Merge pull request #13352 from tlm/aws-instance-profile

#13352 Instance profiles created by the controller now contain the controller tag that they are made for. ## Checklist - [x] Requires a [pylibjuju](https://github.com/juju/python-libjuju) change - [x] Added [integration tests](https://github.com/juju/juju/tree/develop/tests) for the PR - [x] Added or updated [doc.go](https://discourse.jujucharms.com/t/readme-in-packages/451) related to packages changed - [x] Comments answer the question of why design decisions were made ## QA steps Bootstrap an AWS controller with `juju bootstrap aws/ap-southeast-2 --bootstrap-constraints="instance-role=auto" testmctestface` Check that the corresponding Instance Profile has the controller uuid tag set with: aws iam list-instance-profile-tags --instance-profile-name "juju-controller-testmctestface"
juju · Sep 24, 2021 · e9248ef · e9248ef
2 parents 8643959 + 3361bf8
commit e9248ef
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 5 deletions.
diff --git a/provider/ec2/environ.go b/provider/ec2/environ.go
@@ -190,7 +190,12 @@ func (e *environ) Bootstrap(ctx environs.BootstrapContext, callCtx context.Provi
 		if !ok {
 			return nil, errors.NewNotValid(nil, "cannot find controller name in config")
 		}
-		instProfile, err := ensureControllerInstanceProfile(ctx.Context(), e.iamClient, controllerName)
+		controllerUUID := args.ControllerConfig[controller.ControllerUUIDKey].(string)
+		instProfile, err := ensureControllerInstanceProfile(
+			ctx.Context(),
+			e.iamClient,
+			controllerName,
+			controllerUUID)
 		if err != nil {
 			return nil, err
 		}

diff --git a/provider/ec2/iam.go b/provider/ec2/iam.go
@@ -26,6 +26,7 @@ import (
 	"github.com/juju/juju/environs/cloudspec"
 	"github.com/juju/juju/environs/context"
 	"github.com/juju/juju/environs/instances"
+	"github.com/juju/juju/environs/tags"
 )
 
 // instanceProfileClient is a subset interface of the ec2 client for attaching
@@ -70,10 +71,17 @@ func ensureControllerInstanceProfile(
 	ctx stdcontext.Context,
 	client IAMClient,
 	controllerName string,
+	controllerUUID string,
 ) (*iamtypes.InstanceProfile, error) {
 	profileName := fmt.Sprintf("juju-controller-%s", controllerName)
 	res, err := client.CreateInstanceProfile(ctx, &iam.CreateInstanceProfileInput{
 		InstanceProfileName: aws.String(profileName),
+		Tags: []iamtypes.Tag{
+			{
+				Key:   aws.String(tags.JujuController),
+				Value: aws.String(controllerUUID),
+			},
+		},
 	})
 	if err != nil {
 		var alreadyExistsErr *iamtypes.EntityAlreadyExistsException

diff --git a/provider/ec2/iam_test.go b/provider/ec2/iam_test.go
@@ -16,6 +16,8 @@ import (
 	"github.com/juju/errors"
 	jc "github.com/juju/testing/checkers"
 	gc "gopkg.in/check.v1"
+
+	"github.com/juju/juju/environs/tags"
 )
 
 type IAMSuite struct{}
@@ -58,7 +60,12 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileFromScratch(c *gc.C) {
 
 			c.Assert(*i.InstanceProfileName, gc.Equals, "juju-controller-test")
 			c.Assert(i.Path, gc.IsNil)
-			c.Assert(len(i.Tags), gc.Equals, 0)
+			c.Assert(i.Tags, jc.DeepEquals, []types.Tag{
+				{
+					Key:   aws.String(tags.JujuController),
+					Value: aws.String("AABBCC"),
+				},
+			})
 
 			t := time.Now()
 			return &iam.CreateInstanceProfileOutput{
@@ -71,7 +78,7 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileFromScratch(c *gc.C) {
 		},
 	}
 
-	_, err := ensureControllerInstanceProfile(context.TODO(), client, "test")
+	_, err := ensureControllerInstanceProfile(context.TODO(), client, "test", "AABBCC")
 	c.Assert(err, jc.ErrorIsNil)
 }
 
@@ -86,7 +93,12 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileAlreadyExists(c *gc.C) {
 
 			c.Assert(*i.InstanceProfileName, gc.Equals, "juju-controller-test")
 			c.Assert(i.Path, gc.IsNil)
-			c.Assert(len(i.Tags), gc.Equals, 0)
+			c.Assert(i.Tags, jc.DeepEquals, []types.Tag{
+				{
+					Key:   aws.String(tags.JujuController),
+					Value: aws.String("ABCD"),
+				},
+			})
 
 			return nil, &types.EntityAlreadyExistsException{
 				Message: aws.String("already exists"),
@@ -111,7 +123,7 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileAlreadyExists(c *gc.C) {
 		},
 	}
 
-	instanceProfile, err := ensureControllerInstanceProfile(context.TODO(), client, "test")
+	instanceProfile, err := ensureControllerInstanceProfile(context.TODO(), client, "test", "ABCD")
 	c.Assert(err, jc.ErrorIsNil)
 	c.Assert(getInstanceProfileCalled, jc.IsTrue)
 	c.Assert(*instanceProfile.Arn, gc.Equals, "arn://12345")