feat: support adding resource manager tags to gcp resources

Signed-off-by: Carlos Salas <[email protected]>

api/v1alpha4/gcpcluster_conversion.go

@@ -52,6 +52,10 @@ func (src *GCPCluster) ConvertTo(dstRaw conversion.Hub) error { // nolint
 		dst.Spec.CredentialsRef = restored.Spec.CredentialsRef.DeepCopy()
 	}
 
+	for _, restoredTag := range restored.Spec.ResourceManagerTags {
+		dst.Spec.ResourceManagerTags = append(dst.Spec.ResourceManagerTags, *restoredTag.DeepCopy())
+	}
+
 	return nil
 }
 

api/v1alpha4/gcpclustertemplate_conversion.go

@@ -54,6 +54,10 @@ func (src *GCPClusterTemplate) ConvertTo(dstRaw conversion.Hub) error { // nolin
 		dst.Spec.Template.Spec.CredentialsRef = restored.Spec.Template.Spec.CredentialsRef.DeepCopy()
 	}
 
+	for _, restoredTag := range restored.Spec.Template.Spec.ResourceManagerTags {
+		dst.Spec.Template.Spec.ResourceManagerTags = append(dst.Spec.Template.Spec.ResourceManagerTags, *restoredTag.DeepCopy())
+	}
+
 	return nil
 }
 

api/v1alpha4/gcpmachine_conversion.go

@@ -53,6 +53,10 @@ func (src *GCPMachine) ConvertTo(dstRaw conversion.Hub) error { // nolint
 		dst.Spec.ConfidentialCompute = restored.Spec.ConfidentialCompute
 	}
 
+	if restored.Spec.ResourceManagerTags != nil {
+		dst.Spec.ResourceManagerTags = restored.Spec.ResourceManagerTags
+	}
+
 	return nil
 }
 

api/v1alpha4/gcpmachinetemplate_conversion.go

@@ -54,6 +54,10 @@ func (src *GCPMachineTemplate) ConvertTo(dstRaw conversion.Hub) error { // nolin
 		dst.Spec.Template.Spec.ConfidentialCompute = restored.Spec.Template.Spec.ConfidentialCompute
 	}
 
+	if restored.Spec.Template.Spec.ResourceManagerTags != nil {
+		dst.Spec.Template.Spec.ResourceManagerTags = restored.Spec.Template.Spec.ResourceManagerTags
+	}
+
 	return nil
 }
 

api/v1beta1/gcpcluster_types.go

@@ -54,6 +54,12 @@ type GCPClusterSpec struct {
 	// +optional
 	AdditionalLabels Labels `json:"additionalLabels,omitempty"`
 
+	// ResourceManagerTags is an optional set of tags to apply to GCP resources managed
+	// by the GCP provider. GCP supports a maximum of 50 tags per resource.
+	// +maxItems=50
+	// +optional
+	ResourceManagerTags ResourceManagerTags `json:"resourceManagerTags,omitempty"`
+
 	// CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not
 	// supplied then the credentials of the controller will be used.
 	// +optional

api/v1beta1/gcpmachine_types.go

@@ -197,6 +197,12 @@ type GCPMachineSpec struct {
 	// +optional
 	AdditionalNetworkTags []string `json:"additionalNetworkTags,omitempty"`
 
+	// ResourceManagerTags is an optional set of tags to apply to GCP resources managed
+	// by the GCP provider. GCP supports a maximum of 50 tags per resource.
+	// +maxItems=50
+	// +optional
+	ResourceManagerTags ResourceManagerTags `json:"resourceManagerTags,omitempty"`
+
 	// RootDeviceSize is the size of the root volume in GB.
 	// Defaults to 30.
 	// +optional

