Allow adding app server labels from join token for install.sh

gravitational · Jan 3, 2025 · b22aad1 · b22aad1
1 parent b455a90
commit b22aad1
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/lib/web/join_tokens.go b/lib/web/join_tokens.go
@@ -630,13 +630,20 @@ func getJoinScript(ctx context.Context, settings scriptSettings, m nodeAPIGetter
 	var buf bytes.Buffer
 	// If app install mode is requested but parameters are blank for some reason,
 	// we need to return an error.
+	var appServerResourceLabels []string
 	if settings.appInstallMode {
 		if errs := validation.IsDNS1035Label(settings.appName); len(errs) > 0 {
 			return "", trace.BadParameter("appName %q must be a valid DNS subdomain: https://goteleport.com/docs/application-access/guides/connecting-apps/#application-name", settings.appName)
 		}
 		if !appURIPattern.MatchString(settings.appURI) {
 			return "", trace.BadParameter("appURI %q contains invalid characters", settings.appURI)
 		}
+
+		suggestedLabels := token.GetSuggestedLabels()
+		appServerResourceLabels, err = scripts.MarshalLabelsYAML(suggestedLabels, 6)
+		if err != nil {
+			return "", trace.Wrap(err)
+		}
 	}
 
 	if settings.discoveryInstallMode {
@@ -694,6 +701,7 @@ func getJoinScript(ctx context.Context, settings scriptSettings, m nodeAPIGetter
 		"db_service_resource_labels": dbServiceResourceLabels,
 		"discoveryInstallMode":       settings.discoveryInstallMode,
 		"discoveryGroup":             shsprintf.EscapeDefaultContext(settings.discoveryGroup),
+		"appServerResourceLabels":    appServerResourceLabels,
 	})
 	if err != nil {
 		return "", trace.Wrap(err)

diff --git a/lib/web/join_tokens_test.go b/lib/web/join_tokens_test.go
@@ -695,6 +695,18 @@ func TestGetNodeJoinScript(t *testing.T) {
 				require.Contains(t, script, fmt.Sprintf("%s=%s", types.InternalResourceIDLabel, internalResourceID))
 			},
 		},
+		{
+			desc:      "app server labels",
+			settings:  scriptSettings{token: validToken, appInstallMode: true, appName: "app-name", appURI: "app-uri"},
+			errAssert: require.NoError,
+			extraAssertions: func(script string) {
+				require.Contains(t, script, `APP_NAME='app-name'`)
+				require.Contains(t, script, `APP_URI='app-uri'`)
+				require.Contains(t, script, `public_addr`)
+				require.Contains(t, script, `    labels:`)
+				require.Contains(t, script, fmt.Sprintf("%s=%s", types.InternalResourceIDLabel, internalResourceID))
+			},
+		},
 	} {
 		t.Run(test.desc, func(t *testing.T) {
 			script, err := getJoinScript(context.Background(), test.settings, m)

diff --git a/lib/web/scripts/node-join/install.sh b/lib/web/scripts/node-join/install.sh
@@ -463,6 +463,9 @@ app_service:
   - name: "${APP_NAME}"
     uri: "${APP_URI}"
     public_addr: ${APP_PUBLIC_ADDR}
+    labels:{{range $index, $line := .appServerResourceLabels}}
+        {{$line -}}
+{{end}}
 EOF
 }
 # installs the provided teleport config (for database service)