feat: support adding ResourceManagerTags to compute instances

Signed-off-by: Carlos Salas <carlos.salas@suse.com>
kubernetes-sigs · Aug 30, 2023 · c0eb2c2 · c0eb2c2
1 parent eb65f59
commit c0eb2c2
Show file tree

Hide file tree

Showing 22 changed files with 500 additions and 5 deletions.
diff --git a/api/v1alpha3/zz_generated.conversion.go b/api/v1alpha3/zz_generated.conversion.go
diff --git a/api/v1alpha4/gcpcluster_conversion.go b/api/v1alpha4/gcpcluster_conversion.go
@@ -52,6 +52,10 @@ func (src *GCPCluster) ConvertTo(dstRaw conversion.Hub) error { // nolint
 		dst.Spec.CredentialsRef = restored.Spec.CredentialsRef.DeepCopy()
 	}
 
+	for _, restoredTag := range restored.Spec.ResourceManagerTags {
+		dst.Spec.ResourceManagerTags = append(dst.Spec.ResourceManagerTags, *restoredTag.DeepCopy())
+	}
+
 	return nil
 }
 

diff --git a/api/v1alpha4/gcpclustertemplate_conversion.go b/api/v1alpha4/gcpclustertemplate_conversion.go
@@ -54,6 +54,10 @@ func (src *GCPClusterTemplate) ConvertTo(dstRaw conversion.Hub) error { // nolin
 		dst.Spec.Template.Spec.CredentialsRef = restored.Spec.Template.Spec.CredentialsRef.DeepCopy()
 	}
 
+	for _, restoredTag := range restored.Spec.Template.Spec.ResourceManagerTags {
+		dst.Spec.Template.Spec.ResourceManagerTags = append(dst.Spec.Template.Spec.ResourceManagerTags, *restoredTag.DeepCopy())
+	}
+
 	return nil
 }
 

diff --git a/api/v1alpha4/gcpmachine_conversion.go b/api/v1alpha4/gcpmachine_conversion.go
@@ -53,6 +53,10 @@ func (src *GCPMachine) ConvertTo(dstRaw conversion.Hub) error { // nolint
 		dst.Spec.ConfidentialCompute = restored.Spec.ConfidentialCompute
 	}
 
+	if restored.Spec.ResourceManagerTags != nil {
+		dst.Spec.ResourceManagerTags = restored.Spec.ResourceManagerTags
+	}
+
 	return nil
 }
 

diff --git a/api/v1alpha4/gcpmachinetemplate_conversion.go b/api/v1alpha4/gcpmachinetemplate_conversion.go
@@ -54,6 +54,10 @@ func (src *GCPMachineTemplate) ConvertTo(dstRaw conversion.Hub) error { // nolin
 		dst.Spec.Template.Spec.ConfidentialCompute = restored.Spec.Template.Spec.ConfidentialCompute
 	}
 
+	if restored.Spec.Template.Spec.ResourceManagerTags != nil {
+		dst.Spec.Template.Spec.ResourceManagerTags = restored.Spec.Template.Spec.ResourceManagerTags
+	}
+
 	return nil
 }
 

diff --git a/api/v1alpha4/zz_generated.conversion.go b/api/v1alpha4/zz_generated.conversion.go
diff --git a/api/v1beta1/gcpcluster_types.go b/api/v1beta1/gcpcluster_types.go
@@ -54,6 +54,14 @@ type GCPClusterSpec struct {
 	// +optional
 	AdditionalLabels Labels `json:"additionalLabels,omitempty"`
 
+	// ResourceManagerTags is an optional set of tags to apply to GCP resources managed
+	// by the GCP provider. GCP supports a maximum of 50 tags per resource.
+	// +kubebuilder:validation:MaxItems=50
+	// +listType=map
+	// +listMapKey=key
+	// +optional
+	ResourceManagerTags []ResourceManagerTag `json:"resourceManagerTags,omitempty"`
+
 	// CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not
 	// supplied then the credentials of the controller will be used.
 	// +optional

diff --git a/api/v1beta1/gcpmachine_types.go b/api/v1beta1/gcpmachine_types.go
@@ -197,6 +197,14 @@ type GCPMachineSpec struct {
 	// +optional
 	AdditionalNetworkTags []string `json:"additionalNetworkTags,omitempty"`
 
