Pass the OCM connection to GetTrustedIPs.

This is inline with other methods taking it as an argument, and prevents
breaking CAD that is building it's own OCM connection.

Author: bergmannf

cmd/ocm-backplane/cloud/common.go

@@ -316,7 +316,7 @@ func (cfg *QueryConfig) getIsolatedCredentials(ocmToken string) (aws.Credentials
 		return aws.Credentials{}, fmt.Errorf("failed to determine client IP: %w", err)
 	}
 
-	trustedRange, err := getTrustedIPList()
+	trustedRange, err := getTrustedIPList(cfg.OcmConnection)
 	if err != nil {
 		return aws.Credentials{}, err
 	}
@@ -381,8 +381,8 @@ func verifyIPTrusted(ip net.IP, trustedIPs awsutil.IPAddress) error {
 	return nil
 }
 
-func getTrustedIPList() (awsutil.IPAddress, error) {
-	IPList, err := ocm.DefaultOCMInterface.GetTrustedIPList()
+func getTrustedIPList(connection *ocmsdk.Connection) (awsutil.IPAddress, error) {
+	IPList, err := ocm.DefaultOCMInterface.GetTrustedIPList(connection)
 	if err != nil {
 		return awsutil.IPAddress{}, fmt.Errorf("failed to fetch trusted IP list: %w", err)
 	}

cmd/ocm-backplane/cloud/common_test.go

@@ -142,7 +142,7 @@ var _ = Describe("getIsolatedCredentials", func() {
 			ip2 := cmv1.NewTrustedIp().ID("200.20.20.20").Enabled(true)
 			expectedIPList, err := cmv1.NewTrustedIpList().Items(ip1, ip2).Build()
 			Expect(err).To(BeNil())
-			mockOcmInterface.EXPECT().GetTrustedIPList().Return(expectedIPList, nil)
+			mockOcmInterface.EXPECT().GetTrustedIPList(gomock.Any()).Return(expectedIPList, nil)
 
 			StsClient = func(proxyURL *string) (*sts.Client, error) {
 				return &sts.Client{}, nil
@@ -263,8 +263,8 @@ var _ = Describe("getIsolatedCredentials", func() {
 			ip2 := cmv1.NewTrustedIp().ID("200.20.20.20").Enabled(true)
 			expectedIPList, err := cmv1.NewTrustedIpList().Items(ip1, ip2).Build()
 			Expect(err).To(BeNil())
-			mockOcmInterface.EXPECT().GetTrustedIPList().Return(expectedIPList, nil)
-			IPList, _ := getTrustedIPList()
+			mockOcmInterface.EXPECT().GetTrustedIPList(gomock.Any()).Return(expectedIPList, nil)
+			IPList, _ := getTrustedIPList(testQueryConfig.OcmConnection)
 			policy, _ := getTrustedIPInlinePolicy(IPList)
 			//Only allow 209 IP
 			Expect(policy).To(ContainSubstring("209.10.10.10"))

pkg/ocm/mocks/ocmWrapperMock.go

@@ -37,7 +37,7 @@ type OCMInterface interface {
 	GetClusterActiveAccessRequest(ocmConnection *ocmsdk.Connection, clusterID string) (*acctrspv1.AccessRequest, error)
 	CreateClusterAccessRequest(ocmConnection *ocmsdk.Connection, clusterID, reason, jiraIssueID, approvalDuration string) (*acctrspv1.AccessRequest, error)
 	CreateAccessRequestDecision(ocmConnection *ocmsdk.Connection, accessRequest *acctrspv1.AccessRequest, decision acctrspv1.DecisionDecision, justification string) (*acctrspv1.Decision, error)
-	GetTrustedIPList() (*cmv1.TrustedIpList, error)
+	GetTrustedIPList(*ocmsdk.Connection) (*cmv1.TrustedIpList, error)
 	SetupOCMConnection() (*ocmsdk.Connection, error)
 }
 
@@ -54,7 +54,6 @@ var DefaultOCMInterface OCMInterface = &DefaultOCMInterfaceImpl{}
 
 // SetupOCMConnection setups the ocm connection for all the other ocm requests
 func (o *DefaultOCMInterfaceImpl) SetupOCMConnection() (*ocmsdk.Connection, error) {
-
 	envURL := os.Getenv("OCM_URL")
 	if envURL != "" {
 		// Fetch the real ocm url from the alias and set it back to the ENV
@@ -478,14 +477,7 @@ func (o *DefaultOCMInterfaceImpl) CreateAccessRequestDecision(ocmConnection *ocm
 	return accessRequestDecision, nil
 }
 
-func (o *DefaultOCMInterfaceImpl) GetTrustedIPList() (*cmv1.TrustedIpList, error) {
-	// Create the client for the OCM API
-	connection, err := o.SetupOCMConnection()
-	if err != nil {
-		return nil, fmt.Errorf("failed to create OCM connection: %v", err)
-	}
-	defer connection.Close()
-
+func (o *DefaultOCMInterfaceImpl) GetTrustedIPList(connection *ocmsdk.Connection) (*cmv1.TrustedIpList, error) {
 	responseTrustedIP, err := connection.ClustersMgmt().V1().TrustedIPAddresses().List().Send()
 	if err != nil {
 

pkg/ocm/ocm.go

@@ -4,6 +4,7 @@ import (
 	"github.com/golang/mock/gomock"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	ocmsdk "github.com/openshift-online/ocm-sdk-go"
 	cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1"
 	"github.com/openshift/backplane-cli/pkg/ocm/mocks"
 )
@@ -12,11 +13,13 @@ var _ = Describe("OCM Wrapper Test", func() {
 	var (
 		ctrl             *gomock.Controller
 		mockOcmInterface *mocks.MockOCMInterface
+		ocmConnection    *ocmsdk.Connection
 	)
 
 	BeforeEach(func() {
 		ctrl = gomock.NewController(GinkgoT()) // Initialize the controller
 		mockOcmInterface = mocks.NewMockOCMInterface(ctrl)
+		ocmConnection = &ocmsdk.Connection{}
 	})
 
 	AfterEach(func() {
@@ -28,16 +31,16 @@ var _ = Describe("OCM Wrapper Test", func() {
 			ip1 := cmv1.NewTrustedIp().ID("100.10.10.10")
 			ip2 := cmv1.NewTrustedIp().ID("200.20.20.20")
 			expectedIPList, _ := cmv1.NewTrustedIpList().Items(ip1, ip2).Build()
-			mockOcmInterface.EXPECT().GetTrustedIPList().Return(expectedIPList, nil).AnyTimes()
+			mockOcmInterface.EXPECT().GetTrustedIPList(gomock.Any()).Return(expectedIPList, nil).AnyTimes()
 
-			IPList, err := mockOcmInterface.GetTrustedIPList()
+			IPList, err := mockOcmInterface.GetTrustedIPList(ocmConnection)
 			Expect(err).To(BeNil())
 			Expect(len(IPList.Items())).Should(Equal(2))
 		})
 
 		It("Should not return errors for empty trusted IPList", func() {
-			mockOcmInterface.EXPECT().GetTrustedIPList().Return(nil, nil).AnyTimes()
-			_, err := mockOcmInterface.GetTrustedIPList()
+			mockOcmInterface.EXPECT().GetTrustedIPList(gomock.Any()).Return(nil, nil).AnyTimes()
+			_, err := mockOcmInterface.GetTrustedIPList(ocmConnection)
 			Expect(err).To(BeNil())
 		})
 	})