openshift
diff --git a/‎go.mod
Lines changed: 6 additions & 6 deletions b/‎go.mod
Lines changed: 6 additions & 6 deletions
diff --git a/‎go.sum
Lines changed: 12 additions & 12 deletions b/‎go.sum
Lines changed: 12 additions & 12 deletions
diff --git a/‎pkg/storage/azure/azure.go
Lines changed: 26 additions & 5 deletions b/‎pkg/storage/azure/azure.go
Lines changed: 26 additions & 5 deletions
diff --git a/‎pkg/storage/azure/azure_test.go
Lines changed: 137 additions & 0 deletions b/‎pkg/storage/azure/azure_test.go
Lines changed: 137 additions & 0 deletions
@@ -27,7 +27,7 @@ require (
 	github.com/gophercloud/utils v0.0.0-20221124081324-7bac6f5cdf99
 	github.com/goware/urlx v0.3.2
 	github.com/jongio/azidext/go/azidext v0.4.0
-	github.com/openshift/api v0.0.0-20230120195050-6ba31fa438f2
+	github.com/openshift/api v0.0.0-20230210191657-68f4ffcda083
 	github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d
 	github.com/openshift/client-go v0.0.0-20230120202327-72f107311084
 	github.com/openshift/library-go v0.0.0-20230120214501-9bc305884fcb
@@ -36,15 +36,15 @@ require (
 	github.com/prometheus/common v0.37.0
 	github.com/spf13/cobra v1.6.1
 	github.com/stretchr/testify v1.8.1
-	golang.org/x/net v0.5.0
+	golang.org/x/net v0.6.0
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
 	google.golang.org/api v0.57.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.26.1
 	k8s.io/apimachinery v0.26.1
 	k8s.io/client-go v0.26.1
 	k8s.io/klog/v2 v2.90.0
-	k8s.io/utils v0.0.0-20230115233650-391b47cb4029
+	k8s.io/utils v0.0.0-20230209194617-a36077c30491
 )
 
 require (
@@ -143,9 +143,9 @@ require (
 	go.uber.org/zap v1.19.0 // indirect
 	golang.org/x/crypto v0.1.0 // indirect
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
-	golang.org/x/sys v0.4.0 // indirect
-	golang.org/x/term v0.4.0 // indirect
-	golang.org/x/text v0.6.0 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/term v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 
@@ -589,8 +589,8 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
 github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
-github.com/openshift/api v0.0.0-20230120195050-6ba31fa438f2 h1:+nw0/d4spq880W7S74Twi5YU2ulsl3/a9o4OEZptYp0=
-github.com/openshift/api v0.0.0-20230120195050-6ba31fa438f2/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4=
+github.com/openshift/api v0.0.0-20230210191657-68f4ffcda083 h1:Wc3z06B8JaEOnPlNovVB3ZR92CoSLWFupOeYO3khzCE=
+github.com/openshift/api v0.0.0-20230210191657-68f4ffcda083/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qYyQDwsMWUfjjau8ezmg1dzCqub13KZOcE=
@@ -890,8 +890,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
-golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1005,13 +1005,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
-golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg=
-golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1023,8 +1023,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
-golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1314,8 +1314,8 @@ k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+O
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
 k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20200229041039-0a110f9eb7ab/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
-k8s.io/utils v0.0.0-20230115233650-391b47cb4029 h1:L8zDtT4jrxj+TaQYD0k8KNlr556WaVQylDXswKmX+dE=
-k8s.io/utils v0.0.0-20230115233650-391b47cb4029/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
+k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
 
@@ -154,7 +154,7 @@ func (d *driver) accountExists(storageAccountsClient storage.AccountsClient, acc
 	)
 }
 
