nil, err - } - defer os.Remove(f.Name()) - defer f.Close() - - _, err = f.Write(creds) - if err != nil { - return nil, err - } - // This lock is used to prevent the environment variable from being updated while we - // are using the environment variable to call the Alibaba credential provider chain. - mutex.Lock() - defer mutex.Unlock() - os.Setenv(provider.ENVCredentialFile, f.Name()) - defer os.Unsetenv(provider.ENVCredentialFile) - // use Alibaba provider initialization - p := provider.NewProfileProvider("default") - // get a valid auth credential - authCred, err := p.Resolve() - if err != nil { - return nil, fmt.Errorf("failed to get alibabacloud auth credentials: %w", err) - } - - c, ok := authCred.(*credentials.AccessKeyCredential) - if !ok { - return nil, fmt.Errorf("failed to convert the credential to an AccessKeyCredential") - } - - return &Credentials{ - AccessKeyID: c.AccessKeyId, - AccessKeySecret: c.AccessKeySecret, - }, nil -} diff --git a/pkg/dns/alibaba/util/numbers.go b/pkg/dns/alibaba/util/numbers.go deleted file mode 100644 index c4ac045fd..000000000 --- a/pkg/dns/alibaba/util/numbers.go +++ /dev/null @@ -1,13 +0,0 @@ -package util - -// Clamp return the clamped value of val. -func Clamp(val, min, max int64) int64 { - if val < min { - return min - } - if val > max { - return max - } - - return val -} diff --git a/pkg/dns/alibaba/util/numbers_test.go b/pkg/dns/alibaba/util/numbers_test.go deleted file mode 100644 index fb02bcc57..000000000 --- a/pkg/dns/alibaba/util/numbers_test.go +++ /dev/null @@ -1,25 +0,0 @@ -package util - -import ( - "github.com/stretchr/testify/assert" - "testing" -) - -func Test_Clamp(t *testing.T) { - cases := []struct { - val int64 - min int64 - max int64 - excepted int64 - }{ - {30, 5, 60, 30}, - {30, 60, 300, 60}, - {300, 30, 60, 60}, - {30, 30, 60, 30}, - {60, 30, 60, 60}, - } - - for _, c := range cases { - assert.Equal(t, c.excepted, Clamp(c.val, c.min, c.max)) - } -} diff --git a/pkg/operator/controller/dns/controller.go b/pkg/operator/controller/dns/controller.go index 25c55dbd0..fe3ec71c0 100644 --- a/pkg/operator/controller/dns/controller.go +++ b/pkg/operator/controller/dns/controller.go @@ -14,8 +14,6 @@ import ( iov1 "github.com/openshift/api/operatoringress/v1" "github.com/openshift/cluster-ingress-operator/pkg/dns" - alidns "github.com/openshift/cluster-ingress-operator/pkg/dns/alibaba" - aliutil "github.com/openshift/cluster-ingress-operator/pkg/dns/alibaba/util" awsdns "github.com/openshift/cluster-ingress-operator/pkg/dns/aws" azuredns "github.com/openshift/cluster-ingress-operator/pkg/dns/azure" gcpdns "github.com/openshift/cluster-ingress-operator/pkg/dns/gcp" @@ -235,7 +233,7 @@ func (r *reconciler) createDNSProviderIfNeeded(dnsConfig *configv1.DNS, record * creds := &corev1.Secret{} switch platformStatus.Type { case configv1.AWSPlatformType, configv1.AzurePlatformType, configv1.GCPPlatformType, - configv1.IBMCloudPlatformType, configv1.PowerVSPlatformType, configv1.AlibabaCloudPlatformType: + configv1.IBMCloudPlatformType, configv1.PowerVSPlatformType: if platformStatus.Type == configv1.IBMCloudPlatformType && infraConfig.Status.ControlPlaneTopology == configv1.ExternalTopologyMode { break } @@ -779,25 +777,6 @@ func (r *reconciler) createDNSProvider(dnsConfig *configv1.DNS, platformStatus * log.Info("using fake DNS provider as both CISInstanceCRN and DNSInstanceCRN are empty") return &dns.FakeProvider{}, nil } - case configv1.AlibabaCloudPlatformType: - if platformStatus.AlibabaCloud.Region == "" { - return nil, fmt.Errorf("missing region id in platform status") - } - - cred, err := aliutil.FetchAlibabaCredentialsIniFromSecret(creds) - if err != nil { - return nil, err - } - - provider, err := alidns.NewProvider(alidns.Config{ - Region: platformStatus.AlibabaCloud.Region, - AccessKeyID: cred.AccessKeyID, - AccessSecret: cred.AccessKeySecret, - }) - if err != nil { - return nil, fmt.Errorf("failed to create AlibabaCloud DNS manager: %v", err) - } - dnsProvider = provider default: dnsProvider = &dns.FakeProvider{} } diff --git a/pkg/operator/controller/ingress/controller.go b/pkg/operator/controller/ingress/controller.go index e5a9bc60c..366b934e7 