fix: updated the confirm_lb_active.sh and reset_iks_api_key.sh scripts to honour IBM Cloud enviornemnt variable overrides (#583)

Aashiq-J · web-flow · commit 58bd1f226704 · 2025-01-16T15:39:55.000Z
diff --git a/README.md b/README.md
@@ -119,11 +119,13 @@ module "ocp_base" {
 
 ### Customizing default cloud service endpoints.
 
-The user must export the endpoint as an environment variable in order to use custom cloud service endpoints with this module. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints#1-define-service-endpoints-by-using-environment-variables).
+The user must export the endpoint as an environment variable in order to use custom cloud service endpoints with this module. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints#getting-started-with-custom-service-endpoints).
 
-**Important** The only supported method for customizing cloud service endpoints is to export the endpoint; be sure to export the value for `IBMCLOUD_API_ENDPOINT`. For example,
+**Important** The only supported method for customizing cloud service endpoints is to export the enviroment variables endpoint; be sure to export the value for `IBMCLOUD_IAM_API_ENDPOINT`, `IBMCLOUD_CS_API_ENDPOINT` and `IBMCLOUD_IS_NG_API_ENDPOINT`. For example,
 ```
-export IBMCLOUD_API_ENDPOINT="<endpoint_url>"
+export IBMCLOUD_IAM_API_ENDPOINT="<endpoint_url>"
+export IBMCLOUD_CS_API_ENDPOINT="<endpoint_url>"
+export IBMCLOUD_IS_NG_API_ENDPOINT="<endpoint_url>"
 ```
 
 ### Secure by default cluster settings
diff --git a/scripts/confirm_lb_active.sh b/scripts/confirm_lb_active.sh
@@ -5,7 +5,6 @@ set -euo pipefail
 REGION="$1"
 LB_ID="$2"
 PRIVATE_ENV="$3"
-CLOUD_ENDPOINT=""
 API_VERSION="2024-03-01"
 
 if [[ -z "${REGION}" ]]; then
@@ -14,16 +13,21 @@ if [[ -z "${REGION}" ]]; then
 fi
 
 get_cloud_endpoint() {
-    cloud_endpoint="${IBMCLOUD_API_ENDPOINT:-"cloud.ibm.com"}"
-    CLOUD_ENDPOINT=${cloud_endpoint#https://}
+    cloud_endpoint="${IBMCLOUD_IS_NG_API_ENDPOINT:-"iaas.cloud.ibm.com"}"
+    IBMCLOUD_IS_NG_API_ENDPOINT=${cloud_endpoint#https://}
 }
 
 get_cloud_endpoint
+
 lb_attempts=1
-if [ "$PRIVATE_ENV" = true ]; then
-    URL="https://$REGION.private.iaas.$CLOUD_ENDPOINT/v1/load_balancers/$LB_ID?version=$API_VERSION&generation=2"
+if [ "$IBMCLOUD_IS_NG_API_ENDPOINT" = "iaas.cloud.ibm.com" ]; then
+    if [ "$PRIVATE_ENV" = true ]; then
+        URL="https://$REGION.private.$IBMCLOUD_IS_NG_API_ENDPOINT/v1/load_balancers/$LB_ID?version=$API_VERSION&generation=2"
+    else
+        URL="https://$REGION.$IBMCLOUD_IS_NG_API_ENDPOINT/v1/load_balancers/$LB_ID?version=$API_VERSION&generation=2"
+    fi
 else
-    URL="https://$REGION.iaas.$CLOUD_ENDPOINT/v1/load_balancers/$LB_ID?version=$API_VERSION&generation=2"
+    URL="https://$IBMCLOUD_IS_NG_API_ENDPOINT/v1/load_balancers/$LB_ID?version=$API_VERSION&generation=2"
 fi
 
 while true; do
diff --git a/scripts/reset_iks_api_key.sh b/scripts/reset_iks_api_key.sh
@@ -7,7 +7,6 @@ RESOURCE_GROUP_ID="$2"
 APIKEY_KEY_NAME="containers-kubernetes-key"
 PRIVATE_ENV="$3"
 CLUSTER_ENDPOINT="$4"
-CLOUD_ENDPOINT=""
 
 if [[ -z "${REGION}" ]]; then
     echo "Region must be passed as first input script argument" >&2
@@ -20,16 +19,24 @@ if [[ -z "${RESOURCE_GROUP_ID}" ]]; then
 fi
 
 get_cloud_endpoint() {
-    cloud_endpoint="${IBMCLOUD_API_ENDPOINT:-"cloud.ibm.com"}"
-    CLOUD_ENDPOINT=${cloud_endpoint#https://}
+    iam_cloud_endpoint="${IBMCLOUD_IAM_API_ENDPOINT:-"iam.cloud.ibm.com"}"
+    IBMCLOUD_IAM_API_ENDPOINT=${iam_cloud_endpoint#https://}
+
+    cs_api_endpoint="${IBMCLOUD_CS_API_ENDPOINT:-"containers.cloud.ibm.com"}"
+    cs_api_endpoint=${cs_api_endpoint#https://}
+    IBMCLOUD_CS_API_ENDPOINT=${cs_api_endpoint%/global}
 }
 
