Respect cloud configuration in dnsrecord (#1018)

* fix issue with dnsrecord on CN not having a region

* remove unneeded objects

hack/api-reference/api.md

@@ -16,8 +16,6 @@ Resource Types:
 </li><li>
 <a href="#azure.provider.extensions.gardener.cloud/v1alpha1.ControlPlaneConfig">ControlPlaneConfig</a>
 </li><li>
-<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.DNSRecordConfig">DNSRecordConfig</a>
-</li><li>
 <a href="#azure.provider.extensions.gardener.cloud/v1alpha1.InfrastructureConfig">InfrastructureConfig</a>
 </li><li>
 <a href="#azure.provider.extensions.gardener.cloud/v1alpha1.WorkerConfig">WorkerConfig</a>
@@ -230,52 +228,6 @@ Storage
 </tr>
 </tbody>
 </table>
-<h3 id="azure.provider.extensions.gardener.cloud/v1alpha1.DNSRecordConfig">DNSRecordConfig
-</h3>
-<p>
-<p>DNSRecordConfig is the provider-specific configuration for DNSRecords.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>apiVersion</code></br>
-string</td>
-<td>
-<code>
-azure.provider.extensions.gardener.cloud/v1alpha1
-</code>
-</td>
-</tr>
-<tr>
-<td>
-<code>kind</code></br>
-string
-</td>
-<td><code>DNSRecordConfig</code></td>
-</tr>
-<tr>
-<td>
-<code>cloudConfiguration</code></br>
-<em>
-<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.CloudConfiguration">
-CloudConfiguration
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>CloudConfiguration contains config that controls which cloud to connect to.</p>
-</td>
-</tr>
-</tbody>
-</table>
 <h3 id="azure.provider.extensions.gardener.cloud/v1alpha1.InfrastructureConfig">InfrastructureConfig
 </h3>
 <p>
@@ -621,8 +573,7 @@ string
 <p>
 (<em>Appears on:</em>
 <a href="#azure.provider.extensions.gardener.cloud/v1alpha1.BackupBucketConfig">BackupBucketConfig</a>, 
-<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.CloudProfileConfig">CloudProfileConfig</a>, 
-<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.DNSRecordConfig">DNSRecordConfig</a>)
+<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.CloudProfileConfig">CloudProfileConfig</a>)
 </p>
 <p>
 <p>CloudConfiguration contains detailed config for the cloud to connect to. Currently we only support selection of well-

pkg/apis/azure/helper/scheme.go

@@ -102,22 +102,6 @@ func BackupConfigFromBackupBucket(backupBucket *extensionsv1alpha1.BackupBucket)
 	return backupConfig, nil
 }
 
-// DNSRecordConfigFromDNSRecord decodes the provider specific config from a given DNSRecord object.
-func DNSRecordConfigFromDNSRecord(dnsRecord *extensionsv1alpha1.DNSRecord) (api.DNSRecordConfig, error) {
-	dnsRecordConfig := api.DNSRecordConfig{}
-	if dnsRecord != nil && dnsRecord.Spec.ProviderConfig != nil {
-		dnsJson, err := dnsRecord.Spec.ProviderConfig.MarshalJSON()
-		if err != nil {
-			return dnsRecordConfig, err
-		}
-
-		if _, _, err := decoder.Decode(dnsJson, nil, &dnsRecordConfig); err != nil {
-			return dnsRecordConfig, err
-		}
-	}
-	return dnsRecordConfig, nil
-}
-
 // InfrastructureStateFromRaw extracts the state from the Infrastructure. If no state was available, it returns a "zero" value InfrastructureState object.
 func InfrastructureStateFromRaw(raw *runtime.RawExtension) (*api.InfrastructureState, error) {
 	state := &api.InfrastructureState{}

pkg/apis/azure/register.go

@@ -34,16 +34,6 @@ var (
 
 // Adds the list of known types to api.Scheme.
 func addKnownTypes(scheme *runtime.Scheme) error {
-	scheme.AddKnownTypes(SchemeGroupVersion,
-		&CloudProfileConfig{},
-		&InfrastructureConfig{},
-		&InfrastructureStatus{},
-		&InfrastructureState{},
-		&ControlPlaneConfig{},
-		&WorkerStatus{},
-		&WorkerConfig{},
-		&BackupBucketConfig{},
-		&DNSRecordConfig{},
-	)
+	scheme.AddKnownTypes(SchemeGroupVersion, &CloudProfileConfig{}, &InfrastructureConfig{}, &InfrastructureStatus{}, &InfrastructureState{}, &ControlPlaneConfig{}, &WorkerStatus{}, &WorkerConfig{}, &BackupBucketConfig{})
 	return nil
 }

pkg/apis/azure/v1alpha1/register.go

@@ -37,7 +37,6 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&WorkerConfig{},
 		&WorkerStatus{},
 		&BackupBucketConfig{},
-		&DNSRecordConfig{},
 	)
 	return nil
 }

