-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support adding ResourceManagerTags to GCP resources #1008
feat: support adding ResourceManagerTags to GCP resources #1008
Conversation
Welcome @salasberryfin! |
Hi @salasberryfin. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
ce232ab
to
11d3567
Compare
/test pull-cluster-api-provider-gcp-verify |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A quick review, mostly just nits.
I'll take a proper look and look at the verification failure later today/tomorrow
11d3567
to
71e33e5
Compare
I addressed some of the comments but my changes broke something. I'll be fixing it and updating the code as soon as possible. |
0a90467
to
c0eb2c2
Compare
Hopefully I addressed all comments and CI issues with the last commit 🙂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work on this @salasberryfin .
Lets find some time to chat about this
cloud/scope/machine.go
Outdated
@@ -338,6 +338,9 @@ func (m *MachineScope) InstanceSpec(log logr.Logger) *compute.Instance { | |||
m.ClusterGetter.Name(), | |||
), | |||
}, | |||
Params: &compute.InstanceParams{ | |||
ResourceManagerTags: infrav1.AddResourceManagerTags(context.TODO(), m.GCPMachine.Spec.ResourceManagerTags), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably capture the additional permissions required in the docs somewhere:
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think, TagUser role should be enough since listing tags and creating tag bindings are the operations implementation is dependent on.
fae628a
to
430be9f
Compare
Last change moves tag related functions to |
430be9f
to
48f508f
Compare
|
48f508f
to
c58badf
Compare
c58badf
to
6292a28
Compare
This is only adding optional API fields so: /override pull-cluster-api-provider-gcp-apidiff |
@richardcase: Overrode contexts on behalf of richardcase: pull-cluster-api-provider-gcp-apidiff In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Thanks for the hard work on this @salasberryfin. I have created #1053 as a follow-up to add E2E test coverage for this feature. From my side: /lgtm For final approval: /assign cpanato |
Thanks @richardcase. I'll be happy to work on #1053 as well. |
Signed-off-by: Carlos Salas <[email protected]>
6292a28
to
2b58598
Compare
Like before: /override pull-cluster-api-provider-gcp-apidiff |
@richardcase: Overrode contexts on behalf of richardcase: pull-cluster-api-provider-gcp-apidiff In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Thanks @salasberryfin /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: richardcase, salasberryfin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
kind/feature
What this PR does / why we need it
This PR allows users to bind tags to GCP resources, including Compute Instances, GKE clusters and attached disks. As described in the original issue #992, Tags are used for defining IAM policy conditions, Organization conditionals policies and integrating with Cloud billing for cost management, which are not supported by labels.
Which issue(s) this PR fixes
Fixes #992
Special notes for your reviewer
With this solution, users are able to bind resource-manager tags to infrastructure resources. The Tag Key/Tag Value must already exist in GCP and CAPG converts the provided list of key/value (
resourceManagerTags
) into the unique IDs generated by GCP. For any tags that cannot be retrieved (whether it is a permission issue or the tags don't exist), an empty value will be returned, effectively ignoring the key/value pair. Any other valid tags will be added.This is an example of how a simple tag could be added to the yaml definition:
TODOs:
Release note: