Merge pull request #327 from galiacheng/tags-for-resources

Support tagging resources in single node, admin and cluster offer

Author: rjeberhard

.github/workflows/testWlsAksWithDependencyCreation.yml

@@ -226,7 +226,7 @@ jobs:
               with:
                 path: weblogic-azure
             - name: Download artifact for deployment
-              uses: actions/download-artifact@v1
+              uses: actions/download-artifact@v4
               with:
                 name: ${{needs.preflight.outputs.artifactName}}
             - uses: azure/login@v1

.github/workflows/testWlsAksWithoutDependencyCreation.yml

@@ -189,7 +189,7 @@ jobs:
               with:
                 path: weblogic-azure
             - name: Download artifact for deployment
-              uses: actions/download-artifact@v1
+              uses: actions/download-artifact@v4
               with:
                 name: ${{needs.preflight.outputs.artifactName}}
             - uses: azure/login@v1

.github/workflows/testWlsVmAdmin.yml

@@ -223,7 +223,7 @@ jobs:
           repository: ${{env.repoOwner}}/${{env.repoName}}
           path: ${{env.repoName}}
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: ${{ needs.preflight.outputs.artifactName }}
 

.github/workflows/testWlsVmCluster.yml

@@ -256,7 +256,7 @@ jobs:
           repository: ${{env.repoOwner}}/${{env.repoName}}
           path: ${{env.repoName}}
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: ${{ needs.preflight.outputs.artifactName }}
       - uses: azure/login@v1
@@ -713,7 +713,7 @@ jobs:
             --template-file ${artifactName}/nestedtemplates/coherenceTemplate.json
 
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: ${{ needs.preflight.outputs.addnodeArtifactName }}
 
@@ -761,7 +761,7 @@ jobs:
           fi
 
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: ${{ needs.preflight.outputs.addCoherenceNodeArtifactName }}
 
@@ -809,7 +809,7 @@ jobs:
           fi
 
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: ${{ needs.preflight.outputs.deletenodeArtifactName }}
       - name: Delete nodes from existing cluster

.github/workflows/testWlsVmDynamicCluster.yml

@@ -234,7 +234,7 @@ jobs:
           repository: ${{env.repoOwner}}/${{env.repoName}}
           path: ${{env.repoName}}
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: ${{ needs.preflight.outputs.artifactName }}
       - uses: azure/login@v1
@@ -537,7 +537,7 @@ jobs:
             --template-file ${artifactName}/nestedtemplates/coherenceTemplate.json
 
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: ${{ needs.preflight.outputs.addnodeArtifactName }}
 
@@ -588,7 +588,7 @@ jobs:
           fi
 
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: ${{ needs.preflight.outputs.addCoherenceNodeArtifactName }}
 
@@ -636,7 +636,7 @@ jobs:
           fi
 
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: ${{ needs.preflight.outputs.deletenodeArtifactName }}
       - name: Delete nodes from existing cluster

pom.xml

@@ -42,9 +42,9 @@
         <!--  weblogic azure aks versions  -->
         <version.wls-on-aks-azure-marketplace>1.0.81</version.wls-on-aks-azure-marketplace>
         <!--  weblogic azure vm versions  -->
-        <version.arm-oraclelinux-wls>1.0.28</version.arm-oraclelinux-wls>
-        <version.arm-oraclelinux-wls-admin>1.0.53</version.arm-oraclelinux-wls-admin>
-        <version.arm-oraclelinux-wls-cluster>1.0.690000</version.arm-oraclelinux-wls-cluster>
+        <version.arm-oraclelinux-wls>1.0.29</version.arm-oraclelinux-wls>
+        <version.arm-oraclelinux-wls-admin>1.0.54</version.arm-oraclelinux-wls-admin>
+        <version.arm-oraclelinux-wls-cluster>1.0.700000</version.arm-oraclelinux-wls-cluster>
         <version.arm-oraclelinux-wls-dynamic-cluster>1.0.52</version.arm-oraclelinux-wls-dynamic-cluster>
         <!--  node versions  -->
         <version.arm-oraclelinux-wls-dynamic-cluster-addnode>1.0.7</version.arm-oraclelinux-wls-dynamic-cluster-addnode>

resources/azure-common.properties

@@ -50,4 +50,23 @@ azure.cli.version=2.53.0
 # AzurePowerShell version
 azure.powershell.version=11.5
 
