reconcile a slice of additional tag IDs

Author: rvanderp3

pkg/controller/vsphere/actuator_test.go

@@ -180,7 +180,8 @@ func TestMachineEvents(t *testing.T) {
 		g.Expect(k8sClient.Delete(context.Background(), userDataSecret)).To(Succeed())
 	}()
 
-	g.Expect(createTagAndCategory(session, tagToCategoryName("CLUSTERID"), "CLUSTERID")).To(Succeed())
+	_, err = createTagAndCategory(session, tagToCategoryName("CLUSTERID"), "CLUSTERID")
+	g.Expect(err).ToNot(HaveOccurred())
 
 	ctx := context.Background()
 

pkg/controller/vsphere/reconciler.go

@@ -250,7 +250,7 @@ func (r *Reconciler) update() error {
 		Ref:     vmRef,
 	}
 
-	if err := vm.reconcileTags(r.Context, r.session, r.machine); err != nil {
+	if err := vm.reconcileTags(r.Context, r.session, r.machine, r.providerSpec); err != nil {
 		metrics.RegisterFailedInstanceUpdate(&metrics.MachineLabels{
 			Name:      r.machine.Name,
 			Namespace: r.machine.Namespace,
@@ -1314,25 +1314,28 @@ func (vm *virtualMachine) getPowerState() (types.VirtualMachinePowerState, error
 
 // reconcileTags ensures that the required tags are present on the virtual machine, eg the Cluster ID
 // that is used by the installer on cluster deletion to ensure ther are no leaked resources.
-func (vm *virtualMachine) reconcileTags(ctx context.Context, sessionInstance *session.Session, machine *machinev1.Machine) error {
+func (vm *virtualMachine) reconcileTags(ctx context.Context, sessionInstance *session.Session, machine *machinev1.Machine, providerSpec *machinev1.VSphereMachineProviderSpec) error {
 	if err := sessionInstance.WithCachingTagsManager(vm.Context, func(c *session.CachingTagsManager) error {
 		klog.Infof("%v: Reconciling attached tags", machine.GetName())
 
 		clusterID := machine.Labels[machinev1.MachineClusterIDLabel]
-
-		attached, err := vm.checkAttachedTag(ctx, clusterID, c)
-		if err != nil {
-			return err
-		}
-
-		if !attached {
-			klog.Infof("%v: Attaching %s tag to vm", machine.GetName(), clusterID)
-			// the tag should already be created by installer
-			if err := c.AttachTag(ctx, clusterID, vm.Ref); err != nil {
+		tagIDs := []string{clusterID}
+		tagIDs = append(tagIDs, providerSpec.TagIDs...)
+		klog.Infof("%v: Reconciling %s tags to vm", machine.GetName(), tagIDs)
+		for _, tagID := range tagIDs {
+			attached, err := vm.checkAttachedTag(ctx, tagID, c)
+			if err != nil {
 				return err
 			}
-		}
 
+			if !attached {
+				klog.Infof("%v: Attaching %s tag to vm", machine.GetName(), tagID)
+				// the tag should already be created by installer or the administrator
+				if err := c.AttachTag(ctx, tagID, vm.Ref); err != nil {
+					return err
+				}
+			}
+		}
 		return nil
 	}); err != nil {
 		return err
@@ -1359,9 +1362,16 @@ func (vm *virtualMachine) checkAttachedTag(ctx context.Context, tagName string,
 	}
 
 	for _, tag := range tags {
-		if tag.Name == tagName {
-			return true, nil
+		if session.IsName(tagName) {
+			if tag.Name == tagName {
+				return true, nil
+			}
+		} else {
+			if tag.ID == tagName {
+				return true, nil
+			}
 		}
+
 	}
 
 	return false, nil
@@ -1377,22 +1387,34 @@ func tagToCategoryName(tagName string) string {
 }
 
 func (vm *virtualMachine) foundTag(ctx context.Context, tagName string, m *session.CachingTagsManager) (bool, error) {
-	tags, err := m.ListTagsForCategory(ctx, tagToCategoryName(tagName))
-	if err != nil {
-		if isNotFoundErr(err) {
-			return false, nil
+	var tags []string
+	var err error
+
+	if session.IsName(tagName) {
+		tags, err = m.ListTagsForCategory(ctx, tagToCategoryName(tagName))
+		if err != nil {
+			if isNotFoundErr(err) {
+				return false, nil
+			}
+			return false, err
 		}
-		return false, err
+	} else {
+		tags = []string{tagName}
 	}
-
+	klog.V(4).Infof("validating the presence of tags: %+v", tags)
 	for _, id := range tags {
 		tag, err := m.GetTag(ctx, id)
 		if err != nil {
 			return false, err
 		}
-
-		if tag.Name == tagName {
-			return true, nil
+		if session.IsName(tagName) {
+			if tag.Name == tagName {
+				return true, nil
+			}
+		} else {
+			if tag.ID == tagName {
+				return true, nil
+			}
 		}
 	}
 

