Merge pull request #35 from aws/feature/ip_address_tagging

Tagging and cleaning up IP addresses

Author: mrog

README.md

@@ -24,7 +24,7 @@ See [configuring envtest for integration tests](https://book.kubebuilder.io/refe
 However, the makefile is setup to install kubebuilder tools in `$PROJECT_DIR/bin`. So, running `make binaries`, and setting 
 env var KUBEBUILDER_ASSETS should be enough for envtest to work.
 
-- export PROJECT_DIR=`pwd`
+- export PROJECT_DIR=$(pwd)
 
 - copy cloud-config to project dir.
 

pkg/cloud/affinity_groups.go

@@ -37,7 +37,7 @@ type AffinityGroupIface interface {
 	GetOrCreateAffinityGroup(*infrav1.CloudStackCluster, *AffinityGroup) error
 	DeleteAffinityGroup(*AffinityGroup) error
 	AssociateAffinityGroup(*infrav1.CloudStackMachine, AffinityGroup) error
-	DissassociateAffinityGroup(*infrav1.CloudStackMachine, AffinityGroup) error
+	DisassociateAffinityGroup(*infrav1.CloudStackMachine, AffinityGroup) error
 }
 
 func (c *client) FetchAffinityGroup(group *AffinityGroup) (reterr error) {
@@ -171,7 +171,7 @@ func (c *client) AssociateAffinityGroup(csMachine *infrav1.CloudStackMachine, gr
 	return c.stopAndModifyAffinityGroups(csMachine, groups)
 }
 
-func (c *client) DissassociateAffinityGroup(csMachine *infrav1.CloudStackMachine, group AffinityGroup) (retErr error) {
+func (c *client) DisassociateAffinityGroup(csMachine *infrav1.CloudStackMachine, group AffinityGroup) (retErr error) {
 	groups, err := c.getCurrentAffinityGroups(csMachine)
 	if err != nil {
 		return err

pkg/cloud/cluster.go

@@ -95,8 +95,18 @@ func (c *client) GetOrCreateCluster(csCluster *infrav1.CloudStackCluster) (retEr
 }
 
 func (c *client) DisposeClusterResources(csCluster *infrav1.CloudStackCluster) (retError error) {
-	if err := c.RemoveClusterTagFromNetwork(csCluster); err != nil {
+	if csCluster.Status.PublicIPID != "" {
+		if err := c.DeleteClusterTag(ResourceTypeIPAddress, csCluster.Status.PublicIPID, csCluster); err != nil {
+			return err
+		}
+		if err := c.DisassociatePublicIPAddressIfNotInUse(csCluster); err != nil {
+			return err
+		}
+	}
+
+	if err := c.DeleteClusterTag(ResourceTypeNetwork, csCluster.Status.NetworkID, csCluster); err != nil {
 		return err
 	}
+
 	return c.DeleteNetworkIfNotInUse(csCluster)
 }

pkg/cloud/network.go

@@ -58,13 +58,9 @@ func (c *client) ResolveNetwork(csCluster *infrav1.CloudStackCluster) (retErr er
 	return nil
 }
 
-func generateNetworkTagName(csCluster *infrav1.CloudStackCluster) string {
-	return clusterTagNamePrefix + string(csCluster.UID)
-}
-
 func (c *client) GetOrCreateNetwork(csCluster *infrav1.CloudStackCluster) (retErr error) {
 	if retErr = c.ResolveNetwork(csCluster); retErr == nil { // Found network.
-		return addClusterTags(c, csCluster, false)
+		return c.AddClusterTag(ResourceTypeNetwork, csCluster.Status.NetworkID, csCluster, false)
 	} else if !strings.Contains(strings.ToLower(retErr.Error()), "no match found") { // Some other error.
 		return retErr
 	} // Network not found.
@@ -90,63 +86,36 @@ func (c *client) GetOrCreateNetwork(csCluster *infrav1.CloudStackCluster) (retEr
 	csCluster.Status.NetworkID = resp.Id
 	csCluster.Status.NetworkType = resp.Type
 
-	return addClusterTags(c, csCluster, true)
+	return c.AddClusterTag(ResourceTypeNetwork, csCluster.Status.NetworkID, csCluster, true)
 }
 
-func addClusterTags(c *client, csCluster *infrav1.CloudStackCluster, addCreatedByTag bool) error {
-	clusterTagName := generateNetworkTagName(csCluster)
-	newTags := map[string]string{}
-
-	existingTags, err := c.GetNetworkTags(csCluster.Status.NetworkID)
+func (c *client) DisassociatePublicIPAddressIfNotInUse(csCluster *infrav1.CloudStackCluster) (retError error) {
+	tagsAllowDisposal, err := c.DoClusterTagsAllowDisposal(ResourceTypeIPAddress, csCluster.Status.PublicIPID)
 	if err != nil {
 		return err
 	}
 
