💎 Update tags at scope instead of updating VMs

Author: Cecile Robert-Michon

api/v1alpha3/tags.go

@@ -118,6 +118,12 @@ const (
 
 	// CommonRole describes the value for the common role
 	CommonRole = "common"
+
+	// VMTagsLastAppliedAnnotation is the key for the machine object annotation
+	// which tracks the AdditionalTags in the Machine Provider Config.
+	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+	// for annotation formatting rules.
+	VMTagsLastAppliedAnnotation = "sigs.k8s.io/cluster-api-provider-azure-last-applied-tags-vm"
 )
 
 // ClusterTagKey generates the key for resources associated with a cluster.

cloud/defaults.go

@@ -100,49 +100,54 @@ func GenerateDataDiskName(machineName, nameSuffix string) string {
 	return fmt.Sprintf("%s_%s", machineName, nameSuffix)
 }
 
+// VMID returns the azure resource ID for a given VM.
+func VMID(subscriptionID, resourceGroup, vmName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Compute/virtualMachines/%s", subscriptionID, resourceGroup, vmName)
+}
+
 // SubnetID returns the azure resource ID for a given subnet.
-func SubnetID(subscriptionID, resoourceGroup, vnetName, subnetName string) string {
-	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s/subnets/%s", subscriptionID, resoourceGroup, vnetName, subnetName)
+func SubnetID(subscriptionID, resourceGroup, vnetName, subnetName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s/subnets/%s", subscriptionID, resourceGroup, vnetName, subnetName)
 }
 
 // PublicIPID returns the azure resource ID for a given public IP.
-func PublicIPID(subscriptionID, resoourceGroup, ipName string) string {
-	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/publicIPAddresses/%s", subscriptionID, resoourceGroup, ipName)
+func PublicIPID(subscriptionID, resourceGroup, ipName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/publicIPAddresses/%s", subscriptionID, resourceGroup, ipName)
 }
 
 // RouteTableID returns the azure resource ID for a given route table.
-func RouteTableID(subscriptionID, resoourceGroup, routeTableName string) string {
-	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/routeTables/%s", subscriptionID, resoourceGroup, routeTableName)
+func RouteTableID(subscriptionID, resourceGroup, routeTableName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/routeTables/%s", subscriptionID, resourceGroup, routeTableName)
 }
 
 // SecurityGroupID returns the azure resource ID for a given security group.
-func SecurityGroupID(subscriptionID, resoourceGroup, routeTableName string) string {
-	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/networkSecurityGroups/%s", subscriptionID, resoourceGroup, routeTableName)
+func SecurityGroupID(subscriptionID, resourceGroup, routeTableName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/networkSecurityGroups/%s", subscriptionID, resourceGroup, routeTableName)
 }
 
 // NetworkInterfaceID returns the azure resource ID for a given network interface.
-func NetworkInterfaceID(subscriptionID, resoourceGroup, nicName string) string {
-	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/networkInterfaces/%s", subscriptionID, resoourceGroup, nicName)
+func NetworkInterfaceID(subscriptionID, resourceGroup, nicName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/networkInterfaces/%s", subscriptionID, resourceGroup, nicName)
 }
 
 // FrontendIPConfigID returns the azure resource ID for a given frontend IP config.
-func FrontendIPConfigID(subscriptionID, resoourceGroup, loadBalancerName, configName string) string {
-	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers/%s/frontendIPConfigurations/%s", subscriptionID, resoourceGroup, loadBalancerName, configName)
+func FrontendIPConfigID(subscriptionID, resourceGroup, loadBalancerName, configName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers/%s/frontendIPConfigurations/%s", subscriptionID, resourceGroup, loadBalancerName, configName)
 }
 
 // AddressPoolID returns the azure resource ID for a given backend address pool.
-func AddressPoolID(subscriptionID, resoourceGroup, loadBalancerName, backendPoolName string) string {
-	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers/%s/backendAddressPools/%s", subscriptionID, resoourceGroup, loadBalancerName, backendPoolName)
+func AddressPoolID(subscriptionID, resourceGroup, loadBalancerName, backendPoolName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers/%s/backendAddressPools/%s", subscriptionID, resourceGroup, loadBalancerName, backendPoolName)
 }
 
