Merge pull request #1204 from rvanderp3/SPLAT-1386

SPLAT-1386: reconcile additional tags assigned to machine

Author: openshift-merge-bot[bot]

Dockerfile

@@ -1,4 +1,4 @@
-FROM registry.ci.openshift.org/openshift/release:golang-1.19 AS builder
+FROM registry.ci.openshift.org/openshift/release:golang-1.21 AS builder
 WORKDIR /go/src/github.com/openshift/machine-api-operator
 COPY . .
 RUN NO_DOCKER=1 make build

docs/user/vsphere/tags.md

@@ -0,0 +1,54 @@
+Administrators may wish to attach additional tags to newly provisioned VMs. The cluster API provider for vSphere
+allows for this in the [`VirtualMachineCloneSpec`](https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/b9b2c22ea68c13cbf706f2116ced804b5afb124e/apis/v1beta1/types.go#L189-L193).
+A similar provision has been made in the [`VSphereMachineProviderSpec`](https://github.com/openshift/api/blob/6d48d55c0598ec78adacdd847dcf934035ec2e1b/machine/v1beta1/types_vsphereprovider.go#L54-L59).
+
+Up to 10 tags are attachable by their tag URN(for example: `urn:vmomi:InventoryServiceTag:f6dfddfd-b28a-44da-9503-635d3fc245ac:GLOBAL`), not by the name of the tag and tag category. As a result, a given tag must exist before the 
+machine controller will attempt to associate the tag.  The URN can be retrieved from the vCenter UI by accessing the `Tag & Custom Attributes` screen and selecting the desired tag.  The tag URN will be in the URL: 
+```
+https://v8c-2-vcenter.ocp2.dev.cluster.com/ui/app/tags/tag/urn:vmomi:InventoryServiceTag:f6dfddfd-b28a-44da-9503-635d3fc245ac:GLOBAL/permissions
+```
+
+The below example demonstrates a machine spec which defines `tagIDs`:
+
+```yaml
+apiVersion: machine.openshift.io/v1beta1
+kind: Machine
+metadata:
+  generateName: ci-ln-ll0lbgk-c1627-gslcw-worker-0-
+  name: ci-ln-ll0lbgk-c1627-gslcw-worker-0-6nppd
+spec:
+  lifecycleHooks: {}
+  metadata: {}
+  providerID: 'vsphere://421bb8b8-e7da-6bfa-3e1b-cc6ef9945343'
+  providerSpec:
+    value:
+      numCoresPerSocket: 4
+      diskGiB: 120
+      snapshot: ''
+      userDataSecret:
+        name: worker-user-data
+      memoryMiB: 16384
+      credentialsSecret:
+        name: vsphere-cloud-credentials
+      network:
+        devices:
+          - networkName: ci-vlan-1207
+      metadata:
+        creationTimestamp: null
+      numCPUs: 4
+      kind: VSphereMachineProviderSpec
+      workspace:
+        datacenter: IBMCloud
+        datastore: /IBMCloud/datastore/vsanDatastore
+        folder: /IBMCloud/vm/ci-ln-ll0lbgk-c1627-gslcw
+        resourcePool: /IBMCloud/host/vcs-ci-workload/Resources/ipi-ci-clusters
+        server: v8c-2-vcenter.ocp2.dev.cluster.com
+      template: ci-ln-ll0lbgk-c1627-gslcw-rhcos-generated-region-generated-zone
+      tagIDs:
+        - 'urn:vmomi:InventoryServiceTag:8d893b87-28de-4ef0-90d2-af24f21b0f26:GLOBAL'
+      apiVersion: machine.openshift.io/v1beta1
+status: {}
+```
+
+
+`machinesets` may also be defined to attach tags to `machines` created by the `machineset`.

pkg/controller/vsphere/actuator_test.go

@@ -180,7 +180,8 @@ func TestMachineEvents(t *testing.T) {
 		g.Expect(k8sClient.Delete(context.Background(), userDataSecret)).To(Succeed())
 	}()
 