-	if existingTags[clusterTagName] == "" {
-		newTags[clusterTagName] = "1"
-	}
-
-	if addCreatedByTag && existingTags[createdByCapcTagName] == "" {
-		newTags[createdByCapcTagName] = "1"
-	}
-
-	if len(newTags) > 0 {
-		return c.AddNetworkTags(csCluster.Status.NetworkID, newTags)
-	}
-
-	return nil
-}
-
-func (c *client) RemoveClusterTagFromNetwork(csCluster *infrav1.CloudStackCluster) (retError error) {
-	tags, err := c.GetNetworkTags(csCluster.Status.NetworkID)
+	// Can't disassociate an address if it's the source NAT address.
+	publicIP, _, err := c.cs.Address.GetPublicIpAddressByID(csCluster.Status.PublicIPID)
 	if err != nil {
 		return err
 	}
+	sourceNAT := publicIP != nil && publicIP.Issourcenat
 
-	clusterTagName := generateNetworkTagName(csCluster)
-	if tagValue := tags[clusterTagName]; tagValue != "" {
-		if err = c.DeleteNetworkTags(csCluster.Status.NetworkID, map[string]string{clusterTagName: tagValue}); err != nil {
-			return err
-		}
+	if tagsAllowDisposal && !sourceNAT {
+		return c.DisassociatePublicIPAddress(csCluster)
 	}
 
 	return nil
 }
 
 func (c *client) DeleteNetworkIfNotInUse(csCluster *infrav1.CloudStackCluster) (retError error) {
-	tags, err := c.GetNetworkTags(csCluster.Status.NetworkID)
+	okayToDelete, err := c.DoClusterTagsAllowDisposal(ResourceTypeNetwork, csCluster.Status.NetworkID)
 	if err != nil {
 		return err
 	}
 
-	var clusterTagCount int
-	for tagName := range tags {
-		if strings.HasPrefix(tagName, clusterTagNamePrefix) {
-			clusterTagCount++
-		}
-	}
-
-	if clusterTagCount == 0 && tags[createdByCapcTagName] != "" {
+	if okayToDelete {
 		return c.DestroyNetwork(csCluster)
 	}
 
@@ -171,12 +140,12 @@ func (c *client) ResolvePublicIPDetails(csCluster *infrav1.CloudStackCluster) (*
 		// Ignore already allocated here since the IP was specified.
 		return publicAddresses.PublicIpAddresses[0], nil
 	} else if publicAddresses.Count > 0 { // Endpoint not specified.
-		for _, v := range publicAddresses.PublicIpAddresses { // Pick first availabe address.
+		for _, v := range publicAddresses.PublicIpAddresses { // Pick first available address.
 			if v.Allocated == "" { // Found un-allocated Public IP.
 				return v, nil
 			}
 		}
-		return nil, errors.New("all Public IP Adresse(s) found were already allocated")
+		return nil, errors.New("all Public IP Address(es) found were already allocated")
 	}
 	return nil, errors.Errorf(`no public addresses found in network: "%s"`, csCluster.Spec.Network)
 }
@@ -190,10 +159,11 @@ func (c *client) AssociatePublicIPAddress(csCluster *infrav1.CloudStackCluster)
 
 	csCluster.Spec.ControlPlaneEndpoint.Host = publicAddress.Ipaddress
 	csCluster.Status.PublicIPID = publicAddress.Id
+	alreadyAllocated := publicAddress.Allocated != ""
 
-	if publicAddress.Allocated != "" && publicAddress.Associatednetworkid == csCluster.Status.NetworkID {
+	if alreadyAllocated && publicAddress.Associatednetworkid == csCluster.Status.NetworkID {
 		// Address already allocated to network. Allocated is a timestamp -- not a boolean.
-		return nil
+		return c.AddClusterTag(ResourceTypeIPAddress, publicAddress.Id, csCluster, false)
 	} // Address not yet allocated. Allocate now.
 
