Support tagging resource in WLS AKS offer

.github/workflows/testWlsAksWithDependencyCreation.yml

@@ -229,6 +229,7 @@ jobs:
               uses: actions/download-artifact@v4
               with:
                 name: ${{needs.preflight.outputs.artifactName}}
+                path: ${{needs.preflight.outputs.artifactName}}
             - uses: azure/login@v1
               id: azure-login
               with:
@@ -289,9 +290,8 @@ jobs:
               uses: azure/CLI@v1
               with:
                 azcliversion: ${{ env.azCliVersion }}
-                inlineScript: |
-                    artifactName=${{ needs.preflight.outputs.artifactName }}
-
+                inlineScript: |                    
+                    artifactName=${{ needs.preflight.outputs.artifactName }}                    
                     az deployment group create \
                     --verbose \
                     --resource-group ${{ env.resourceGroupForWlsAks }} \

.github/workflows/testWlsAksWithoutDependencyCreation.yml

@@ -27,6 +27,10 @@ on:
       dbName:
         description: 'Name of the database. Get from another pipeline run'
         required: true
+      vmSize:
+        description: 'The VM size for the AKS pool'
+        required: true
+        default: Standard_D2s_v3
   # sample cURL
   # curl --verbose -X POST https://api.github.com/repos/<github_user>/weblogic-azure/dispatches -H 'Accept: application/vnd.github.everest-preview+json' -H 'Authorization: token <personal_access_token>' --data '<request_data>'
   # sample <request_data>
@@ -40,6 +44,7 @@ env:
     location: eastus
     dbAdminUser: weblogic
     dbPassword: ${{ secrets.DB_PASSWORD }}
+    dbServerName: weblogicdb
     ocrSSOPSW: ${{ secrets.ORC_SSOPSW }}
     ocrSSOUser: ${{ secrets.ORC_SSOUSER }}
     wdtRuntimePassword: ${{ secrets.WDT_RUNTIMEPSW}}
@@ -192,6 +197,7 @@ jobs:
               uses: actions/download-artifact@v4
               with:
                 name: ${{needs.preflight.outputs.artifactName}}
+                path: ${{needs.preflight.outputs.artifactName}}
             - uses: azure/login@v1
               id: azure-login
               with:
@@ -238,7 +244,7 @@ jobs:
                   "${cargoTrackerBlobUrl}" \
                   ${dbPassword} \
                   ${dbAdminUser} \
-                  jdbc:postgresql:\/\/${{ needs.preflight.outputs.dbName }}.postgres.database.azure.com:5432\/postgres \
+                  jdbc:postgresql:\/\/${{ needs.preflight.outputs.dbName }}.postgres.database.azure.com:5432\/${{ env.dbServerName }} \
                   ${location} \
                   ${ocrSSOPSW} \
                   ${ocrSSOUser} \

pom.xml

@@ -40,7 +40,7 @@
     <properties>    
         <!--  versions  start -->
         <!--  weblogic azure aks versions  -->
-        <version.wls-on-aks-azure-marketplace>1.0.81</version.wls-on-aks-azure-marketplace>
+        <version.wls-on-aks-azure-marketplace>1.0.82</version.wls-on-aks-azure-marketplace>
         <!--  weblogic azure vm versions  -->
         <version.arm-oraclelinux-wls>1.0.29</version.arm-oraclelinux-wls>
         <version.arm-oraclelinux-wls-admin>1.0.54</version.arm-oraclelinux-wls-admin>

