From ecf79ded559b5ba8c953943963bdbd5e0c9e671d Mon Sep 17 00:00:00 2001
From: Rafael Franzke <rafael.franzke@sap.com>
Date: Wed, 2 Mar 2022 16:20:21 +0100
Subject: [PATCH] Use projected token mount for terraformer

---
 cmd/gardener-extension-provider-gcp/app/app.go    |  1 +
 pkg/controller/infrastructure/actuator.go         |  6 ++++--
 pkg/controller/infrastructure/actuator_delete.go  |  2 +-
 pkg/controller/infrastructure/actuator_migrate.go |  2 +-
 .../infrastructure/actuator_reconcile.go          |  2 +-
 pkg/controller/infrastructure/add.go              |  4 +++-
 pkg/internal/terraform.go                         | 15 ++++++++++++---
 7 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/cmd/gardener-extension-provider-gcp/app/app.go b/cmd/gardener-extension-provider-gcp/app/app.go
index 60e67b859..f2e385feb 100644
--- a/cmd/gardener-extension-provider-gcp/app/app.go
+++ b/cmd/gardener-extension-provider-gcp/app/app.go
@@ -194,6 +194,7 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 				controllercmd.LogErrAndExit(err, "Could not determine whether service account token volume projection should be used")
 			}
 			gcpcontrolplane.DefaultAddOptions.UseProjectedTokenMount = useProjectedTokenMount
+			gcpinfrastructure.DefaultAddOptions.UseProjectedTokenMount = useProjectedTokenMount
 			gcpworker.DefaultAddOptions.UseProjectedTokenMount = useProjectedTokenMount
 
 			configFileOpts.Completed().ApplyETCDStorage(&gcpcontrolplaneexposure.DefaultAddOptions.ETCDStorage)
diff --git a/pkg/controller/infrastructure/actuator.go b/pkg/controller/infrastructure/actuator.go
index a24dcb2a4..5ee0d9dc7 100644
--- a/pkg/controller/infrastructure/actuator.go
+++ b/pkg/controller/infrastructure/actuator.go
@@ -33,12 +33,14 @@ import (
 type actuator struct {
 	logger logr.Logger
 	common.RESTConfigContext
+	useProjectedTokenMount bool
 }
 
 // NewActuator creates a new infrastructure.Actuator.
-func NewActuator() infrastructure.Actuator {
+func NewActuator(useProjectedTokenMount bool) infrastructure.Actuator {
 	return &actuator{
-		logger: log.Log.WithName("infrastructure-actuator"),
+		logger:                 log.Log.WithName("infrastructure-actuator"),
+		useProjectedTokenMount: useProjectedTokenMount,
 	}
 }
 
diff --git a/pkg/controller/infrastructure/actuator_delete.go b/pkg/controller/infrastructure/actuator_delete.go
index de17d6df0..c82d2b5c8 100644
--- a/pkg/controller/infrastructure/actuator_delete.go
+++ b/pkg/controller/infrastructure/actuator_delete.go
@@ -74,7 +74,7 @@ func (a *actuator) cleanupKubernetesRoutes(
 func (a *actuator) Delete(ctx context.Context, infra *extensionsv1alpha1.Infrastructure, cluster *controller.Cluster) error {
 	logger := a.logger.WithValues("infrastructure", client.ObjectKeyFromObject(infra), "operation", "delete")
 
-	tf, err := internal.NewTerraformer(logger, a.RESTConfig(), infrastructure.TerraformerPurpose, infra)
+	tf, err := internal.NewTerraformer(logger, a.RESTConfig(), infrastructure.TerraformerPurpose, infra, a.useProjectedTokenMount)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controller/infrastructure/actuator_migrate.go b/pkg/controller/infrastructure/actuator_migrate.go
index 36f5a142d..d24381b9f 100644
--- a/pkg/controller/infrastructure/actuator_migrate.go
+++ b/pkg/controller/infrastructure/actuator_migrate.go
@@ -29,7 +29,7 @@ import (
 func (a *actuator) Migrate(ctx context.Context, infra *extensionsv1alpha1.Infrastructure, cluster *controller.Cluster) error {
 	logger := a.logger.WithValues("infrastructure", client.ObjectKeyFromObject(infra), "operation", "migrate")
 
