From 315af706ac7b743954f44100a0b428fdc09450f0 Mon Sep 17 00:00:00 2001
From: Peter Sutter <peter.sutter@sap.com>
Date: Mon, 18 Mar 2024 14:17:24 +0100
Subject: [PATCH] filter non-kube-apiserver advertisedAddresses (#412)

---
 internal/client/garden/client_test.go  |  8 ++++++--
 internal/client/garden/shoot_client.go | 16 +++++++++++++++-
 pkg/cmd/ssh/ssh_test.go                |  2 +-
 pkg/cmd/sshpatch/sshpatch_test.go      |  2 +-
 pkg/target/manager_test.go             |  2 +-
 5 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/internal/client/garden/client_test.go b/internal/client/garden/client_test.go
index b97c84c0..77e9547e 100644
--- a/internal/client/garden/client_test.go
+++ b/internal/client/garden/client_test.go
@@ -169,13 +169,17 @@ var _ = Describe("Client", func() {
 				Status: gardencorev1beta1.ShootStatus{
 					AdvertisedAddresses: []gardencorev1beta1.ShootAdvertisedAddress{
 						{
-							Name: "shoot-address1",
+							Name: "external",
 							URL:  "https://api." + domain,
 						},
 						{
-							Name: "shoot-address2",
+							Name: "internal",
 							URL:  "https://api2." + domain,
 						},
+						{
+							Name: "service-account-issuer",
+							URL:  "https://foo.bar/projects/prod1/shoots/test-shoot1/issuer",
+						},
 					},
 				},
 			}
diff --git a/internal/client/garden/shoot_client.go b/internal/client/garden/shoot_client.go
index 0c4d1682..584f6e60 100644
--- a/internal/client/garden/shoot_client.go
+++ b/internal/client/garden/shoot_client.go
@@ -40,6 +40,13 @@ const (
 	ShootProjectSecretSuffixCACluster = "ca-cluster"
 	// DataKeyCertificateCA is the key in a secret or config map data holding the CA certificate.
 	DataKeyCertificateCA = "ca.crt"
+
+	// AdvertisedAddressExternal is a constant that represents the name of the external kube-apiserver address.
+	AdvertisedAddressExternal = "external"
+	// AdvertisedAddressInternal is a constant that represents the name of the internal kube-apiserver address.
+	AdvertisedAddressInternal = "internal"
+	// AdvertisedAddressUnmanaged is a constant that represents the name of the unmanaged kube-apiserver address.
+	AdvertisedAddressUnmanaged = "unmanaged"
 )
 
 // shootKubeconfigRequest is a struct which holds information about a Kubeconfig to be generated.
@@ -56,7 +63,7 @@ type shootKubeconfigRequest struct {
 
 // cluster holds the data to describe and connect to a kubernetes cluster.
 type cluster struct {
-	// name is the name of the shoot advertised address, usually "external", "internal" or "unmanaged"
+	// name is the name of the shoot advertised address. Either "external", "internal" or "unmanaged"
 	name string
 	// apiServerHost is the host of the kube-apiserver
 	apiServerHost string
@@ -258,6 +265,13 @@ func (g *clientImpl) GetShootClientConfig(ctx context.Context, namespace, name s
 	}
 
 	for _, address := range shoot.Status.AdvertisedAddresses {
+		isKubeApiserverAddress := address.Name == AdvertisedAddressExternal ||
+			address.Name == AdvertisedAddressInternal ||
+			address.Name == AdvertisedAddressUnmanaged
+		if !isKubeApiserverAddress {
+			continue
+		}
+
 		u, err := url.Parse(address.URL)
 		if err != nil {
 			return nil, fmt.Errorf("could not parse shoot server url: %w", err)
diff --git a/pkg/cmd/ssh/ssh_test.go b/pkg/cmd/ssh/ssh_test.go
index 49fbb7d7..1a692a2c 100644
--- a/pkg/cmd/ssh/ssh_test.go
+++ b/pkg/cmd/ssh/ssh_test.go
@@ -195,7 +195,7 @@ var _ = Describe("SSH Command", func() {
 			Status: gardencorev1beta1.ShootStatus{
 				AdvertisedAddresses: []gardencorev1beta1.ShootAdvertisedAddress{
 					{
-						Name: "shoot-address1",
+						Name: "external",
 						URL:  "https://api.bar.baz",
 					},
 				},
diff --git a/pkg/cmd/sshpatch/sshpatch_test.go b/pkg/cmd/sshpatch/sshpatch_test.go
index e249bc49..3b524a99 100644
--- a/pkg/cmd/sshpatch/sshpatch_test.go
+++ b/pkg/cmd/sshpatch/sshpatch_test.go
@@ -122,7 +122,7 @@ var _ = Describe("SSH Patch Command", func() {
 			Status: gardencorev1beta1.ShootStatus{
 				AdvertisedAddresses: []gardencorev1beta1.ShootAdvertisedAddress{
 					{
-						Name: "shoot-address1",
+						Name: "external",
 						URL:  "https://api.bar.baz",
 					},
 				},
diff --git a/pkg/target/manager_test.go b/pkg/target/manager_test.go
index 847931cd..e7f10c1d 100644
--- a/pkg/target/manager_test.go
+++ b/pkg/target/manager_test.go
@@ -63,7 +63,7 @@ func createTestShoot(name string, namespace string, seedName *string) *gardencor
 		Status: gardencorev1beta1.ShootStatus{
 			AdvertisedAddresses: []gardencorev1beta1.ShootAdvertisedAddress{
 				{
-					Name: "shoot-address1",
+					Name: "external",
 					URL:  "https://api.bar.baz",
 				},
 			},