-func (d *driver) createStorageAccount(storageAccountsClient storage.AccountsClient, resourceGroupName, accountName, location, cloudName string) error {
+func (d *driver) createStorageAccount(storageAccountsClient storage.AccountsClient, resourceGroupName, accountName, location, cloudName string, tagset map[string]*string) error {
 	klog.Infof("attempt to create azure storage account %s (resourceGroup=%q, location=%q)...", accountName, resourceGroupName, location)
 
 	kind := storage.StorageV2
@@ -181,6 +181,7 @@ func (d *driver) createStorageAccount(storageAccountsClient storage.AccountsClie
 				Name: storage.StandardLRS,
 			},
 			AccountPropertiesCreateParameters: params,
+			Tags:                              tagset,
 		},
 	)
 	if err != nil {
@@ -485,9 +486,9 @@ func (d *driver) StorageChanged(cr *imageregistryv1.Config) bool {
 	return !reflect.DeepEqual(cr.Status.Storage.Azure, cr.Spec.Storage.Azure)
 }
 
-// assureStorageAccount makes sure there is a storage account in place. If no storage account name
-// is provided it attempts to generate one. Returns the account name (either the one provided or
-// the one generated), if the account was created or was already there and an error.
+// assureStorageAccount makes sure there is a storage account in place and apply any provided tags.
+// If no storage account name is provided it attempts to generate one. Returns the account name
+// (either the one provided or the one generated), if the account was created or was already there and an error.
 func (d *driver) assureStorageAccount(cfg *Azure, infra *configv1.Infrastructure) (string, bool, error) {
 	environment, err := getEnvironmentByName(d.Config.CloudName)
 	if err != nil {
@@ -516,13 +517,33 @@ func (d *driver) assureStorageAccount(cfg *Azure, infra *configv1.Infrastructure
 		return "", false, fmt.Errorf("create storage account failed, name not available")
 	}
 
+	// Tag the storage account with the openshiftClusterID
+	// along with any user defined tags from the cluster configuration
+	klog.V(2).Info("setting azure storage account tags")
+
+	tagset := map[string]*string{
+		fmt.Sprintf("kubernetes.io_cluster.%s", infra.Status.InfrastructureName): to.StringPtr("owned"),
+	}
+
+	// at this stage we are not keeping user tags in sync. as per enhancement proposal
+	// we only set user provided tags when we created the bucket.
+	hasAzureStatus := infra.Status.PlatformStatus != nil && infra.Status.PlatformStatus.Azure != nil && infra.Status.PlatformStatus.Azure.ResourceTags != nil
+	if hasAzureStatus {
+		klog.V(5).Infof("user has provided %d tags", len(infra.Status.PlatformStatus.Azure.ResourceTags))
+		for _, tag := range infra.Status.PlatformStatus.Azure.ResourceTags {
+			klog.V(5).Infof("user has provided storage account tag: %s: %s", tag.Key, tag.Value)
+			tagset[tag.Key] = to.StringPtr(tag.Value)
+		}
+	}
+	klog.V(5).Infof("tagging storage account with tags: %+v", tagset)
+
 	// regardless if the storage account name was provided by the user or we generated it,
 	// if it is available, we do attempt to create it.
 	var storageAccountCreated bool
 	if *result.NameAvailable {
 		storageAccountCreated = true
 		if err := d.createStorageAccount(
-			storageAccountsClient, cfg.ResourceGroup, accountName, cfg.Region, d.Config.CloudName,
+			storageAccountsClient, cfg.ResourceGroup, accountName, cfg.Region, d.Config.CloudName, tagset,
 		); err != nil {
 			return "", false, err
 		}
 
@@ -1,8 +1,12 @@
 package azure
 
 import (
+	"bytes"
 	"context"
 	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
 	"net/http"
 	"reflect"
 	"regexp"
@@ -12,6 +16,7 @@ import (
 	"github.com/Azure/azure-pipeline-go/pipeline"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/mocks"
+	"github.com/google/go-cmp/cmp"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -329,6 +334,138 @@ func TestConfigEnvWithUserKey(t *testing.T) {
 	}
 }
 