-	g.Expect(createTagAndCategory(session, tagToCategoryName("CLUSTERID"), "CLUSTERID")).To(Succeed())
+	_, err = createTagAndCategory(session, tagToCategoryName("CLUSTERID"), "CLUSTERID")
+	g.Expect(err).ToNot(HaveOccurred())
 
 	ctx := context.Background()
 

pkg/controller/vsphere/reconciler.go

@@ -250,7 +250,7 @@ func (r *Reconciler) update() error {
 		Ref:     vmRef,
 	}
 
-	if err := vm.reconcileTags(r.Context, r.session, r.machine); err != nil {
+	if err := vm.reconcileTags(r.Context, r.session, r.machine, r.providerSpec); err != nil {
 		metrics.RegisterFailedInstanceUpdate(&metrics.MachineLabels{
 			Name:      r.machine.Name,
 			Namespace: r.machine.Namespace,
@@ -1314,25 +1314,28 @@ func (vm *virtualMachine) getPowerState() (types.VirtualMachinePowerState, error
 
 // reconcileTags ensures that the required tags are present on the virtual machine, eg the Cluster ID
 // that is used by the installer on cluster deletion to ensure ther are no leaked resources.
-func (vm *virtualMachine) reconcileTags(ctx context.Context, sessionInstance *session.Session, machine *machinev1.Machine) error {
+func (vm *virtualMachine) reconcileTags(ctx context.Context, sessionInstance *session.Session, machine *machinev1.Machine, providerSpec *machinev1.VSphereMachineProviderSpec) error {
 	if err := sessionInstance.WithCachingTagsManager(vm.Context, func(c *session.CachingTagsManager) error {
 		klog.Infof("%v: Reconciling attached tags", machine.GetName())
 
 		clusterID := machine.Labels[machinev1.MachineClusterIDLabel]
-
-		attached, err := vm.checkAttachedTag(ctx, clusterID, c)
-		if err != nil {
-			return err
-		}
-
-		if !attached {
-			klog.Infof("%v: Attaching %s tag to vm", machine.GetName(), clusterID)
-			// the tag should already be created by installer
-			if err := c.AttachTag(ctx, clusterID, vm.Ref); err != nil {
+		tagIDs := []string{clusterID}
+		tagIDs = append(tagIDs, providerSpec.TagIDs...)
+		klog.Infof("%v: Reconciling %s tags to vm", machine.GetName(), tagIDs)
+		for _, tagID := range tagIDs {
+			attached, err := vm.checkAttachedTag(ctx, tagID, c)
+			if err != nil {
 				return err
 			}
-		}
 
+			if !attached {
+				klog.Infof("%v: Attaching %s tag to vm", machine.GetName(), tagID)
+				// the tag should already be created by installer or the administrator
+				if err := c.AttachTag(ctx, tagID, vm.Ref); err != nil {
+					return err
+				}
+			}
+		}
 		return nil
 	}); err != nil {
 		return err
@@ -1359,9 +1362,16 @@ func (vm *virtualMachine) checkAttachedTag(ctx context.Context, tagName string,
 	}
 
 	for _, tag := range tags {
-		if tag.Name == tagName {
-			return true, nil
+		if session.IsName(tagName) {
+			if tag.Name == tagName {
+				return true, nil
+			}
+		} else {
+			if tag.ID == tagName {
+				return true, nil
+			}
 		}
+
 	}
 
 	return false, nil
@@ -1377,22 +1387,34 @@ func tagToCategoryName(tagName string) string {
 }
 
 func (vm *virtualMachine) foundTag(ctx context.Context, tagName string, m *session.CachingTagsManager) (bool, error) {
-	tags, err := m.ListTagsForCategory(ctx, tagToCategoryName(tagName))
-	if err != nil {
-		if isNotFoundErr(err) {
-			return false, nil
+	var tags []string
+	var err error
+
+	if session.IsName(tagName) {
+		tags, err = m.ListTagsForCategory(ctx, tagToCategoryName(tagName))
+		if err != nil {
+			if isNotFoundErr(err) {
+				return false, nil
+			}
+			return false, err
 		}
-		return false, err
+	} else {
+		tags = []string{tagName}
 	}
-
+	klog.V(4).Infof("validating the presence of tags: %+v", tags)
 	for _, id := range tags {
 		tag, err := m.GetTag(ctx, id)
 		if err != nil {
 			return false, err
 		}
-
-		if tag.Name == tagName {
-			return true, nil
+		if session.IsName(tagName) {
+			if tag.Name == tagName {
+				return true, nil
+			}
+		} else {
+			if tag.ID == tagName {
+				return true, nil
+			}
 		}
 	}
 