+	// ResourceManagerTags is an optional set of tags to apply to GCP resources managed
+	// by the GCP provider. GCP supports a maximum of 50 tags per resource.
+	// +kubebuilder:validation:MaxItems=50
+	// +listType=map
+	// +listMapKey=key
+	// +optional
+	ResourceManagerTags []ResourceManagerTag `json:"resourceManagerTags,omitempty"`
+
 	// RootDeviceSize is the size of the root volume in GB.
 	// Defaults to 30.
 	// +optional

diff --git a/api/v1beta1/tags.go b/api/v1beta1/tags.go
@@ -0,0 +1,95 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"context"
+	"fmt"
+
+	resourcemanager "cloud.google.com/go/resourcemanager/apiv3"
+	rmpb "cloud.google.com/go/resourcemanager/apiv3/resourcemanagerpb"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+// ResourceManagerTagsMap defines a map of key value pairs as expected by compute.InstanceParams.ResourceManagerTags.
+type ResourceManagerTagsMap map[string]string
+
+// ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider.
+type ResourceManagerTag struct {
+	// ParentID is the ID of the hierarchical resource where the tags are defined
+	// e.g. at the Organization or the Project level. To find the Organization or Project ID ref
+	// https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id
+	// https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects
+	// An OrganizationID must consist of decimal numbers, and cannot have leading zeroes.
+	// A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters,
+	// numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=32
+	// +kubebuilder:validation:Pattern=`(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)`
+	ParentID string `json:"parentID"`
+
+	// Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot
+	// be empty. Tag key must begin and end with an alphanumeric character, and must contain
+	// only uppercase, lowercase alphanumeric characters, and the following special
+	// characters `._-`.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$`
+	Key string `json:"key"`
+
+	// Value is the value part of the tag. A tag value can have a maximum of 63 characters and
+	// cannot be empty. Tag value must begin and end with an alphanumeric character, and must
+	// contain only uppercase, lowercase alphanumeric characters, and the following special
+	// characters `_-.@%=+:,*#&(){}[]` and spaces.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$`
+	Value string `json:"value"`
+}
+
+// AddResourceManagerTags binds the passed resource-manager tags to the resource. Tag keys and Tag Values
+// will be created by the user and only the Tag bindings to the Compute Instance will be created.
+// If the Tag Key/Tag Value cannot be retrieved or no tags are provided, this will be empty and no tags will be added.
+func AddResourceManagerTags(ctx context.Context, tagList []ResourceManagerTag) ResourceManagerTagsMap {
+	tagValueList := make(ResourceManagerTagsMap, len(tagList))
+	log := log.FromContext(ctx)
+	if len(tagList) == 0 {
+		return tagValueList
+	}
+
+	client, err := resourcemanager.NewTagValuesClient(ctx)
+	if err != nil {
+		log.Error(err, "failed to create tag values client")
+		return tagValueList
+	}
+
+	getTagValuesReq := &rmpb.GetNamespacedTagValueRequest{}
+	for _, tag := range tagList {
+		getTagValuesReq.Name = fmt.Sprintf("%s/%s/%s", tag.ParentID, tag.Key, tag.Value)
+		value, err := client.GetNamespacedTagValue(ctx, getTagValuesReq)
+		if err != nil {
+			log.Error(err, "failed to retrieve tag value")
+			return tagValueList
+		}
+		tagValueList[value.Parent] = value.Name
+	}
+
+	return tagValueList
+}
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/cloud/scope/machine.go b/cloud/scope/machine.go
@@ -338,6 +338,9 @@ func (m *MachineScope) InstanceSpec(log logr.Logger) *compute.Instance {
 				m.ClusterGetter.Name(),
 			),
 		},
+		Params: &compute.InstanceParams{
+			ResourceManagerTags: infrav1.AddResourceManagerTags(context.TODO(), m.GCPMachine.Spec.ResourceManagerTags),
+		},
 		Labels: infrav1.Build(infrav1.BuildParams{
 			ClusterName: m.ClusterGetter.Name(),
 			Lifecycle:   infrav1.ResourceLifecycleOwned,