api/v1beta1/tags.go

@@ -0,0 +1,157 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"context"
+	"fmt"
+
+	resourcemanager "cloud.google.com/go/resourcemanager/apiv3"
+	rmpb "cloud.google.com/go/resourcemanager/apiv3/resourcemanagerpb"
+	"google.golang.org/api/option"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+// ResourceManagerTags is an slice of ResourceManagerTag structs.
+type ResourceManagerTags []ResourceManagerTag
+
+// ResourceManagerTagsMap defines a map of key value pairs as expected by compute.InstanceParams.ResourceManagerTags.
+type ResourceManagerTagsMap map[string]string
+
+// ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider.
+type ResourceManagerTag struct {
+	// ParentID is the ID of the hierarchical resource where the tags are defined
+	// e.g. at the Organization or the Project level. To find the Organization or Project ID ref
+	// https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id
+	// https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects
+	// An OrganizationID must consist of decimal numbers, and cannot have leading zeroes.
+	// A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters,
+	// numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=32
+	// +kubebuilder:validation:Pattern=`(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)`
+	ParentID string `json:"parentID"`
+
+	// Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot
+	// be empty. Tag key must begin and end with an alphanumeric character, and must contain
+	// only uppercase, lowercase alphanumeric characters, and the following special
+	// characters `._-`.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$`
+	Key string `json:"key"`
+
+	// Value is the value part of the tag. A tag value can have a maximum of 63 characters and
+	// cannot be empty. Tag value must begin and end with an alphanumeric character, and must
+	// contain only uppercase, lowercase alphanumeric characters, and the following special
+	// characters `_-.@%=+:,*#&(){}[]` and spaces.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$`
+	Value string `json:"value"`
+}
+
+// Merge merges resource manager tags in receiver and other.
+func (t *ResourceManagerTags) Merge(other ResourceManagerTags) {
+	*t = append(*t, other...)
+}
+
+// Bind creates a TagBinding between a TagValue and a Google Cloud resource.
+// If any of the SDK calls fail, the error is logged and no action is taken.
+func (t ResourceManagerTags) Bind(ctx context.Context, location, name string) {
+	log := log.FromContext(ctx)
+	endpoint := fmt.Sprintf("%s-cloudresourcemanager.googleapis.com:443", location)
+	c, err := resourcemanager.NewTagBindingsClient(
+		ctx,
+		option.WithEndpoint(endpoint),
+	)
+	if err != nil {
+		log.Error(err, "failed to create tag binding client")
+		return
+	}
+	defer c.Close()
+
+	for _, tag := range t {
+		tagValue, err := getTagValues(ctx, tag)
+		if err != nil {
+			log.Error(err, "failed to retrieve tag value")
+			return
+		}
+		req := &rmpb.CreateTagBindingRequest{
+			TagBinding: &rmpb.TagBinding{
+				Parent:   fmt.Sprintf("//container.googleapis.com/projects/%s/locations/%s/clusters/%s", tag.ParentID, location, name),
+				TagValue: tagValue.Name,
+			},
+		}
+		op, err := c.CreateTagBinding(ctx, req)
+		if err != nil {
+			log.Error(err, "failed to create tag binding")
+			return
+		}
+
+		_, err = op.Wait(ctx)
+		if err != nil {
+			log.Error(err, "tag binding operation failed")
+			return
+		}
+	}
+}
+
+// Convert converts the passed resource-manager tags to a GCP API valid format.
+// Tag keys and Tag Values will be created by the user and only the Tag bindings to the Compute Instance will be
+// handled by CAPG. If the Tag Key/Tag Value cannot be retrieved or no tags are provided, this will be empty and no tags will be added.
+func (t ResourceManagerTags) Convert(ctx context.Context) ResourceManagerTagsMap {
+	tagValueList := make(ResourceManagerTagsMap, len(t))
+	log := log.FromContext(ctx)
+	if len(t) == 0 {
+		return tagValueList
+	}
+
+	for _, tag := range t {
+		tagValue, err := getTagValues(ctx, tag)
+		if err != nil {
+			log.Error(err, "failed to retrieve tag value")
+			continue
+		}
+		tagValueList[tagValue.Parent] = tagValue.Name
+	}
+
+	return tagValueList
+}
+
+func getTagValues(ctx context.Context, tag ResourceManagerTag) (*rmpb.TagValue, error) {
+	log := log.FromContext(ctx)
+	client, err := resourcemanager.NewTagValuesClient(ctx)
+	if err != nil {
+		log.Error(err, "failed to create tag values client")
+		return &rmpb.TagValue{}, err
+	}
+	defer client.Close()
+
+	req := &rmpb.GetNamespacedTagValueRequest{
+		Name: fmt.Sprintf("%s/%s/%s", tag.ParentID, tag.Key, tag.Value),
+	}
+	tagValue, err := client.GetNamespacedTagValue(ctx, req)
+	if err != nil {
+		return &rmpb.TagValue{}, err
+	}
+
+	return tagValue, nil
+}

cloud/interfaces.go

@@ -60,6 +60,7 @@ type ClusterGetter interface {
 	AdditionalLabels() infrav1.Labels
 	FailureDomains() clusterv1.FailureDomains
 	ControlPlaneEndpoint() clusterv1.APIEndpoint
+	ResourceManagerTags() infrav1.ResourceManagerTags
 }
 
 // ClusterSetter is an interface which can set cluster information.

cloud/scope/cluster.go

@@ -130,6 +130,15 @@ func (s *ClusterScope) AdditionalLabels() infrav1.Labels {
 	return s.GCPCluster.Spec.AdditionalLabels
 }
 
+// ResourceManagerTags returns ResourceManagerTags from the scope's GCPCluster. The returned value will never be nil.
+func (s *ClusterScope) ResourceManagerTags() infrav1.ResourceManagerTags {
+	if len(s.GCPCluster.Spec.ResourceManagerTags) == 0 {
+		s.GCPCluster.Spec.ResourceManagerTags = infrav1.ResourceManagerTags{}
+	}
+
+	return s.GCPCluster.Spec.ResourceManagerTags.DeepCopy()
+}
+
 // ControlPlaneEndpoint returns the cluster control-plane endpoint.
 func (s *ClusterScope) ControlPlaneEndpoint() clusterv1.APIEndpoint {
 	endpoint := s.GCPCluster.Spec.ControlPlaneEndpoint