 	// Public IP found, but not yet allocated to network.
@@ -205,7 +175,19 @@ func (c *client) AssociatePublicIPAddress(csCluster *infrav1.CloudStackCluster)
 	if _, err := c.cs.Address.AssociateIpAddress(p); err != nil {
 		return err
 	}
-	return nil
+	return c.AddClusterTag(ResourceTypeIPAddress, publicAddress.Id, csCluster, !alreadyAllocated)
+}
+
+func (c *client) DisassociatePublicIPAddress(csCluster *infrav1.CloudStackCluster) (retErr error) {
+	// Remove the CAPC creation tag, so it won't be there the next time this address is associated.
+	retErr = c.DeleteCreatedByCAPCTag(ResourceTypeIPAddress, csCluster.Status.PublicIPID)
+	if retErr != nil {
+		return retErr
+	}
+
+	p := c.cs.Address.NewDisassociateIpAddressParams(csCluster.Status.PublicIPID)
+	_, retErr = c.cs.Address.DisassociateIpAddress(p)
+	return retErr
 }
 
 func (c *client) OpenFirewallRules(csCluster *infrav1.CloudStackCluster) (retErr error) {

pkg/cloud/network_test.go

@@ -82,12 +82,12 @@ var _ = Describe("Network", func() {
 	})
 
 	// Sets expectations network tag creation.  To be used by tests that get/create networks.
-	expectNetworkTags := func(networkId string) {
+	expectNetworkTags := func(networkID string) {
 		listTagsParams := &cloudstack.ListTagsParams{}
 		createTagsParams := &cloudstack.CreateTagsParams{}
 		rs.EXPECT().NewListTagsParams().Return(listTagsParams)
 		rs.EXPECT().ListTags(listTagsParams).Return(&cloudstack.ListTagsResponse{}, nil)
-		rs.EXPECT().NewCreateTagsParams([]string{networkId}, "network", gomock.Any()).Return(createTagsParams)
+		rs.EXPECT().NewCreateTagsParams([]string{networkID}, string(cloud.ResourceTypeNetwork), gomock.Any()).Return(createTagsParams)
 		rs.EXPECT().CreateTags(createTagsParams).Return(&cloudstack.CreateTagsResponse{}, nil)
 	}
 
@@ -183,7 +183,7 @@ var _ = Describe("Network", func() {
 			Ω(csCluster.Status.LBRuleID).Should(Equal(lbRuleID))
 		})
 
-		It("doesn't create a new load blancer rule on create", func() {
+		It("doesn't create a new load balancer rule on create", func() {
 			lbs.EXPECT().NewListLoadBalancerRulesParams().Return(&cloudstack.ListLoadBalancerRulesParams{})
 			lbs.EXPECT().ListLoadBalancerRules(gomock.Any()).
 				Return(&cloudstack.ListLoadBalancerRulesResponse{

pkg/cloud/tags.go

@@ -16,30 +16,116 @@ limitations under the License.
 
 package cloud
 
+import (
+	infrav1 "github.com/aws/cluster-api-provider-cloudstack/api/v1beta1"
+	"strings"
+)
+
 type TagIface interface {
-	AddNetworkTags(string, map[string]string) error
-	GetNetworkTags(string) (map[string]string, error)
-	DeleteNetworkTags(string, map[string]string) error
+	AddClusterTag(ResourceType, string, *infrav1.CloudStackCluster, bool) error
+	DeleteClusterTag(ResourceType, string, *infrav1.CloudStackCluster) error
+	DeleteCreatedByCAPCTag(ResourceType, string) error
+	DoClusterTagsAllowDisposal(ResourceType, string) (bool, error)
+	AddTags(ResourceType, string, map[string]string) error
+	GetTags(ResourceType, string) (map[string]string, error)
+	DeleteTags(ResourceType, string, map[string]string) error
 }
 
+type ResourceType string
+
 const (
-	clusterTagNamePrefix = "CAPC_cluster_"
-	createdByCapcTagName = "created_by_CAPC"
-	resourceTypeNetwork  = "network"
+	clusterTagNamePrefix               = "CAPC_cluster_"
+	createdByCAPCTagName               = "created_by_CAPC"
+	ResourceTypeNetwork   ResourceType = "Network"
+	ResourceTypeIPAddress ResourceType = "PublicIpAddress"
 )
 