+// custom sender for mocking
+type sender struct {
+	response []*http.Response
+	body     string
+}
+
+// Do implements the Sender interface for mocking
+// Do accepts the passed request and body, then appends the response and emits it.
+func (s *sender) Do(r *http.Request) (*http.Response, error) {
+	resp := &http.Response{
+		StatusCode: http.StatusOK,
+		Request:    r,
+		Body:       io.NopCloser(bytes.NewBufferString(s.body)),
+	}
+	s.response = append(s.response, resp)
+	return resp, nil
+}
+
+func TestUserProvidedTags(t *testing.T) {
+	for _, tt := range []struct {
+		name         string
+		userTags     []configv1.AzureResourceTag
+		expectedTags map[string]string
+		infraName    string
+		responseBody string
+	}{
+		{
+			name:      "no-user-tags",
+			infraName: "some-infra",
+			// only default tags
+			expectedTags: map[string]string{
+				"kubernetes.io_cluster.some-infra": "owned",
+			},
+			responseBody: `{"nameAvailable":true}`,
+		},
+		{
+			name:      "with-user-tags",
+			infraName: "test-infra",
+			userTags: []configv1.AzureResourceTag{
+				{
+					Key:   "tag1",
+					Value: "value1",
+				},
+				{
+					Key:   "tag2",
+					Value: "value2",
+				},
+			},
+			// default tags and user tags
+			expectedTags: map[string]string{
+				"kubernetes.io_cluster.test-infra": "owned",
+				"tag1":                             "value1",
+				"tag2":                             "value2",
+			},
+			responseBody: `{"nameAvailable":true}`,
+		},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			sender := &sender{
+				body: tt.responseBody,
+			}
+
+			storageConfig := &imageregistryv1.ImageRegistryConfigStorageAzure{}
+
+			drv := NewDriver(context.Background(), storageConfig, nil)
+			drv.authorizer = autorest.NullAuthorizer{}
+			drv.sender = sender
+
+			_, _, err := drv.assureStorageAccount(
+				&Azure{
+					SubscriptionID: "subscription-id",
+					ResourceGroup:  "resource-group",
+				},
+				&configv1.Infrastructure{
+					Status: configv1.InfrastructureStatus{
+						InfrastructureName: tt.infraName,
+						Platform:           configv1.AzurePlatformType,
+						PlatformStatus: &configv1.PlatformStatus{
+							Type: configv1.AzurePlatformType,
+							Azure: &configv1.AzurePlatformStatus{
+								ResourceTags: tt.userTags,
+							},
+						},
+					},
+				},
+			)
+			if err != nil {
+				t.Errorf("unexpected error %q", err)
+			}
+
+			// flag to confirm presence of tags
+			foundTags := false
+
+			for _, resp := range sender.response {
+				if resp != nil && resp.Request != nil && resp.Request.Body != nil {
+
+					reqBody := make(map[string]interface{})
+					if err := json.NewDecoder(resp.Request.Body).Decode(&reqBody); err != nil {
+						t.Fatalf("error decoding request: %q", err)
+					}
+
+					// ignore request without tags
+					if _, ok := reqBody["tags"]; ok {
+						foundTags = true
+
+						tags, ok := reqBody["tags"].(map[string]interface{})
+						if !ok {
+							t.Fatal("unable to type assert tags field")
+						}
+						// convert into correct type
+						receivedTags := make(map[string]string)
+						for k, v := range tags {
+							receivedTags[k] = fmt.Sprintf("%+v", v)
+						}
+
+						// compare the tags
+						if !reflect.DeepEqual(tt.expectedTags, receivedTags) {
+							t.Fatalf(
+								"unexpected tags: %s",
+								cmp.Diff(tt.expectedTags, receivedTags),
+							)
+						}
+					}
+				}
+			}
+			if !foundTags {
+				t.Fatal("no tags present in the request")
+			}
+		})
+	}
+}
+
 func Test_assureStorageAccount(t *testing.T) {
 	for _, tt := range []struct {
 		name          string