+# These filters are used to implement tags for resources. Other occurrences of these resource type identifiers
+# are intentionally not filtered because doing so would unnecessarily complicate the code.
+identifier.applicationGateways=Microsoft.Network/applicationGateways
+identifier.availabilitySets=Microsoft.Compute/availabilitySets
+identifier.dnszones=Microsoft.Network/dnszones
+identifier.networkInterfaces=Microsoft.Network/networkInterfaces
+identifier.networkSecurityGroups=Microsoft.Network/networkSecurityGroups
+identifier.publicIPAddresses=Microsoft.Network/publicIPAddresses
+identifier.privateEndpoints=Microsoft.Network/privateEndpoints
+identifier.storageAccounts=Microsoft.Storage/storageAccounts
+identifier.vaults=Microsoft.KeyVault/vaults
+identifier.virtualNetworks=Microsoft.Network/virtualNetworks
+identifier.virtualMachines=Microsoft.Compute/virtualMachines
+identifier.virtualMachinesExtensions=Virtual machine extension
+identifier.deploymentScripts=Microsoft.Resources/deploymentScripts
+identifier.userAssignedIdentities=Microsoft.ManagedIdentity/userAssignedIdentities
+identifier.resourcesDeployment=Microsoft resources deployment
+label.tagsLabel=Tags for the resources.
+
 azure.armBased.vmSize.list="Standard_D2plds_v5","Standard_D4plds_v5","Standard_D8plds_v5","Standard_D16plds_v5","Standard_D32plds_v5","Standard_D48plds_v5","Standard_D64plds_v5","Standard_D2pls_v5","Standard_D4pls_v5","Standard_D8pls_v5","Standard_D16pls_v5","Standard_D32pls_v5","Standard_D48pls_v5","Standard_D64pls_v5","Standard_D2pds_v5","Standard_D4pds_v5","Standard_D8pds_v5","Standard_D16pds_v5","Standard_D32pds_v5","Standard_D48pds_v5","Standard_D64pds_v5","Standard_D2ps_v5","Standard_D4ps_v5","Standard_D8ps_v5","Standard_D16ps_v5","Standard_D32ps_v5","Standard_D48ps_v5","Standard_D64ps_v5","Standard_E2pds_v5","Standard_E4pds_v5","Standard_E8pds_v5","Standard_E16pds_v5","Standard_E20pds_v5","Standard_E32pds_v5","Standard_E2ps_v5","Standard_E4ps_v5","Standard_E8ps_v5","Standard_E16ps_v5","Standard_E20ps_v5","Standard_E32ps_v5","Standard_B2pls_v2","Standard_B2ps_v2","Standard_B2pts_v2","Standard_B4pls_v2","Standard_B4ps_v2","Standard_B8pls_v2","Standard_B8ps_v2","Standard_B16pls_v2","Standard_B16ps_v2"