100644 --- a/pkg/operator/controller/ingress/controller.go +++ b/pkg/operator/controller/ingress/controller.go @@ -425,7 +425,7 @@ func setDefaultPublishingStrategy(ic *operatorv1.IngressController, platformStat if effectiveStrategy == nil { var strategyType operatorv1.EndpointPublishingStrategyType switch platformStatus.Type { - case configv1.AWSPlatformType, configv1.AzurePlatformType, configv1.GCPPlatformType, configv1.IBMCloudPlatformType, configv1.PowerVSPlatformType, configv1.AlibabaCloudPlatformType: + case configv1.AWSPlatformType, configv1.AzurePlatformType, configv1.GCPPlatformType, configv1.IBMCloudPlatformType, configv1.PowerVSPlatformType: strategyType = operatorv1.LoadBalancerServiceStrategyType case configv1.LibvirtPlatformType: strategyType = operatorv1.HostNetworkStrategyType diff --git a/pkg/operator/controller/ingress/controller_test.go b/pkg/operator/controller/ingress/controller_test.go index 908c875f8..de092ec4e 100644 --- a/pkg/operator/controller/ingress/controller_test.go +++ b/pkg/operator/controller/ingress/controller_test.go @@ -247,12 +247,6 @@ func TestSetDefaultPublishingStrategySetsPlatformDefaults(t *testing.T) { expectedIC *operatorv1.IngressController domainMatchesBaseDomain bool }{ - { - name: "Alibaba", - platformStatus: makePlatformStatus(configv1.AlibabaCloudPlatformType), - expectedIC: ingressControllerWithLoadBalancer, - domainMatchesBaseDomain: true, - }, { name: "AWS", platformStatus: makePlatformStatus(configv1.AWSPlatformType), diff --git a/pkg/operator/controller/ingress/load_balancer_service.go b/pkg/operator/controller/ingress/load_balancer_service.go index cbd2aa187..b493f7d50 100644 --- a/pkg/operator/controller/ingress/load_balancer_service.go +++ b/pkg/operator/controller/ingress/load_balancer_service.go @@ -123,18 +123,6 @@ const ( // available endpoint if no local endpoint is available. localWithFallbackAnnotation = "traffic-policy.network.alpha.openshift.io/local-with-fallback" - // alibabaCloudLBAddressTypeAnnotation is the annotation used on a service - // to specify the network type of an Aliyun SLB - alibabaCloudLBAddressTypeAnnotation = "service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type" - - // alibabaCloudLBAddressTypeInternet is the service annotation value used to specify an Aliyun SLB - // IP is exposed to the internet (public) - alibabaCloudLBAddressTypeInternet = "internet" - - // alibabaCloudLBAddressTypeIntranet is the service annotation value used to specify an Aliyun SLB - // IP is exposed to the intranet (private) - alibabaCloudLBAddressTypeIntranet = "intranet" - // autoDeleteLoadBalancerAnnotation is an annotation that can be set on // an IngressController to indicate that the operator should // automatically delete any associated service load-balancer when its @@ -183,9 +171,6 @@ var ( configv1.PowerVSPlatformType: { iksLBScopeAnnotation: iksLBScopePrivate, }, - configv1.AlibabaCloudPlatformType: { - alibabaCloudLBAddressTypeAnnotation: alibabaCloudLBAddressTypeIntranet, - }, configv1.NutanixPlatformType: nil, } @@ -441,11 +426,6 @@ func desiredLoadBalancerService(ci *operatorv1.IngressController, deploymentRef if proxyNeeded { service.Annotations[iksLBEnableFeaturesAnnotation] = iksLBEnableFeaturesProxyProtocol } - - case configv1.AlibabaCloudPlatformType: - if !isInternal { - service.Annotations[alibabaCloudLBAddressTypeAnnotation] = alibabaCloudLBAddressTypeInternet - } } // Azure load balancers are not customizable and are set to (2 fail @ 5s interval, 2 healthy) // GCP load balancers are not customizable and are set to (3 fail @ 8s interval, 1 healthy) diff --git a/pkg/operator/controller/ingress/load_balancer_service_test.go b/pkg/operator/controller/ingress/load_balancer_service_test.go index e68711ecf..5e871dc6c 100644 --- a/pkg/operator/controller/ingress/load_balancer_service_test.go +++ b/pkg/operator/controller/ingress/load_balancer_service_test.go @@ -383,28 +383,6 @@ func Test_desiredLoadBalancerService(t *testing.T) { localWithFallbackAnnotation: {true, ""}, }, }, - { - description: "external load balancer for alibaba platform", - platformStatus: platformStatus(configv1.AlibabaCloudPlatformType), - strategy: lbs(operatorv1.ExternalLoadBalancer), - expectService: true, - expectedExternalTrafficPolicy: corev1.ServiceExternalTrafficPolicyLocal, - expectedServiceAnnotations: map[string]annotationExpectation{ - alibabaCloudLBAddressTypeAnnotation: {true, alibabaCloudLBAddressTypeInternet}, - localWithFallbackAnnotation: {true, ""}, - }, - }, - { - description: "internal load balancer for alibaba platform", - platformStatus: platformStatus(configv1.AlibabaCloudPlatformType), - strategy: lbs(operatorv1.InternalLoadBalancer), - expectService: true, - expectedExternalTrafficPolicy: corev1.ServiceExternalTrafficPolicyLocal, - expectedServiceAnnotations: map[string]annotationExpectation{ - alibabaCloudLBAddressTypeAnnotation: {true, alibabaCloudLBAddressTypeIntranet}, - localWithFallbackAnnotation: {true, ""}, - }, - }, } for _, tc := range testCases { diff --git a/test/e2e/operator_test.go b/test/e2e/operator_test.go index 07291924d..233b6d2da 100644 --- a/test/e2e/operator_test.go +++ b/test/e2e/operator_test.go @@ -1116,11 +1116,10 @@ func TestInternalLoadBalancer(t *testing.T) { platform := infraConfig.Status.PlatformStatus.Type supportedPlatforms := map[configv1.PlatformType]struct{}{ - configv1.AWSPlatformType: {}, - configv1.AzurePlatformType: {}, - configv1.GCPPlatformType: {}, - configv1.IBMCloudPlatformType: {}, - configv1.AlibabaCloudPlatformType: {}, + configv1.AWSPlatformType: {}, + configv1.AzurePlatformType: {}, + configv1.GCPPlatformType: {}, + configv1.IBMCloudPlatformType: {}, } if _, supported := supportedPlatforms[platform]; !supported { t.Skipf("test skipped on platform %q", platform) @@ -1476,12 +1475,11 @@ func TestScopeChange(t *testing.T) { } platform := infraConfig.Status.PlatformStatus.Type supportedPlatforms := map[configv1.PlatformType]struct{}{ - configv1.AlibabaCloudPlatformType: {}, - configv1.AWSPlatformType: {}, - configv1.AzurePlatformType: {}, - configv1.GCPPlatformType: {}, - configv1.IBMCloudPlatformType: {}, - configv1.PowerVSPlatformType: {}, + configv1.AWSPlatformType: {}, + configv1.AzurePlatformType: {}, + configv1.GCPPlatformType: {}, + configv1.IBMCloudPlatformType: {}, + configv1.PowerVSPlatformType: {}, } if _, supported := supportedPlatforms[platform]; !supported { t.Skipf("test skipped on platform %q", platform) @@ -1524,7 +1522,7 @@ func TestScopeChange(t *testing.T) { } switch platform { - case configv1.AlibabaCloudPlatformType, configv1.AWSPlatformType, configv1.IBMCloudPlatformType, configv1.PowerVSPlatformType: + case configv1.AWSPlatformType, configv1.IBMCloudPlatformType, configv1.PowerVSPlatformType: progressingTrue := operatorv1.OperatorCondition{ Type: operatorv1.OperatorStatusTypeProgressing, Status: operatorv1.ConditionTrue, diff --git a/test/e2e/unmanaged_dns_test.go b/test/e2e/unmanaged_dns_test.go index 3748bbb7a..e874d146b 100644 --- a/test/e2e/unmanaged_dns_test.go +++ b/test/e2e/unmanaged_dns_test.go @@ -198,12 +198,11 @@ func TestUnmanagedDNSToManagedDNSInternalIngressController(t *testing.T) { platform := infraConfig.Status.PlatformStatus.Type supportedPlatforms := map[configv1.PlatformType]struct{}{ - configv1.AlibabaCloudPlatformType: {}, - configv1.AWSPlatformType: {}, - configv1.AzurePlatformType: {}, - configv1.GCPPlatformType: {}, - configv1.IBMCloudPlatformType: {}, - configv1.PowerVSPlatformType: {}, + configv1.AWSPlatformType: {}, + configv1.AzurePlatformType: {}, + configv1.GCPPlatformType: {}, + configv1.IBMCloudPlatformType: {}, + configv1.PowerVSPlatformType: {}, } if _, supported := supportedPlatforms[platform]; !supported { t.Skipf("test skipped on platform %q", platform) @@ -268,7 +267,7 @@ func TestUnmanagedDNSToManagedDNSInternalIngressController(t *testing.T) { // Only delete the service on platforms that don't automatically update the service's scope. switch platform { - case configv1.AlibabaCloudPlatformType, configv1.AWSPlatformType, configv1.IBMCloudPlatformType, configv1.PowerVSPlatformType: + case configv1.AWSPlatformType, configv1.IBMCloudPlatformType, configv1.PowerVSPlatformType: if err := kclient.Delete(context.TODO(), lbService); err != nil && !errors.IsNotFound(err) { t.Fatalf("failed to delete svc %s: %v", lbService.Name, err) }