pkg/azure/client/factory.go

@@ -41,10 +41,18 @@ func NewAzureClientFactoryFromSecret(
 	isDNSSecret bool,
 	options ...AzureFactoryOption,
 ) (Factory, error) {
-	auth, err := internal.GetClientAuthData(ctx, client, secretRef, isDNSSecret)
+	auth, secret, err := internal.GetClientAuthData(ctx, client, secretRef, isDNSSecret)
 	if err != nil {
 		return nil, err
 	}
+	if isDNSSecret {
+		acc, err := cloudConfigurationFromSecret(secret)
+		if err != nil {
+			return nil, err
+		}
+		// prepend the cloud configuration from the secret in favor of the explicit ones that may be passed from options.
+		options = append([]AzureFactoryOption{WithCloudConfiguration(acc)}, options...)
+	}
 	return NewAzureClientFactory(auth, options...)
 }
 

pkg/azure/client/helper.go

@@ -15,8 +15,10 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/go-autorest/autorest"
 	azerrors "github.com/AzureAD/microsoft-authentication-library-for-go/apps/errors"
+	corev1 "k8s.io/api/core/v1"
 
 	"github.com/gardener/gardener-extension-provider-azure/pkg/apis/azure"
+	azuretypes "github.com/gardener/gardener-extension-provider-azure/pkg/azure"
 )
 
 // FilterNotFoundError returns nil for NotFound errors.
@@ -89,6 +91,17 @@ func AzureCloudConfiguration(cloudConfiguration *azure.CloudConfiguration, regio
 	return AzureCloudConfigurationFromCloudConfiguration(cloudConf)
 }
 
+// cloudConfigurationFromRegion returns a matching cloudConfiguration corresponding to a well known cloud instance for the given region
+func cloudConfigurationFromSecret(secret *corev1.Secret) (cloud.Configuration, error) {
+	if v, ok := secret.Data[azuretypes.AzureCloud]; ok {
+		return AzureCloudConfigurationFromCloudConfiguration(&azure.CloudConfiguration{Name: string(v)})
+	}
+	if v, ok := secret.Data[azuretypes.DNSAzureCloud]; ok {
+		return AzureCloudConfigurationFromCloudConfiguration(&azure.CloudConfiguration{Name: string(v)})
+	}
+	return AzureCloudConfigurationFromCloudConfiguration(nil)
+}
+
 // cloudConfigurationFromRegion returns a matching cloudConfiguration corresponding to a well known cloud instance for the given region
 func cloudConfigurationFromRegion(region string) *azure.CloudConfiguration {
 	switch {
@@ -106,7 +119,6 @@ func AzureCloudConfigurationFromCloudConfiguration(cloudConfiguration *azure.Clo
 	if cloudConfiguration == nil {
 		return cloud.AzurePublic, nil
 	}
-
 	cloudConfigurationName := cloudConfiguration.Name
 	switch {
 	case strings.EqualFold(cloudConfigurationName, azure.AzurePublicCloudName):

pkg/azure/types.go

@@ -57,6 +57,8 @@ const (
 	ClientIDKey = "clientID"
 	// ClientSecretKey is the key for the client secret.
 	ClientSecretKey = "clientSecret"
+	// AzureCloud is the key for the cloud configuration in the DNS Secret.
+	AzureCloud = "azureCloud" // #nosec G101 -- No credential.
 
 	// DNSSubscriptionIDKey is the key for the subscription ID in DNS secrets.
 	DNSSubscriptionIDKey = "AZURE_SUBSCRIPTION_ID"
@@ -66,6 +68,8 @@ const (
 	DNSClientIDKey = "AZURE_CLIENT_ID"
 	// DNSClientSecretKey is the key for the client secret in DNS secrets.
 	DNSClientSecretKey = "AZURE_CLIENT_SECRET" // #nosec G101 -- No credential.
+	// DNSAzureCloud is the key for the cloud configuration in the DNS Secret
+	DNSAzureCloud = "AZURE_CLOUD" // #nosec G101 -- No credential.
 
 	// StorageAccount is a constant for the key in a cloud provider secret and backup secret that holds the Azure account name.
 	StorageAccount = "storageAccount"

pkg/controller/controlplane/valuesprovider.go

@@ -328,7 +328,7 @@ func (vp *valuesProvider) GetConfigChartValues(ctx context.Context, cp *extensio
 	}
 
 	// Get client auth
-	auth, err := internal.GetClientAuthData(ctx, vp.client, cp.Spec.SecretRef, false)
+	auth, _, err := internal.GetClientAuthData(ctx, vp.client, cp.Spec.SecretRef, false)
 	if err != nil {
 		return nil, fmt.Errorf("could not get service account from secret '%s/%s': %w", cp.Spec.SecretRef.Namespace, cp.Spec.SecretRef.Name, err)
 	}