resources/doc/guidance-for-tagging-resource.md

@@ -0,0 +1,158 @@
+
+# Guidance on Applying Tags in Solution Templates
+
+## What are Tags in this context and why are they useful?
+
+Tags are arbitrary name=value pairs that can be associated with most Azure resources. Azure features such as Azure Policy can use Tags to enforce cloud governance policies. For more about tags, see [Use tags to organize your Azure resources and management hierarchy](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources).
+
+## Step 1: Audit Resources Created in the Offer
+
+To determine the resources that will be created in your offer, use the following commands based on the template type:
+
+### For ARM Templates:
+Use the command below to list resource types:
+
+```bash
+# Navigate to the offer folder
+cd offer-folder
+grep -rh "\"type\": \"Microsoft" --exclude="createUiDefinition.json" | sort | uniq | sed 's/^[ \t]*//'
+```
+
+### For Bicep Templates:
+Use the command below to list resource types and remove duplicates:
+
+```bash
+# Navigate to the offer folder
+cd offer-folder
+grep -rh "^resource" | grep "Microsoft." | sort | uniq | sed 's/^[ \t]*//'
+```
+
+Identify which resources support tags and which do not. For resources not listed below, consult the ARM definition at [Azure Resource Manager templates](https://learn.microsoft.com/en-us/azure/templates/) to determine if tagging is supported. If the definition does not include a tags property, the resource does not support tags and tagging is not required for deployments.
+
+### Resources that Support Tags:
+
+The top-level resources will be listed in the Tag UI control. Sub-resources will inherit the same tags as their parent resources.
+
+For example, in the UI definition, customers can specify tags for `Microsoft.KeyVault/vaults`, but not for `Microsoft.KeyVault/vaults/secrets`. For the deployment of `Microsoft.KeyVault/vaults/secrets`, the same tags applied to `Microsoft.KeyVault/vaults` will be used. This approach ensures a consistent tagging experience with Key Vault deployments in the Azure portal.
+
+- Microsoft.Network/dnszones
+- Microsoft.Network/networkInterfaces
+- Microsoft.Network/networkSecurityGroups
+- Microsoft.Network/publicIPAddresses
+- Microsoft.Network/privateEndpoints
+- Microsoft.Storage/storageAccounts
+- Microsoft.KeyVault/vaults
+    - Microsoft.KeyVault/vaults/secrets
+- Microsoft.Network/virtualNetworks
+- Microsoft.Compute/virtualMachines
+- Microsoft.Compute/virtualMachines/extensions
+- Microsoft.Resources/deploymentScripts
+- Microsoft.ManagedIdentity/userAssignedIdentities
+- Microsoft.Resources/deployments
+- Microsoft.Network/applicationGateways
+
+### Resources that Do Not Support Tags:
+
+- Microsoft.Storage/storageAccounts/fileServices
+- Microsoft.Storage/storageAccounts/fileServices/shares
+- Microsoft.Network/networkSecurityGroups/securityRules
+- Microsoft.Network/dnsZones/A
+- Microsoft.Network/dnszones/CNAME
+- Microsoft.Network/virtualNetworks/subnets
+- Microsoft.Authorization/roleAssignments
+- Microsoft.Network/loadBalancers/backendAddressPools
+- Microsoft.Network/applicationGateways/backendHttpSettingsCollection
+- Microsoft.Network/applicationGateways/frontendIPConfigurations
+- Microsoft.Network/applicationGateways/frontendPorts
+- Microsoft.Network/applicationGateways/gatewayIPConfigurations
+- Microsoft.Network/applicationGateways/httpListeners
+- Microsoft.Network/applicationGateways/probes
+- Microsoft.Network/applicationGateways/requestRoutingRules
+
+## Step 2: Tag UI Control
+
+Incorporate the [Microsoft.Common.TagsByResource UI element](https://learn.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/microsoft-common-tagsbyresource?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef0) to include resources that support tags.
+
+## Step 3: Update the Template
+
+Refer to this [pull request](https://github.com/oracle/weblogic-azure/pull/327/) as a guide for how to apply tags to the resource deployments.
+
+## Step 4: Testing
+
+1. **Create a Test Offer:** Set up a test offer to validate the tagging process.
+  
+2. **Tag Settings:**
+    - Apply a uniform tag to all resources.
+    - Create specific tags for each resource, setting the tag value to the resource type (e.g., "tag1=storage account").
+  
+3. **Deploy the Offer:** 
+
+4. **Verify Tags:** Use the following command to verify that the resources have the correct tags applied:
+
+    ```bash
+    az resource list --resource-group <resource-group-name> --query "[].{Name:name, Type:type, Tags:tags}" -o json
+    ```
+
+    For example:
+
+    ```shell
+    az resource list --resource-group haiche-sn-tag-test --query "[].{Name:name, Type:type, Tags:tags}" -o json
+    [
+        {
+            "Name": "0733ecolvm",
+            "Tags": {
+            "Tag0": "All",
+            "Tag6": "storage account"
+            },
+            "Type": "Microsoft.Storage/storageAccounts"
+        },
+        {
+            "Name": "olvm_PublicIP",
+            "Tags": {
+            "Tag0": "All",
+            "Tag4": "public ip address"
+            },
+            "Type": "Microsoft.Network/publicIPAddresses"
+        },
+        {
+            "Name": "wls-nsg",
+            "Tags": {
+            "Tag0": "All",
+            "Tag3": "network security group"
+            },
+            "Type": "Microsoft.Network/networkSecurityGroups"
+        },
+        {
+            "Name": "olvm_VNET",
+            "Tags": {
+            "Tag0": "All",
+            "Tag8": "virtual network"
+            },
+            "Type": "Microsoft.Network/virtualNetworks"
+        },
+        {
+            "Name": "olvm_NIC",
+            "Tags": {
+            "Tag0": "All",
+            "Tag2": "network interface"
+            },
+            "Type": "Microsoft.Network/networkInterfaces"
+        },
+        {
+            "Name": "WeblogicServerVM",
+            "Tags": {
+            "Tag0": "All",
+            "Tag7": "virtual machine"
+            },
+            "Type": "Microsoft.Compute/virtualMachines"
+        },
+        {
+            "Name": "WeblogicServerVM_OsDisk_1_d1fed748ccaa4cac81df9179e6dff325",
+            "Tags": {
+            "Tag0": "All",
+            "Tag7": "virtual machine"
+            },
+            "Type": "Microsoft.Compute/disks"
+        }
+    ]
+    ```

weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/createUiDefinition.json

@@ -1215,6 +1215,32 @@
                         "visible": "[bool(steps('section_database').enableDB)]"
                     }
                 ]
+            },
+            {
+                "name": "section_tags",
+                "label": "Tags",
+                "elements": [
+                    {
+                        "name": "tagsByResource",
+                        "type": "Microsoft.Common.TagsByResource",
+                        "resources": [
+                            "${identifier.dnszones}",
+                            "${identifier.networkInterfaces}",
+                            "${identifier.networkSecurityGroups}",
+                            "${identifier.publicIPAddresses}",
+                            "${identifier.privateEndpoints}",
+                            "${identifier.storageAccounts}",
+                            "${identifier.vaults}",
+                            "${identifier.virtualNetworks}",
+                            "${identifier.virtualMachines}",
+                            "${identifier.virtualMachinesExtensions}",
+                            "${identifier.deploymentScripts}",
+                            "${identifier.userAssignedIdentities}",
+                            "${identifier.resourcesDeployment}"
+                        ],
+                        "toolTip": "Tags help you organize your resources and categorize them for billing or management purposes. You can apply tags to resources deployed by the offer."
+                    }
+                ]
             }
         ],
         "outputs": {
@@ -1261,6 +1287,7 @@
             "keyVaultCustomTrustKeyStoreType": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultCustomTrustKeyStoreType]",
             "keyVaultPrivateKeyAliasSecretName": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultPrivateKeyAliasSecretName]",
             "keyVaultPrivateKeyPassPhraseSecretName": "[steps('section_sslConfiguration').keyVaultStoredCustomSSLSettings.keyVaultPrivateKeyPassPhraseSecretName]",
+            "tagsByResource": "[steps('section_tags').tagsByResource]",
             "uploadedCustomIdentityKeyStoreData": "[steps('section_sslConfiguration').uploadedCustomSSLSettings.uploadedCustomIdentityKeyStoreData]",
             "uploadedCustomIdentityKeyStorePassphrase": "[steps('section_sslConfiguration').uploadedCustomSSLSettings.uploadedCustomIdentityKeyStorePassphrase]",
             "uploadedCustomIdentityKeyStoreType": "[steps('section_sslConfiguration').uploadedCustomSSLSettings.uploadedCustomIdentityKeyStoreType]",