 // ProbeID returns the azure resource ID for a given probe.
-func ProbeID(subscriptionID, resoourceGroup, loadBalancerName, probeName string) string {
-	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers/%s/probes/%s", subscriptionID, resoourceGroup, loadBalancerName, probeName)
+func ProbeID(subscriptionID, resourceGroup, loadBalancerName, probeName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers/%s/probes/%s", subscriptionID, resourceGroup, loadBalancerName, probeName)
 }
 
 // NATRuleID returns the azure resource ID for a inbound NAT rule.
-func NATRuleID(subscriptionID, resoourceGroup, loadBalancerName, natRuleName string) string {
-	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers/%s/inboundNatRules/%s", subscriptionID, resoourceGroup, loadBalancerName, natRuleName)
+func NATRuleID(subscriptionID, resourceGroup, loadBalancerName, natRuleName string) string {
+	return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers/%s/inboundNatRules/%s", subscriptionID, resourceGroup, loadBalancerName, natRuleName)
 }
 
 // GetDefaultImageSKUID gets the SKU ID of the image to use for the provided version of Kubernetes.

cloud/scope/machine.go

@@ -19,6 +19,7 @@ package scope
 import (
 	"context"
 	"encoding/base64"
+	"encoding/json"
 
 	"github.com/Azure/go-autorest/autorest/to"
 	"github.com/go-logr/logr"
@@ -106,6 +107,17 @@ func (m *MachineScope) VMSpecs() []azure.VMSpec {
 	}
 }
 
+// TagsSpecs returns the tags for the AzureMachine.
+func (m *MachineScope) TagsSpecs() []azure.TagsSpec {
+	return []azure.TagsSpec{
+		{
+			Scope:      azure.VMID(m.SubscriptionID(), m.ResourceGroup(), m.Name()),
+			Tags:       m.AdditionalTags(),
+			Annotation: infrav1.VMTagsLastAppliedAnnotation,
+		},
+	}
+}
+
 // PublicIPSpec returns the public IP specs.
 func (m *MachineScope) PublicIPSpecs() []azure.PublicIPSpec {
 	var spec []azure.PublicIPSpec
@@ -328,6 +340,33 @@ func (m *MachineScope) SetAnnotation(key, value string) {
 	m.AzureMachine.Annotations[key] = value
 }
 
+// AnnotationJSON returns a map[string]interface from a JSON annotation.
+func (m *MachineScope) AnnotationJSON(annotation string) (map[string]interface{}, error) {
+	out := map[string]interface{}{}
+	jsonAnnotation := m.AzureMachine.GetAnnotations()[annotation]
+	if len(jsonAnnotation) == 0 {
+		return out, nil
+	}
+	err := json.Unmarshal([]byte(jsonAnnotation), &out)
+	if err != nil {
+		return out, err
+	}
+	return out, nil
+}
+
+// UpdateAnnotationJSON updates the `annotation` with
+// `content`. `content` in this case should be a `map[string]interface{}`
+// suitable for turning into JSON. This `content` map will be marshalled into a
+// JSON string before being set as the given `annotation`.
+func (m *MachineScope) UpdateAnnotationJSON(annotation string, content map[string]interface{}) error {
+	b, err := json.Marshal(content)
+	if err != nil {
+		return err
+	}
+	m.SetAnnotation(annotation, string(b))
+	return nil
+}
+
 // SetAddresses sets the Azure address status.
 func (m *MachineScope) SetAddresses(addrs []corev1.NodeAddress) {
 	m.AzureMachine.Status.Addresses = addrs

cloud/services/networkinterfaces/networkinterfaces_test.go

@@ -25,7 +25,7 @@ import (
 	azure "sigs.k8s.io/cluster-api-provider-azure/cloud"
 	gomockinternal "sigs.k8s.io/cluster-api-provider-azure/internal/test/matchers/gomock"
 
-	"github.com/Azure/azure-sdk-for-go/profiles/latest/compute/mgmt/compute"
+	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2020-06-01/compute"
 	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-06-01/network"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/to"

cloud/services/roleassignments/roleassignments.go

@@ -48,7 +48,7 @@ func (s *Service) Reconcile(ctx context.Context) error {
 			return errors.Wrapf(err, "cannot assign role to VM system assigned identity")
 		}
 