pkg/controller/vsphere/reconciler_test.go

@@ -1367,7 +1367,7 @@ func TestReconcileTags(t *testing.T) {
 		name          string
 		expectedError bool
 		attachTag     bool
-		testCondition func(tagName string) error
+		testCondition func(tagName string) (string, error)
 		tagName       string
 	}{
 		{
@@ -1380,35 +1380,59 @@ func TestReconcileTags(t *testing.T) {
 			expectedError: false,
 			attachTag:     true,
 			tagName:       "BAAAAAAR",
-			testCondition: func(tagName string) error {
-				return createTagAndCategory(sessionObj, tagToCategoryName(tagName), tagName)
+			testCondition: func(tagName string) (string, error) {
+				_, err := createTagAndCategory(sessionObj, tagToCategoryName(tagName), tagName)
+				return "", err
+			},
+		},
+		{
+			name:          "Successfully attach additional tags",
+			expectedError: false,
+			attachTag:     true,
+			tagName:       "BAAAAAAR2",
+			testCondition: func(tagName string) (string, error) {
+				if _, err := createTagAndCategory(sessionObj, tagToCategoryName(tagName), tagName); err != nil {
+					return "", err
+				}
+
+				additionalTag := "test-tag"
+				if additionalTagID, err := createTagAndCategory(sessionObj, tagToCategoryName(additionalTag), additionalTag); err != nil {
+					return "", err
+				} else {
+					return additionalTagID, nil
+				}
+
 			},
 		},
 		{
 			name:          "Fail on vSphere API error",
 			expectedError: false,
 			tagName:       "BAAAAAZ",
-			testCondition: func(tagName string) error {
-				return sessionObj.Logout(context.Background())
+			testCondition: func(tagName string) (string, error) {
+				return "", sessionObj.Logout(context.Background())
 			},
 		},
 	}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
+			providerSpec := &machinev1.VSphereMachineProviderSpec{}
 			if tc.testCondition != nil {
-				err := tc.testCondition(tc.tagName)
+				additionalTagID, err := tc.testCondition(tc.tagName)
 				if err != nil {
 					t.Fatalf("Not expected error %v", err)
 				}
+				if len(additionalTagID) > 0 {
+					providerSpec.TagIDs = []string{additionalTagID}
+				}
 			}
 
 			err := vm.reconcileTags(context.TODO(), sessionObj, &machinev1.Machine{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:   "machine",
 					Labels: map[string]string{machinev1.MachineClusterIDLabel: tc.tagName},
 				},
-			})
+			}, providerSpec)
 
 			if tc.expectedError {
 				if err == nil {
@@ -1431,8 +1455,29 @@ func TestReconcileTags(t *testing.T) {
 							t.Fatalf("Expected tags to be found")
 						}
 
-						if tags[0].Name != tc.tagName {
-							t.Fatalf("Expected tag %s, got %s", tc.tagName, tags[0].Name)
+						expectedTags := []string{tc.tagName}
+						if len(providerSpec.TagIDs) > 0 {
+							expectedTags = append(expectedTags, providerSpec.TagIDs...)
+						}
+
+						for _, expectedTag := range expectedTags {
+							gotTag := false
+							for _, attachedTag := range tags {
+								if session.IsName(expectedTag) {
+									if attachedTag.Name == expectedTag {
+										gotTag = true
+										break
+									}
+								} else {
+									if attachedTag.ID == expectedTag {
+										gotTag = true
+										break
+									}
+								}
+							}
+							if !gotTag {
+								t.Fatalf("Expected tag %s to be found", expectedTag)
+							}
 						}
 
 						return nil
@@ -2673,7 +2718,7 @@ func TestUpdate(t *testing.T) {
 		},
 	}
 
-	if err := createTagAndCategory(session, tagToCategoryName("CLUSTERID"), "CLUSTERID"); err != nil {
+	if _, err := createTagAndCategory(session, tagToCategoryName("CLUSTERID"), "CLUSTERID"); err != nil {
 		t.Fatalf("cannot create tag and category: %v", err)
 	}
 
@@ -2919,11 +2964,11 @@ func TestReconcileMachineWithCloudState(t *testing.T) {
 	cluster := simulator.Map.Any("ClusterComputeResource").(*simulator.ClusterComputeResource)
 	dc := simulator.Map.Any("Datacenter").(*simulator.Datacenter)
 
-	if err := createTagAndCategory(session, zoneKey, testZone); err != nil {
+	if _, err := createTagAndCategory(session, zoneKey, testZone); err != nil {
 		t.Fatalf("cannot create tag and category: %v", err)
 	}
 
-	if err := createTagAndCategory(session, regionKey, testRegion); err != nil {
+	if _, err := createTagAndCategory(session, regionKey, testRegion); err != nil {
 		t.Fatalf("cannot create tag and category: %v", err)
 	}
 
@@ -3017,7 +3062,8 @@ func TestReconcileMachineWithCloudState(t *testing.T) {
 	}
 }
 
-func createTagAndCategory(session *session.Session, categoryName, tagName string) error {
+func createTagAndCategory(session *session.Session, categoryName, tagName string) (string, error) {
+	var tagID string
 	if err := session.WithRestClient(context.TODO(), func(c *rest.Client) error {
 		tagsMgr := tags.NewManager(c)
 
@@ -3030,7 +3076,7 @@ func createTagAndCategory(session *session.Session, categoryName, tagName string
 			return err
 		}
 
-		_, err = tagsMgr.CreateTag(context.TODO(), &tags.Tag{
+		tagID, err = tagsMgr.CreateTag(context.TODO(), &tags.Tag{
 			CategoryID: id,
 			Name:       tagName,
 		})
@@ -3040,10 +3086,10 @@ func createTagAndCategory(session *session.Session, categoryName, tagName string
 
 		return nil
 	}); err != nil {
-		return err
+		return "", err
 	}
 
-	return nil
+	return tagID, nil
 }
 
 func TestVmDisksManipulation(t *testing.T) {

pkg/controller/vsphere/session/tag_ids_caching_client.go

@@ -107,11 +107,11 @@ func newTagsCachingClient(tagsManager *tags.Manager, sessionKey string) *Caching
 	}
 }
 
-// isName returns true if the id is not an urn.
+// IsName returns true if the id is not an urn.
 // this method came from vSphere sdk,
 // see https://github.com/vmware/govmomi/blob/a2fb82dc55a8eb00932233aa8028ce97140df784/vapi/tags/tags.go#L121 for
 // more context.
-func isName(id string) bool {
+func IsName(id string) bool {
 	return !strings.HasPrefix(id, "urn:")
 }
 
@@ -128,7 +128,7 @@ func isObjectNotFoundErr(err error) bool {
 //
 // In case if a tag was not found in vCenter, this would be cached for 12 hours and lookup won't happen till cache expiration.
 func (t *CachingTagsManager) GetTag(ctx context.Context, id string) (*tags.Tag, error) {
-	if !isName(id) { // if id is passed no cache check needed, use original GetTag method instantly
+	if !IsName(id) { // if id is passed no cache check needed, use original GetTag method instantly
 		return t.Manager.GetTag(ctx, id)
 	}
 
@@ -181,7 +181,7 @@ func (t *CachingTagsManager) GetTag(ctx context.Context, id string) (*tags.Tag,
 //
 // In case if a tag was not found in vCenter, this would be cached for 12 hours and lookup won't happen till cache expiration.
 func (t *CachingTagsManager) GetCategory(ctx context.Context, id string) (*tags.Category, error) {
-	if !isName(id) { // if id is passed no cache check needed, use original GetTag method instantly
+	if !IsName(id) { // if id is passed no cache check needed, use original GetTag method instantly
 		return t.Manager.GetCategory(ctx, id)
 	}
 
@@ -230,7 +230,7 @@ func (t *CachingTagsManager) GetCategory(ctx context.Context, id string) (*tags.
 // The id parameter can be a Category ID or Category Name.
 // Uses caching GetCategory method.
 func (t *CachingTagsManager) ListTagsForCategory(ctx context.Context, id string) ([]string, error) {
-	if isName(id) {
+	if IsName(id) {
 		category, err := t.GetCategory(ctx, id)
 		if err != nil {
 			return nil, err

pkg/webhooks/machine_webhook.go

@@ -118,6 +118,11 @@ var (
 			maxProcessor:             143,
 		},
 	}
+
+	// VSphere variables
+
+	// tagUrnPattern is helps validate the format of a given tag URN
+	tagUrnPattern = regexp.MustCompile(`^(urn):(vmomi):(InventoryServiceTag):([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}):([^:]+)$`)
 )
 
 const (
@@ -1418,6 +1423,16 @@ func validateVSphere(m *machinev1beta1.Machine, config *admissionConfig) (bool,
 		}
 	}
 
+	if len(providerSpec.TagIDs) > 10 {
+		errs = append(errs, field.Invalid(field.NewPath("providerSpec", "tagIDs"), providerSpec.TagIDs, "a maximum of 10 tags are allowed"))
+	}
+
+	for _, tagID := range providerSpec.TagIDs {
+		if tagUrnPattern.FindStringSubmatch(tagID) == nil {
+			errs = append(errs, field.Required(field.NewPath("providerSpec", "tagIDs"), "tag ID must be in the format of urn:vmomi:InventoryServiceTag:<UUID>:GLOBAL"))
+		}
+	}
+
 	if providerSpec.CredentialsSecret == nil {
 		errs = append(errs, field.Required(field.NewPath("providerSpec", "credentialsSecret"), "credentialsSecret must be provided"))
 	} else {