pkg/controller/vsphere/reconciler_test.go

@@ -1367,7 +1367,7 @@ func TestReconcileTags(t *testing.T) {
 		name          string
 		expectedError bool
 		attachTag     bool
-		testCondition func(tagName string) error
+		testCondition func(tagName string) (string, error)
 		tagName       string
 	}{
 		{
@@ -1380,35 +1380,59 @@ func TestReconcileTags(t *testing.T) {
 			expectedError: false,
 			attachTag:     true,
 			tagName:       "BAAAAAAR",
-			testCondition: func(tagName string) error {
-				return createTagAndCategory(sessionObj, tagToCategoryName(tagName), tagName)
+			testCondition: func(tagName string) (string, error) {
+				_, err := createTagAndCategory(sessionObj, tagToCategoryName(tagName), tagName)
+				return "", err
+			},
+		},
+		{
+			name:          "Successfully attach additional tags",
+			expectedError: false,
+			attachTag:     true,
+			tagName:       "BAAAAAAR2",
+			testCondition: func(tagName string) (string, error) {
+				if _, err := createTagAndCategory(sessionObj, tagToCategoryName(tagName), tagName); err != nil {
+					return "", err
+				}
+
+				additionalTag := "test-tag"
+				if additionalTagID, err := createTagAndCategory(sessionObj, tagToCategoryName(additionalTag), additionalTag); err != nil {
+					return "", err
+				} else {
+					return additionalTagID, nil
+				}
+
 			},
 		},
 		{
 			name:          "Fail on vSphere API error",
 			expectedError: false,
 			tagName:       "BAAAAAZ",
-			testCondition: func(tagName string) error {
-				return sessionObj.Logout(context.Background())
+			testCondition: func(tagName string) (string, error) {
+				return "", sessionObj.Logout(context.Background())
 			},
 		},
 	}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
+			providerSpec := &machinev1.VSphereMachineProviderSpec{}
 			if tc.testCondition != nil {
-				err := tc.testCondition(tc.tagName)
+				additionalTagID, err := tc.testCondition(tc.tagName)
 				if err != nil {
 					t.Fatalf("Not expected error %v", err)
 				}
+				if len(additionalTagID) > 0 {
+					providerSpec.TagIDs = []string{additionalTagID}
+				}
 			}
 
 			err := vm.reconcileTags(context.TODO(), sessionObj, &machinev1.Machine{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:   "machine",
 					Labels: map[string]string{machinev1.MachineClusterIDLabel: tc.tagName},
 				},
-			})
+			}, providerSpec)
 
 			if tc.expectedError {
 				if err == nil {
@@ -1431,8 +1455,29 @@ func TestReconcileTags(t *testing.T) {
 							t.Fatalf("Expected tags to be found")
 						}
 
-						if tags[0].Name != tc.tagName {
-							t.Fatalf("Expected tag %s, got %s", tc.tagName, tags[0].Name)
+						expectedTags := []string{tc.tagName}
+						if len(providerSpec.TagIDs) > 0 {
+							expectedTags = append(expectedTags, providerSpec.TagIDs...)
+						}
+
+						for _, expectedTag := range expectedTags {
+							gotTag := false
+							for _, attachedTag := range tags {
+								if session.IsName(expectedTag) {
+									if attachedTag.Name == expectedTag {
+										gotTag = true
+										break
+									}
+								} else {
+									if attachedTag.ID == expectedTag {
+										gotTag = true
+										break
+									}
+								}
+							}
+							if !gotTag {
+								t.Fatalf("Expected tag %s to be found", expectedTag)
+							}
 						}
 
 						return nil
@@ -2673,7 +2718,7 @@ func TestUpdate(t *testing.T) {
 		},
 	}
 
-	if err := createTagAndCategory(session, tagToCategoryName("CLUSTERID"), "CLUSTERID"); err != nil {
+	if _, err := createTagAndCategory(session, tagToCategoryName("CLUSTERID"), "CLUSTERID"); err != nil {
 		t.Fatalf("cannot create tag and category: %v", err)
 	}
 