-		s.Scope.V(2).Info("successfully created role assignment for generated Identity for VM %s ", "virtual machine", roleSpec.MachineName)
+		s.Scope.V(2).Info("successfully created role assignment for generated Identity for VM", "virtual machine", roleSpec.MachineName)
 	}
 	return nil
 }

cloud/services/roleassignments/roleassignments_test.go

@@ -33,7 +33,7 @@ import (
 	"sigs.k8s.io/cluster-api-provider-azure/cloud/services/virtualmachines/mock_virtualmachines"
 )
 
-func TestReconcileVM(t *testing.T) {
+func TestReconcileRoleAssignments(t *testing.T) {
 	testcases := []struct {
 		name          string
 		expect        func(s *mock_roleassignments.MockRoleAssignmentScopeMockRecorder, m *mock_roleassignments.MockClientMockRecorder, v *mock_virtualmachines.MockClientMockRecorder)

cloud/services/subnets/service.go

@@ -21,7 +21,7 @@ import (
 	azure "sigs.k8s.io/cluster-api-provider-azure/cloud"
 )
 
-// SubnetScope defines the scope interface for a network interfaces service.
+// SubnetScope defines the scope interface for a subnet service.
 type SubnetScope interface {
 	azure.ClusterDescriber
 	logr.Logger

cloud/services/tags/client.go

@@ -0,0 +1,62 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package tags
+
+import (
+	"context"
+	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources"
+
+	"github.com/Azure/go-autorest/autorest"
+	azure "sigs.k8s.io/cluster-api-provider-azure/cloud"
+)
+
+// Client wraps go-sdk
+type Client interface {
+	GetAtScope(context.Context, string) (resources.TagsResource, error)
+	CreateOrUpdateAtScope(context.Context, string, resources.TagsResource) (resources.TagsResource, error)
+}
+
+// AzureClient contains the Azure go-sdk Client
+type AzureClient struct {
+	tags resources.TagsClient
+}
+
+var _ Client = &AzureClient{}
+
+// NewClient creates a new tags client from subscription ID.
+func NewClient(auth azure.Authorizer) *AzureClient {
+	c := newTagsClient(auth.SubscriptionID(), auth.BaseURI(), auth.Authorizer())
+	return &AzureClient{c}
+}
+
+// newTagsClient creates a new tags client from subscription ID.
+func newTagsClient(subscriptionID string, baseURI string, authorizer autorest.Authorizer) resources.TagsClient {
+	tagsClient := resources.NewTagsClientWithBaseURI(baseURI, subscriptionID)
+	tagsClient.Authorizer = authorizer
+	tagsClient.AddToUserAgent(azure.UserAgent())
+	return tagsClient
+}
+
+// GetAtScope sends the get at scope request.
+func (ac *AzureClient) GetAtScope(ctx context.Context, scope string) (resources.TagsResource, error) {
+	return ac.tags.GetAtScope(ctx, scope)
+}
+
+// CreateOrUpdate allows adding or replacing the entire set of tags on the specified resource or subscription.
+func (ac *AzureClient) CreateOrUpdateAtScope(ctx context.Context, scope string, parameters resources.TagsResource) (resources.TagsResource, error) {
+	return ac.tags.CreateOrUpdateAtScope(ctx, scope, parameters)
+}

cloud/services/tags/mock_tags/client_mock.go

@@ -0,0 +1,22 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Run go generate to regenerate this mock.
+//go:generate ../../../../hack/tools/bin/mockgen -destination client_mock.go -package mock_tags -source ../client.go Client
+//go:generate ../../../../hack/tools/bin/mockgen -destination tags_mock.go -package mock_tags -source ../service.go TagScope
+//go:generate /usr/bin/env bash -c "cat ../../../../hack/boilerplate/boilerplate.generatego.txt client_mock.go > _client_mock.go && mv _client_mock.go client_mock.go"
+//go:generate /usr/bin/env bash -c "cat ../../../../hack/boilerplate/boilerplate.generatego.txt tags_mock.go > _tags_mock.go && mv _tags_mock.go tags_mock.go"
+package mock_tags //nolint