resources/azure-common.properties

@@ -52,18 +52,22 @@ azure.powershell.version=11.5
 
 # These filters are used to implement tags for resources. Other occurrences of these resource type identifiers
 # are intentionally not filtered because doing so would unnecessarily complicate the code.
+identifier.accounts=Microsoft.Monitor/accounts
 identifier.applicationGateways=Microsoft.Network/applicationGateways
 identifier.availabilitySets=Microsoft.Compute/availabilitySets
 identifier.dnszones=Microsoft.Network/dnszones
+identifier.managedClusters=Microsoft.ContainerService/managedClusters
 identifier.networkInterfaces=Microsoft.Network/networkInterfaces
 identifier.networkSecurityGroups=Microsoft.Network/networkSecurityGroups
 identifier.publicIPAddresses=Microsoft.Network/publicIPAddresses
 identifier.privateEndpoints=Microsoft.Network/privateEndpoints
+identifier.registries=Microsoft.ContainerRegistry/registries
 identifier.storageAccounts=Microsoft.Storage/storageAccounts
 identifier.vaults=Microsoft.KeyVault/vaults
 identifier.virtualNetworks=Microsoft.Network/virtualNetworks
 identifier.virtualMachines=Microsoft.Compute/virtualMachines
 identifier.virtualMachinesExtensions=Virtual machine extension
+identifier.workspaces=Microsoft.OperationalInsights/workspaces
 identifier.deploymentScripts=Microsoft.Resources/deploymentScripts
 identifier.userAssignedIdentities=Microsoft.ManagedIdentity/userAssignedIdentities
 identifier.resourcesDeployment=Microsoft resources deployment

resources/doc/guidance-for-tagging-resource.md

@@ -77,6 +77,36 @@ Incorporate the [Microsoft.Common.TagsByResource UI element](https://learn.micro
 
 Refer to this [pull request](https://github.com/oracle/weblogic-azure/pull/327/) as a guide for how to apply tags to the resource deployments.
 
+Notes:
+
+For AKS, make sure the tag is applied to agent pool and node pool. The whole structure looks like:
+
+```bicep
+resource symbolicname 'Microsoft.ContainerService/managedClusters@2024-06-02-preview' = {
+  name: 'string'
+  location: 'string'
+  tags: {
+    tagName1: 'tagValue1'
+    tagName2: 'tagValue2'
+  }
+
+  ...
+
+  agentPoolProfiles: {
+
+    ...
+
+    tags: {
+        tagName1: 'tagValue1'
+        tagName2: 'tagValue2'
+    }
+  }
+}
+
+```
+
+See [Microsoft.ContainerService managedClusters - Bicep](https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?pivots=deployment-language-bicep) for more information.
+
 ## Step 4: Testing
 
 1. **Create a Test Offer:** Set up a test offer to validate the tagging process.
@@ -156,3 +186,16 @@ Refer to this [pull request](https://github.com/oracle/weblogic-azure/pull/327/)
         }
     ]
     ```
+
+## Step 4: Known issues
+
+The tag is not applied to resources that are not deployed through our template, so we cannot apply tags to them from the template.
+
+Known resources:
+
+- Microsoft.Compute/virtualMachines/extensions
+  - OmsAgentForLinux
+  - MDE.Linux
+- Microsoft.AlertsManagement/prometheusRuleGroups
+- Microsoft.Insights/dataCollectionEndpoints
+- Microsoft.Insights/dataCollectionRules

weblogic-azure-aks/src/main/arm/createUiDefinition.json

@@ -2326,6 +2326,35 @@
                         "visible": "[bool(steps('section_autoScaling').enableAutoscaling)]"
                     }
                 ]
+            },
+            {
+                "name": "tags",
+                "label": "Tags",
+                "elements": [
+                    {
+                        "name": "tagsByResource",
+                        "type": "Microsoft.Common.TagsByResource",
+                        "resources": [
+                            "${identifier.managedClusters}",
+                            "${identifier.applicationGateways}",
+                            "${identifier.registries}",
+                            "${identifier.virtualMachines}",
+                            "${identifier.virtualMachinesExtensions}",
+                            "${identifier.virtualNetworks}",
+                            "${identifier.networkInterfaces}",
+                            "${identifier.networkSecurityGroups}",
+                            "${identifier.publicIPAddresses}",
+                            "${identifier.storageAccounts}",
+                            "${identifier.vaults}",
+                            "${identifier.userAssignedIdentities}",
+                            "${identifier.dnszones}",
+                            "${identifier.workspaces}",
+                            "${identifier.accounts}",
+                            "${identifier.deploymentScripts}"
+                        ],
+                        "toolTip": "Tags help you organize your resources and categorize them for billing or management purposes. You can apply tags to resources deployed by the offer."
+                    }
+                ]
             }
         ],
         "outputs": {
@@ -2425,7 +2454,8 @@
             "wlsImageTag": "[if(equals(steps('section_aks').imageInfo.oracleImageSelector, 'others'), steps('section_aks').imageInfo.fromOracleImage, steps('section_aks').imageInfo.oracleImageSelector)]",
             "wlsJavaOption": "[basics('basicsOptional').wlsJavaOption]",
             "wlsPassword": "[basics('basicsRequired').wlsPassword]",
-            "wlsUserName": "[basics('basicsRequired').wlsUserName]"
+            "wlsUserName": "[basics('basicsRequired').wlsUserName]",
+            "tagsByResource": "[steps('tags').tagsByResource]"
         }
     }
 }

weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh

@@ -115,6 +115,10 @@ function build_docker_image() {
         exit 1
     fi
 
+    echo_stdout "TAG_VM: ${TAG_VM}"
+    export TAG_VM=$(echo "${TAG_VM}" \
+        | jq -r 'to_entries | map("\"" + .key + "\"=" + (if .value|type == "string" then "\"\(.value)\"" else "\(.value)" end)) | join(" ")')
+
     # MICROSOFT_INTERNAL
     # Specify tag 'SkipASMAzSecPack' to skip policy 'linuxazuresecuritypackautodeployiaas_1.6'
     # Specify tag 'SkipNRMS*' to skip Microsoft internal NRMS policy, which causes vm-redeployed issue
@@ -130,17 +134,18 @@ function build_docker_image() {
     --enable-auto-update false \
     --public-ip-address "" \
     --size ${vmSize} \
-    --tags SkipASMAzSecPack=true SkipNRMSCorp=true SkipNRMSDatabricks=true SkipNRMSDB=true SkipNRMSHigh=true SkipNRMSMedium=true SkipNRMSRDPSSH=true SkipNRMSSAW=true SkipNRMSMgmt=true --verbose
+    --tags ${TAG_VM} SkipASMAzSecPack=true SkipNRMSCorp=true SkipNRMSDatabricks=true SkipNRMSDB=true SkipNRMSHigh=true SkipNRMSMedium=true SkipNRMSRDPSSH=true SkipNRMSSAW=true SkipNRMSMgmt=true --verbose
 
     if [[ "${USE_ORACLE_IMAGE,,}" == "${constTrue}" ]]; then
         get_ocr_image_full_path
     else
         wlsImagePath="${USER_PROVIDED_IMAGE_PATH}"
     fi
 
-    echo "wlsImagePath: ${wlsImagePath}"
+    echo_stdout "wlsImagePath: ${wlsImagePath}"
     URL_3RD_DATASOURCE=$(echo $URL_3RD_DATASOURCE | tr -d "\"") # remove " from the string
     URL_3RD_DATASOURCE=$(echo $URL_3RD_DATASOURCE | base64 -w0)
+    # Tag for VM extension is not supported yet, see https://github.com/Azure/azure-cli/issues/14341
     az vm extension set --name CustomScript \
         --extension-instance-name wls-image-script \
         --resource-group ${CURRENT_RESOURCEGROUP_NAME} \
@@ -161,6 +166,7 @@ export script="${BASH_SOURCE[0]}"
 export scriptDir="$(cd "$(dirname "${script}")" && pwd)"
 
 source ${scriptDir}/common.sh
+source ${scriptDir}/utility.sh
 
 export newImageTag=$1
 export acrLoginServer=$2

weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh

@@ -736,7 +736,7 @@ source ${scriptDir}/common.sh
 source ${scriptDir}/utility.sh
 
 export adminServerName="admin-server"
-export azFileShareName="weblogic"
+export azFileShareName=${FILE_SHARE_NAME}
 export exitCode=0
 export kubectlSecretForACR="regsecret"
 export kubectlWDTEncryptionSecret="${WLS_DOMAIN_UID}-runtime-encryption-secret"
@@ -746,7 +746,6 @@ export newImageTag=$(date +%s)
 export operatorName="weblogic-operator"
 # seconds
 export sasTokenValidTime=3600
-export storageFileShareName="weblogic"
 export storageResourceGroup=${CURRENT_RESOURCEGROUP_NAME}
 export sharedPath="/shared"
 export wlsDomainNS="${WLS_DOMAIN_UID}-ns"