From 5983043b3c7d3d0e7617fdfb35f0b8595734105c Mon Sep 17 00:00:00 2001
From: Alexander Hebel <a.hebelsun@gmail.com>
Date: Tue, 10 Dec 2024 14:53:53 +0100
Subject: [PATCH] Fix flow reconcile ensure public ip release v.1.48 (#1036)

* Fix flow reconcile ensure public ip

* Import order
---
 pkg/azure/types.go                                 | 5 +++++
 pkg/controller/infrastructure/infraflow/ensurer.go | 7 +++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkg/azure/types.go b/pkg/azure/types.go
index 3ab6bf8e7..195aa9e23 100644
--- a/pkg/azure/types.go
+++ b/pkg/azure/types.go
@@ -147,6 +147,11 @@ const (
 	SeedAnnotationKeyUseFlow = AnnotationKeyUseFlow
 	// SeedAnnotationUseFlowValueNew is the value to restrict flow reconciliation to new shoot clusters
 	SeedAnnotationUseFlowValueNew = "new"
+
+	// CCMServiceTagKey is the service key applied for public IP tags.
+	CCMServiceTagKey = "k8s-azure-service"
+	// CCMLegacyServiceTagKey is the legacy service key applied for public IP tags.
+	CCMLegacyServiceTagKey = "service"
 )
 
 // UsernamePrefix is a constant for the username prefix of components deployed by Azure.
diff --git a/pkg/controller/infrastructure/infraflow/ensurer.go b/pkg/controller/infrastructure/infraflow/ensurer.go
index 0a100bd47..084659176 100644
--- a/pkg/controller/infrastructure/infraflow/ensurer.go
+++ b/pkg/controller/infrastructure/infraflow/ensurer.go
@@ -20,6 +20,7 @@ import (
 
 	"github.com/gardener/gardener-extension-provider-azure/pkg/apis/azure/helper"
 	"github.com/gardener/gardener-extension-provider-azure/pkg/apis/azure/v1alpha1"
+	"github.com/gardener/gardener-extension-provider-azure/pkg/azure"
 	"github.com/gardener/gardener-extension-provider-azure/pkg/azure/client"
 	"github.com/gardener/gardener-extension-provider-azure/pkg/controller/infrastructure/infraflow/shared"
 	"github.com/gardener/gardener-extension-provider-azure/pkg/internal/infrastructure"
@@ -371,7 +372,8 @@ func (fctx *FlowContext) ensurePublicIps(ctx context.Context) error {
 	}
 	currentIPs = Filter(currentIPs, func(address *armnetwork.PublicIPAddress) bool {
 		// filter only these IpConfigs prefixed by the cluster name and that do not contain the CCM tags.
-		return fctx.adapter.HasShootPrefix(address.Name) && address.Tags["k8s-azure-service"] == nil
+		return fctx.adapter.HasShootPrefix(address.Name) &&
+			(address.Tags[azure.CCMServiceTagKey] == nil && address.Tags[azure.CCMLegacyServiceTagKey] == nil)
 	})
 	// obtain an indexed list of current IPs
 	nameToCurrentIps := ToMap(currentIPs, func(t *armnetwork.PublicIPAddress) string {
@@ -412,8 +414,9 @@ func (fctx *FlowContext) ensurePublicIps(ctx context.Context) error {
 		err := fctx.providerAccess.DeletePublicIP(ctx, fctx.adapter.ResourceGroupName(), ipName)
 		if err != nil {
 			joinError = errors.Join(joinError, err)
+		} else {
+			fctx.inventory.Delete(ip)
 		}
-		fctx.inventory.Delete(ip)
 	}
 
 	if joinError != nil {