From 3361bf854c51768efd79fdbb5264b5595e42d05c Mon Sep 17 00:00:00 2001 From: Thomas Miller Date: Thu, 23 Sep 2021 09:56:35 +1000 Subject: [PATCH] Adds controller tag support to instance profile. Instance profiles created by the controller now contain the controller tag that they are made for. --- provider/ec2/environ.go | 7 ++++++- provider/ec2/iam.go | 8 ++++++++ provider/ec2/iam_test.go | 20 ++++++++++++++++---- 3 files changed, 30 insertions(+), 5 deletions(-) diff --git a/provider/ec2/environ.go b/provider/ec2/environ.go index eab992efa1a..564fffe0335 100644 --- a/provider/ec2/environ.go +++ b/provider/ec2/environ.go @@ -190,7 +190,12 @@ func (e *environ) Bootstrap(ctx environs.BootstrapContext, callCtx context.Provi if !ok { return nil, errors.NewNotValid(nil, "cannot find controller name in config") } - instProfile, err := ensureControllerInstanceProfile(ctx.Context(), e.iamClient, controllerName) + controllerUUID := args.ControllerConfig[controller.ControllerUUIDKey].(string) + instProfile, err := ensureControllerInstanceProfile( + ctx.Context(), + e.iamClient, + controllerName, + controllerUUID) if err != nil { return nil, err } diff --git a/provider/ec2/iam.go b/provider/ec2/iam.go index 3ac0a653bbd..bb42d557015 100644 --- a/provider/ec2/iam.go +++ b/provider/ec2/iam.go @@ -26,6 +26,7 @@ import ( "github.com/juju/juju/environs/cloudspec" "github.com/juju/juju/environs/context" "github.com/juju/juju/environs/instances" + "github.com/juju/juju/environs/tags" ) // instanceProfileClient is a subset interface of the ec2 client for attaching @@ -70,10 +71,17 @@ func ensureControllerInstanceProfile( ctx stdcontext.Context, client IAMClient, controllerName string, + controllerUUID string, ) (*iamtypes.InstanceProfile, error) { profileName := fmt.Sprintf("juju-controller-%s", controllerName) res, err := client.CreateInstanceProfile(ctx, &iam.CreateInstanceProfileInput{ InstanceProfileName: aws.String(profileName), + Tags: []iamtypes.Tag{ + { + Key: aws.String(tags.JujuController), + Value: aws.String(controllerUUID), + }, + }, }) if err != nil { var alreadyExistsErr *iamtypes.EntityAlreadyExistsException diff --git a/provider/ec2/iam_test.go b/provider/ec2/iam_test.go index 23a6c89aa4b..f634fb6afd9 100644 --- a/provider/ec2/iam_test.go +++ b/provider/ec2/iam_test.go @@ -16,6 +16,8 @@ import ( "github.com/juju/errors" jc "github.com/juju/testing/checkers" gc "gopkg.in/check.v1" + + "github.com/juju/juju/environs/tags" ) type IAMSuite struct{} @@ -58,7 +60,12 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileFromScratch(c *gc.C) { c.Assert(*i.InstanceProfileName, gc.Equals, "juju-controller-test") c.Assert(i.Path, gc.IsNil) - c.Assert(len(i.Tags), gc.Equals, 0) + c.Assert(i.Tags, jc.DeepEquals, []types.Tag{ + { + Key: aws.String(tags.JujuController), + Value: aws.String("AABBCC"), + }, + }) t := time.Now() return &iam.CreateInstanceProfileOutput{ @@ -71,7 +78,7 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileFromScratch(c *gc.C) { }, } - _, err := ensureControllerInstanceProfile(context.TODO(), client, "test") + _, err := ensureControllerInstanceProfile(context.TODO(), client, "test", "AABBCC") c.Assert(err, jc.ErrorIsNil) } @@ -86,7 +93,12 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileAlreadyExists(c *gc.C) { c.Assert(*i.InstanceProfileName, gc.Equals, "juju-controller-test") c.Assert(i.Path, gc.IsNil) - c.Assert(len(i.Tags), gc.Equals, 0) + c.Assert(i.Tags, jc.DeepEquals, []types.Tag{ + { + Key: aws.String(tags.JujuController), + Value: aws.String("ABCD"), + }, + }) return nil, &types.EntityAlreadyExistsException{ Message: aws.String("already exists"), @@ -111,7 +123,7 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileAlreadyExists(c *gc.C) { }, } - instanceProfile, err := ensureControllerInstanceProfile(context.TODO(), client, "test") + instanceProfile, err := ensureControllerInstanceProfile(context.TODO(), client, "test", "ABCD") c.Assert(err, jc.ErrorIsNil) c.Assert(getInstanceProfileCalled, jc.IsTrue) c.Assert(*instanceProfile.Arn, gc.Equals, "arn://12345")