 get_cloud_endpoint
 
-if [ "$PRIVATE_ENV" = true ]; then
-    IAM_URL="https://private.iam.$CLOUD_ENDPOINT/v1/apikeys?account_id=$ACCOUNT_ID&scope=account&pagesize=100&type=user&sort=name"
+if [ "$IBMCLOUD_IAM_API_ENDPOINT" = "iam.cloud.ibm.com" ]; then
+    if [ "$PRIVATE_ENV" = true ]; then
+        IAM_URL="https://private.$IBMCLOUD_IAM_API_ENDPOINT/v1/apikeys?account_id=$ACCOUNT_ID&scope=account&pagesize=100&type=user&sort=name"
+    else
+        IAM_URL="https://$IBMCLOUD_IAM_API_ENDPOINT/v1/apikeys?account_id=$ACCOUNT_ID&scope=account&pagesize=100&type=user&sort=name"
+    fi
 else
-    IAM_URL="https://iam.$CLOUD_ENDPOINT/v1/apikeys?account_id=$ACCOUNT_ID&scope=account&pagesize=100&type=user&sort=name"
+    IAM_URL="https://$IBMCLOUD_IAM_API_ENDPOINT/v1/apikeys?account_id=$ACCOUNT_ID&scope=account&pagesize=100&type=user&sort=name"
 fi
 
 reset=true
@@ -59,18 +66,24 @@ fetch_data() {
 fetch_data
 
 if [ "${reset}" == true ]; then
-    if [ "$PRIVATE_ENV" = true ]; then
-        if [ "$CLUSTER_ENDPOINT" == "private" ] || [ "$CLUSTER_ENDPOINT" == "default" ]; then
-            RESET_URL="https://private.$REGION.containers.$CLOUD_ENDPOINT/v1/keys"
-            result=$(curl -i -H "accept: application/json" -H "Authorization: $IAM_TOKEN" -H "X-Auth-Resource-Group: $RESOURCE_GROUP_ID" -X POST "$RESET_URL" 2>/dev/null)
-            status_code=$(echo "$result" | head -n 1 | cut -d$' ' -f2)
-        elif [ "$CLUSTER_ENDPOINT" == "vpe" ]; then
-            RESET_URL="https://api.$REGION.containers.$CLOUD_ENDPOINT/v1/keys"
-            result=$(curl -i -H "accept: application/json" -H "Authorization: $IAM_TOKEN" -H "X-Auth-Resource-Group: $RESOURCE_GROUP_ID" -X POST "$RESET_URL" 2>/dev/null)
+    if [ "$IBMCLOUD_CS_API_ENDPOINT" = "containers.cloud.ibm.com" ]; then
+        if [ "$PRIVATE_ENV" = true ]; then
+            if [ "$CLUSTER_ENDPOINT" == "private" ] || [ "$CLUSTER_ENDPOINT" == "default" ]; then
+                RESET_URL="https://private.$REGION.$IBMCLOUD_CS_API_ENDPOINT/v1/keys"
+                result=$(curl -i -H "accept: application/json" -H "Authorization: $IAM_TOKEN" -H "X-Auth-Resource-Group: $RESOURCE_GROUP_ID" -X POST "$RESET_URL" 2>/dev/null)
+                status_code=$(echo "$result" | head -n 1 | cut -d$' ' -f2)
+            elif [ "$CLUSTER_ENDPOINT" == "vpe" ]; then
+                RESET_URL="https://api.$REGION.$IBMCLOUD_CS_API_ENDPOINT/v1/keys"
+                result=$(curl -i -H "accept: application/json" -H "Authorization: $IAM_TOKEN" -H "X-Auth-Resource-Group: $RESOURCE_GROUP_ID" -X POST "$RESET_URL" 2>/dev/null)
+                status_code=$(echo "$result" | head -n 1 | cut -d$' ' -f2)
+            fi
+        else
+            RESET_URL="https://$IBMCLOUD_CS_API_ENDPOINT/global/v1/keys"
+            result=$(curl -i -H "accept: application/json" -H "X-Region: $REGION" -H "Authorization: $IAM_TOKEN" -H "X-Auth-Resource-Group: $RESOURCE_GROUP_ID" -X POST "$RESET_URL" -d '' 2>/dev/null)
             status_code=$(echo "$result" | head -n 1 | cut -d$' ' -f2)
         fi
     else
-        RESET_URL="https://containers.$CLOUD_ENDPOINT/global/v1/keys"
+        RESET_URL="https://$IBMCLOUD_CS_API_ENDPOINT/global/v1/keys"
         result=$(curl -i -H "accept: application/json" -H "X-Region: $REGION" -H "Authorization: $IAM_TOKEN" -H "X-Auth-Resource-Group: $RESOURCE_GROUP_ID" -X POST "$RESET_URL" -d '' 2>/dev/null)
         status_code=$(echo "$result" | head -n 1 | cut -d$' ' -f2)
     fi
