OCPBUGS-28870: IBMCloud: Restrict CIS and DNS Service lookup

Restrict when the CIS and DNS Service instances are looked up
in IBM Cloud, based on the PublishingStrategy, CIS for External,
DNS Services for Internal. Preventing a baseDomain in each
service resulting in both instances being found for metadata
generation.

Related: https://issues.redhat.com/browse/OCPBUGS-28870

Author: cjschaef

pkg/asset/installconfig/ibmcloud/metadata.go

@@ -27,6 +27,7 @@ type Metadata struct {
 	computeSubnets      map[string]Subnet
 	controlPlaneSubnets map[string]Subnet
 	dnsInstance         *DNSInstance
+	publishStrategy     types.PublishingStrategy
 	serviceEndpoints    []configv1.IBMCloudServiceEndpoint
 
 	mutex       sync.Mutex
@@ -46,6 +47,7 @@ func NewMetadata(config *types.InstallConfig) *Metadata {
 		BaseDomain:              config.BaseDomain,
 		ComputeSubnetNames:      config.Platform.IBMCloud.ComputeSubnets,
 		ControlPlaneSubnetNames: config.Platform.IBMCloud.ControlPlaneSubnets,
+		publishStrategy:         config.Publish,
 		Region:                  config.Platform.IBMCloud.Region,
 		serviceEndpoints:        config.Platform.IBMCloud.ServiceEndpoints,
 	}
@@ -79,7 +81,8 @@ func (m *Metadata) CISInstanceCRN(ctx context.Context) (string, error) {
 	m.mutex.Lock()
 	defer m.mutex.Unlock()
 
-	if m.cisInstanceCRN == "" {
+	// Only attempt to find the CIS instance if using ExternalPublishingStrategy and we have not collected it already
+	if m.publishStrategy == types.ExternalPublishingStrategy && m.cisInstanceCRN == "" {
 		client, err := m.Client()
 		if err != nil {
 			return "", err
@@ -111,8 +114,9 @@ func (m *Metadata) DNSInstance(ctx context.Context) (*DNSInstance, error) {
 	m.mutex.Lock()
 	defer m.mutex.Unlock()
 
-	// Prevent multiple attempts to retrieve (set) the dnsInstance if it hasn't been set (multiple threads reach mutex concurrently)
-	if m.dnsInstance == nil {
+	// Only attempt to find the DNS Services instance if using InternalPublishingStrategy and also
+	// prevent multiple attempts to retrieve (set) the dnsInstance if it hasn't been set (multiple threads reach mutex concurrently)
+	if m.publishStrategy == types.InternalPublishingStrategy && m.dnsInstance == nil {
 		client, err := m.Client()
 		if err != nil {
 			return nil, err

pkg/asset/installconfig/ibmcloud/metadata_test.go

@@ -178,9 +178,14 @@ func baseMetadata() *Metadata {
 				Region: region,
 			},
 		},
+		Publish: types.ExternalPublishingStrategy,
 	})
 }
 
+func setInternalPublishingStrategy(m *Metadata) {
+	m.publishStrategy = types.InternalPublishingStrategy
+}
+
 func TestAccountID(t *testing.T) {
 	testCases := []struct {
 		name          string
@@ -406,6 +411,7 @@ func TestDNSInstance(t *testing.T) {
 	for _, tCase := range testCases {
 		t.Run(tCase.name, func(t *testing.T) {
 			metadata := baseMetadata()
+			setInternalPublishingStrategy(metadata)
 			metadata.client = ibmcloudClient
 			for _, edit := range tCase.edits {
 				edit(metadata)
@@ -438,6 +444,7 @@ func TestSetDNSInstance(t *testing.T) {
 	for _, tCase := range testCases {
 		t.Run(tCase.name, func(t *testing.T) {
 			metadata := baseMetadata()
+			setInternalPublishingStrategy(metadata)
 
 			metadata.dnsInstance = &DNSInstance{
 				ID:  tCase.dnsID,