diff --git a/cloud/services/compute/instances/reconcile_test.go b/cloud/services/compute/instances/reconcile_test.go
@@ -126,6 +126,7 @@ func getFakeGCPMachine() *infrav1.GCPMachine {
 			AdditionalLabels: map[string]string{
 				"foo": "bar",
 			},
+			ResourceManagerTags: []infrav1.ResourceManagerTag{},
 		},
 	}
 }
@@ -255,6 +256,9 @@ func TestService_createOrGetInstance(t *testing.T) {
 						Network: "projects/my-proj/global/networks/default",
 					},
 				},
+				Params: &compute.InstanceParams{
+					ResourceManagerTags: map[string]string{},
+				},
 				SelfLink:   "https://www.googleapis.com/compute/v1/projects/proj-id/zones/us-central1-c/instances/my-machine",
 				Scheduling: &compute.Scheduling{},
 				ServiceAccounts: []*compute.ServiceAccount{
@@ -316,6 +320,9 @@ func TestService_createOrGetInstance(t *testing.T) {
 						Network: "projects/my-proj/global/networks/default",
 					},
 				},
+				Params: &compute.InstanceParams{
+					ResourceManagerTags: map[string]string{},
+				},
 				SelfLink:   "https://www.googleapis.com/compute/v1/projects/proj-id/zones/us-central1-c/instances/my-machine",
 				Scheduling: &compute.Scheduling{},
 				ServiceAccounts: []*compute.ServiceAccount{
@@ -379,6 +386,9 @@ func TestService_createOrGetInstance(t *testing.T) {
 						Network: "projects/my-proj/global/networks/default",
 					},
 				},
+				Params: &compute.InstanceParams{
+					ResourceManagerTags: map[string]string{},
+				},
 				SelfLink:   "https://www.googleapis.com/compute/v1/projects/proj-id/zones/us-central1-c/instances/my-machine",
 				Scheduling: &compute.Scheduling{},
 				ServiceAccounts: []*compute.ServiceAccount{
@@ -442,6 +452,9 @@ func TestService_createOrGetInstance(t *testing.T) {
 						Network: "projects/my-proj/global/networks/default",
 					},
 				},
+				Params: &compute.InstanceParams{
+					ResourceManagerTags: map[string]string{},
+				},
 				SelfLink: "https://www.googleapis.com/compute/v1/projects/proj-id/zones/us-central1-c/instances/my-machine",
 				Scheduling: &compute.Scheduling{
 					OnHostMaintenance: strings.ToUpper(string(infrav1.HostMaintenancePolicyTerminate)),
@@ -508,6 +521,9 @@ func TestService_createOrGetInstance(t *testing.T) {
 						Network: "projects/my-proj/global/networks/default",
 					},
 				},
+				Params: &compute.InstanceParams{
+					ResourceManagerTags: map[string]string{},
+				},
 				SelfLink: "https://www.googleapis.com/compute/v1/projects/proj-id/zones/us-central1-c/instances/my-machine",
 				Scheduling: &compute.Scheduling{
 					OnHostMaintenance: strings.ToUpper(string(infrav1.HostMaintenancePolicyMigrate)),
@@ -567,6 +583,9 @@ func TestService_createOrGetInstance(t *testing.T) {
 						Network: "projects/my-proj/global/networks/default",
 					},
 				},
+				Params: &compute.InstanceParams{
+					ResourceManagerTags: map[string]string{},
+				},
 				SelfLink:   "https://www.googleapis.com/compute/v1/projects/proj-id/zones/us-central1-a/instances/my-machine",
 				Scheduling: &compute.Scheduling{},
 				ServiceAccounts: []*compute.ServiceAccount{