-	tf, err := internal.NewTerraformer(logger, a.RESTConfig(), infrastructure.TerraformerPurpose, infra)
+	tf, err := internal.NewTerraformer(logger, a.RESTConfig(), infrastructure.TerraformerPurpose, infra, a.useProjectedTokenMount)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controller/infrastructure/actuator_reconcile.go b/pkg/controller/infrastructure/actuator_reconcile.go
index 45adeea3c..21b69d859 100644
--- a/pkg/controller/infrastructure/actuator_reconcile.go
+++ b/pkg/controller/infrastructure/actuator_reconcile.go
@@ -51,7 +51,7 @@ func (a *actuator) reconcile(ctx context.Context, logger logr.Logger, infra *ext
 		return err
 	}
 
-	tf, err := internal.NewTerraformerWithAuth(logger, a.RESTConfig(), infrastructure.TerraformerPurpose, infra)
+	tf, err := internal.NewTerraformerWithAuth(logger, a.RESTConfig(), infrastructure.TerraformerPurpose, infra, a.useProjectedTokenMount)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controller/infrastructure/add.go b/pkg/controller/infrastructure/add.go
index c37eb0225..604bdb116 100644
--- a/pkg/controller/infrastructure/add.go
+++ b/pkg/controller/infrastructure/add.go
@@ -35,13 +35,15 @@ type AddOptions struct {
 	Controller controller.Options
 	// IgnoreOperationAnnotation specifies whether to ignore the operation annotation or not.
 	IgnoreOperationAnnotation bool
+	// UseProjectedTokenMount specifies whether the projected token mount shall be used for the terraformer.
+	UseProjectedTokenMount bool
 }
 
 // AddToManagerWithOptions adds a controller with the given AddOptions to the given manager.
 // The opts.Reconciler is being set with a newly instantiated actuator.
 func AddToManagerWithOptions(mgr manager.Manager, options AddOptions) error {
 	return infrastructure.Add(mgr, infrastructure.AddArgs{
-		Actuator:          NewActuator(),
+		Actuator:          NewActuator(options.UseProjectedTokenMount),
 		ConfigValidator:   NewConfigValidator(gcpclient.NewFactory(), log.Log),
 		ControllerOptions: options.Controller,
 		Predicates:        infrastructure.DefaultPredicates(options.IgnoreOperationAnnotation),
diff --git a/pkg/internal/terraform.go b/pkg/internal/terraform.go
index 57c994bb6..d28c0baab 100644
--- a/pkg/internal/terraform.go
+++ b/pkg/internal/terraform.go
@@ -54,7 +54,11 @@ func NewTerraformer(
 	restConfig *rest.Config,
 	purpose string,
 	infra *extensionsv1alpha1.Infrastructure,
-) (terraformer.Terraformer, error) {
+	useProjectedTokenMount bool,
+) (
+	terraformer.Terraformer,
+	error,
+) {
 	tf, err := terraformer.NewForConfig(logger, restConfig, purpose, infra.Namespace, infra.Name, imagevector.TerraformerImage())
 	if err != nil {
 		return nil, err
@@ -62,6 +66,7 @@ func NewTerraformer(
 
 	owner := metav1.NewControllerRef(infra, extensionsv1alpha1.SchemeGroupVersion.WithKind(extensionsv1alpha1.InfrastructureResource))
 	return tf.
+		UseProjectedTokenMount(useProjectedTokenMount).
 		SetTerminationGracePeriodSeconds(630).
 		SetDeadlineCleaning(5 * time.Minute).
 		SetDeadlinePod(15 * time.Minute).
@@ -74,8 +79,12 @@ func NewTerraformerWithAuth(
 	restConfig *rest.Config,
 	purpose string,
 	infra *extensionsv1alpha1.Infrastructure,
-) (terraformer.Terraformer, error) {
-	tf, err := NewTerraformer(logger, restConfig, purpose, infra)
+	useProjectedTokenMount bool,
+) (
+	terraformer.Terraformer,
+	error,
+) {
+	tf, err := NewTerraformer(logger, restConfig, purpose, infra, useProjectedTokenMount)
 	if err != nil {
 		return nil, err
 	}