-// TagNetwork adds tags to a network by network id.
-func (c *client) AddNetworkTags(networkID string, tags map[string]string) error {
-	p := c.cs.Resourcetags.NewCreateTagsParams([]string{networkID}, resourceTypeNetwork, tags)
+// AddClusterTag adds cluster-related tags to a resource.  One tag indicates that the resource is used by a given
+// cluster. The other tag, if applied, indicates that CAPC created the resource and may dispose of it later.
+func (c *client) AddClusterTag(resourceType ResourceType, resourceID string, csCluster *infrav1.CloudStackCluster, addCreatedByCAPCTag bool) error {
+	clusterTagName := generateClusterTagName(csCluster)
+	newTags := map[string]string{}
+
+	existingTags, err := c.GetTags(resourceType, resourceID)
+	if err != nil {
+		return err
+	}
+
+	if existingTags[clusterTagName] == "" {
+		newTags[clusterTagName] = "1"
+	}
+
+	if addCreatedByCAPCTag && existingTags[createdByCAPCTagName] == "" {
+		newTags[createdByCAPCTagName] = "1"
+	}
+
+	if len(newTags) > 0 {
+		return c.AddTags(resourceType, resourceID, newTags)
+	}
+
+	return nil
+}
+
+// DeleteClusterTag deletes the tag that associates the resource with a given cluster.
+func (c *client) DeleteClusterTag(resourceType ResourceType, resourceID string, csCluster *infrav1.CloudStackCluster) error {
+	tags, err := c.GetTags(resourceType, resourceID)
+	if err != nil {
+		return err
+	}
+
+	clusterTagName := generateClusterTagName(csCluster)
+	if tagValue := tags[clusterTagName]; tagValue != "" {
+		return c.DeleteTags(resourceType, resourceID, map[string]string{clusterTagName: tagValue})
+	}
+
+	return nil
+}
+
+// DeleteCreatedByCAPCTag deletes the tag that indicates that the resource was created by CAPC.  This is useful when a
+// resource is disassociated instead of deleted.  That way the tag won't cause confusion if the resource is reused later.
+func (c *client) DeleteCreatedByCAPCTag(resourceType ResourceType, resourceID string) error {
+	tags, err := c.GetTags(resourceType, resourceID)
+	if err != nil {
+		return err
+	}
+
+	if tagValue := tags[createdByCAPCTagName]; tagValue != "" {
+		return c.DeleteTags(resourceType, resourceID, map[string]string{createdByCAPCTagName: tagValue})
+	}
+
+	return nil
+}
+
+// DoClusterTagsAllowDisposal checks to see if the resource is in a state that makes it eligible for disposal.  CAPC can
+// dispose of a resource if the tags show it was created by CAPC and isn't being used by any clusters.
+func (c *client) DoClusterTagsAllowDisposal(resourceType ResourceType, resourceID string) (bool, error) {
+	tags, err := c.GetTags(resourceType, resourceID)
+	if err != nil {
+		return false, err
+	}
+
+	var clusterTagCount int
+	for tagName := range tags {
+		if strings.HasPrefix(tagName, clusterTagNamePrefix) {
+			clusterTagCount++
+		}
+	}
+
+	return clusterTagCount == 0 && tags[createdByCAPCTagName] != "", nil
+}
+
+// AddTags adds arbitrary tags to a resource.
+func (c *client) AddTags(resourceType ResourceType, resourceID string, tags map[string]string) error {
+	p := c.cs.Resourcetags.NewCreateTagsParams([]string{resourceID}, string(resourceType), tags)
 	_, err := c.cs.Resourcetags.CreateTags(p)
 	return err
 }
 
-// GetNetworkTags gets tags by network id.
-func (c *client) GetNetworkTags(networkID string) (map[string]string, error) {
+// GetTags gets all of a resource's tags.
+func (c *client) GetTags(resourceType ResourceType, resourceID string) (map[string]string, error) {
 	p := c.cs.Resourcetags.NewListTagsParams()
-	p.SetResourceid(networkID)
-	p.SetResourcetype(resourceTypeNetwork)
+	p.SetResourceid(resourceID)
+	p.SetResourcetype(string(resourceType))
 	listTagResponse, err := c.cs.Resourcetags.ListTags(p)
 	if err != nil {
 		return nil, err
@@ -51,10 +137,15 @@ func (c *client) GetNetworkTags(networkID string) (map[string]string, error) {
 	return tags, nil
 }
 
-// DeleteNetworkTags deletes matching tags from a network
-func (c *client) DeleteNetworkTags(networkID string, tagsToDelete map[string]string) error {
-	p := c.cs.Resourcetags.NewDeleteTagsParams([]string{networkID}, resourceTypeNetwork)
+// DeleteTags deletes the given tags from a resource.   If the tags don't exist, or if the values don't match, it will
+// result in an error.
+func (c *client) DeleteTags(resourceType ResourceType, resourceID string, tagsToDelete map[string]string) error {
+	p := c.cs.Resourcetags.NewDeleteTagsParams([]string{resourceID}, string(resourceType))
 	p.SetTags(tagsToDelete)
 	_, err := c.cs.Resourcetags.DeleteTags(p)
 	return err
 }
+
+func generateClusterTagName(csCluster *infrav1.CloudStackCluster) string {
+	return clusterTagNamePrefix + string(csCluster.UID)
+}