@@ -2919,11 +2964,11 @@ func TestReconcileMachineWithCloudState(t *testing.T) {
 	cluster := simulator.Map.Any("ClusterComputeResource").(*simulator.ClusterComputeResource)
 	dc := simulator.Map.Any("Datacenter").(*simulator.Datacenter)
 
-	if err := createTagAndCategory(session, zoneKey, testZone); err != nil {
+	if _, err := createTagAndCategory(session, zoneKey, testZone); err != nil {
 		t.Fatalf("cannot create tag and category: %v", err)
 	}
 
-	if err := createTagAndCategory(session, regionKey, testRegion); err != nil {
+	if _, err := createTagAndCategory(session, regionKey, testRegion); err != nil {
 		t.Fatalf("cannot create tag and category: %v", err)
 	}
 
@@ -3017,7 +3062,8 @@ func TestReconcileMachineWithCloudState(t *testing.T) {
 	}
 }
 
-func createTagAndCategory(session *session.Session, categoryName, tagName string) error {
+func createTagAndCategory(session *session.Session, categoryName, tagName string) (string, error) {
+	var tagID string
 	if err := session.WithRestClient(context.TODO(), func(c *rest.Client) error {
 		tagsMgr := tags.NewManager(c)
 
@@ -3030,7 +3076,7 @@ func createTagAndCategory(session *session.Session, categoryName, tagName string
 			return err
 		}
 
-		_, err = tagsMgr.CreateTag(context.TODO(), &tags.Tag{
+		tagID, err = tagsMgr.CreateTag(context.TODO(), &tags.Tag{
 			CategoryID: id,
 			Name:       tagName,
 		})
@@ -3040,10 +3086,10 @@ func createTagAndCategory(session *session.Session, categoryName, tagName string
 
 		return nil
 	}); err != nil {
-		return err
+		return "", err
 	}
 
-	return nil
+	return tagID, nil
 }
 
 func TestVmDisksManipulation(t *testing.T) {

pkg/controller/vsphere/session/tag_ids_caching_client.go

@@ -107,11 +107,11 @@ func newTagsCachingClient(tagsManager *tags.Manager, sessionKey string) *Caching
 	}
 }
 
-// isName returns true if the id is not an urn.
+// IsName returns true if the id is not an urn.
 // this method came from vSphere sdk,
 // see https://github.com/vmware/govmomi/blob/a2fb82dc55a8eb00932233aa8028ce97140df784/vapi/tags/tags.go#L121 for
 // more context.
-func isName(id string) bool {
+func IsName(id string) bool {
 	return !strings.HasPrefix(id, "urn:")
 }
 
@@ -128,7 +128,7 @@ func isObjectNotFoundErr(err error) bool {
 //
 // In case if a tag was not found in vCenter, this would be cached for 12 hours and lookup won't happen till cache expiration.
 func (t *CachingTagsManager) GetTag(ctx context.Context, id string) (*tags.Tag, error) {
-	if !isName(id) { // if id is passed no cache check needed, use original GetTag method instantly
+	if !IsName(id) { // if id is passed no cache check needed, use original GetTag method instantly
 		return t.Manager.GetTag(ctx, id)
 	}
 
@@ -181,7 +181,7 @@ func (t *CachingTagsManager) GetTag(ctx context.Context, id string) (*tags.Tag,
 //
 // In case if a tag was not found in vCenter, this would be cached for 12 hours and lookup won't happen till cache expiration.
 func (t *CachingTagsManager) GetCategory(ctx context.Context, id string) (*tags.Category, error) {
-	if !isName(id) { // if id is passed no cache check needed, use original GetTag method instantly
+	if !IsName(id) { // if id is passed no cache check needed, use original GetTag method instantly
 		return t.Manager.GetCategory(ctx, id)
 	}
 
@@ -230,7 +230,7 @@ func (t *CachingTagsManager) GetCategory(ctx context.Context, id string) (*tags.
 // The id parameter can be a Category ID or Category Name.
 // Uses caching GetCategory method.
 func (t *CachingTagsManager) ListTagsForCategory(ctx context.Context, id string) ([]string, error) {
-	if isName(id) {
+	if IsName(id) {
 		category, err := t.GetCategory(ctx, id)
 		if err != nil {
 			return nil, err