Use tags for UID and role parsing (#242)

* Apply tags to all applicable GCP resources * Move GCP UID and role from VM metadata to labels * Adjust Azure tags to be in line with GCP and AWS * Dont rely on resource name to find resources Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-11-13 09:00:38 -05:00 · 2022-10-24 16:58:21 +02:00 · 2022-10-24 16:58:21 +02:00 · b35b74b772
commit b35b74b772
parent c2814aeddb
34 changed files with 344 additions and 360 deletions
--- a/internal/cloud/azure/imds.go
+++ b/internal/cloud/azure/imds.go
@ -15,6 +15,7 @@ import (
 	"net/http"
 	"time"

+	"github.com/edgelesssys/constellation/v2/internal/cloud"
 	"github.com/edgelesssys/constellation/v2/internal/role"
 )

@ -91,7 +92,7 @@ func (c *imdsClient) UID(ctx context.Context) (string, error) {
 	}

 	for _, tag := range c.cache.Compute.Tags {
-		if tag.Name == "constellation-uid" {
+		if tag.Name == cloud.TagUID {
 			return tag.Value, nil
 		}
 	}
@ -107,7 +108,7 @@ func (c *imdsClient) Role(ctx context.Context) (role.Role, error) {
 	}

 	for _, tag := range c.cache.Compute.Tags {
-		if tag.Name == "role" {
+		if tag.Name == cloud.TagRole {
 			return role.FromString(tag.Value), nil
 		}
 	}
--- a/internal/cloud/azure/imds_test.go
+++ b/internal/cloud/azure/imds_test.go
@ -15,6 +15,7 @@ import (
 	"net/http/httptest"
 	"testing"

+	"github.com/edgelesssys/constellation/v2/internal/cloud"
 	"github.com/edgelesssys/constellation/v2/internal/role"
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/grpc/test/bufconn"
@ -22,8 +23,8 @@ import (

 func TestIMDSClient(t *testing.T) {
 	uidTags := []metadataTag{
-		{Name: "constellation-uid", Value: "uid"},
-		{Name: "role", Value: "worker"},
+		{Name: cloud.TagUID, Value: "uid"},
+		{Name: cloud.TagRole, Value: "worker"},
 	}
 	response := metadataResponse{
 		Compute: metadataResponseCompute{
@ -48,14 +49,14 @@ func TestIMDSClient(t *testing.T) {
 		Compute: metadataResponseCompute{
 			ResourceID:    "resource-id",
 			ResourceGroup: "resource-group",
-			Tags:          []metadataTag{{Name: "role", Value: "worker"}},
+			Tags:          []metadataTag{{Name: cloud.TagRole, Value: "worker"}},
 		},
 	}
 	responseWithoutRole := metadataResponse{
 		Compute: metadataResponseCompute{
 			ResourceID:    "resource-id",
 			ResourceGroup: "resource-group",
-			Tags:          []metadataTag{{Name: "constellation-uid", Value: "uid"}},
+			Tags:          []metadataTag{{Name: cloud.TagUID, Value: "uid"}},
 		},
 	}

--- a/internal/cloud/azure/metadata.go
+++ b/internal/cloud/azure/metadata.go
@ -17,6 +17,7 @@ import (
 	armcomputev2 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v2"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
+	"github.com/edgelesssys/constellation/v2/internal/cloud"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
 )

@ -301,7 +302,7 @@ func (m *Metadata) getAppInsights(ctx context.Context) (*armapplicationinsights.
 				continue
 			}

-			tag, ok := component.Tags["constellation-uid"]
+			tag, ok := component.Tags[cloud.TagUID]
 			if !ok || tag == nil {
 				continue
 			}
--- a/internal/cloud/azure/metadata_test.go
+++ b/internal/cloud/azure/metadata_test.go
@ -14,6 +14,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	armcomputev2 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v2"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
+	"github.com/edgelesssys/constellation/v2/internal/cloud"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
 	"github.com/edgelesssys/constellation/v2/internal/role"
 	"github.com/stretchr/testify/assert"
@ -654,8 +655,8 @@ func newScaleSetsStub() *stubScaleSetsAPI {
 			list: []armcomputev2.VirtualMachineScaleSet{{
 				Name: to.Ptr("scale-set-name"),
 				Tags: map[string]*string{
-					"constellation-uid": to.Ptr("uid"),
-					"role":              to.Ptr("worker"),
+					cloud.TagUID:  to.Ptr("uid"),
+					cloud.TagRole: to.Ptr("worker"),
 				},
 			}},
 		},
@ -691,8 +692,8 @@ func newVirtualMachineScaleSetsVMsStub() *stubVirtualMachineScaleSetVMsAPI {
 				},
 			},
 			Tags: map[string]*string{
-				"constellation-uid": to.Ptr("uid"),
-				"role":              to.Ptr("worker"),
+				cloud.TagUID:  to.Ptr("uid"),
+				cloud.TagRole: to.Ptr("worker"),
 			},
 		},
 		pager: &stubVirtualMachineScaleSetVMPager{
@ -724,8 +725,8 @@ func newVirtualMachineScaleSetsVMsStub() *stubVirtualMachineScaleSetVMsAPI {
 						},
 					},
 					Tags: map[string]*string{
-						"constellation-uid": to.Ptr("uid"),
-						"role":              to.Ptr("worker"),
+						cloud.TagUID:  to.Ptr("uid"),
+						cloud.TagRole: to.Ptr("worker"),
 					},
 				},
 			},
--- a/internal/cloud/azure/scaleset.go
+++ b/internal/cloud/azure/scaleset.go
@ -16,6 +16,7 @@ import (
 	armcomputev2 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v2"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
 	"github.com/edgelesssys/constellation/v2/internal/azureshared"
+	"github.com/edgelesssys/constellation/v2/internal/cloud"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
 	"github.com/edgelesssys/constellation/v2/internal/role"
 )
@ -117,7 +118,7 @@ func extractScaleSetVMRole(tags map[string]*string) role.Role {
 	if tags == nil {
 		return role.Unknown
 	}
-	roleStr, ok := tags["role"]
+	roleStr, ok := tags[cloud.TagRole]
 	if !ok {
 		return role.Unknown
 	}
--- a/internal/cloud/azure/scaleset_test.go
+++ b/internal/cloud/azure/scaleset_test.go
@ -14,6 +14,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	armcomputev2 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v2"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
+	"github.com/edgelesssys/constellation/v2/internal/cloud"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
 	"github.com/edgelesssys/constellation/v2/internal/role"
 	"github.com/stretchr/testify/assert"
@ -223,15 +224,15 @@ func TestExtractScaleSetVMRole(t *testing.T) {
 		wantRole role.Role
 	}{
 		"control-plane role": {
-			tags:     map[string]*string{"role": to.Ptr("control-plane")},
+			tags:     map[string]*string{cloud.TagRole: to.Ptr("control-plane")},
 			wantRole: role.ControlPlane,
 		},
 		"worker role": {
-			tags:     map[string]*string{"role": to.Ptr("worker")},
+			tags:     map[string]*string{cloud.TagRole: to.Ptr("worker")},
 			wantRole: role.Worker,
 		},
 		"unknown role": {
-			tags:     map[string]*string{"role": to.Ptr("foo")},
+			tags:     map[string]*string{cloud.TagRole: to.Ptr("foo")},
 			wantRole: role.Unknown,
 		},
 		"no role": {
@ -239,7 +240,7 @@ func TestExtractScaleSetVMRole(t *testing.T) {
 			wantRole: role.Unknown,
 		},
 		"nil role": {
-			tags:     map[string]*string{"role": nil},
+			tags:     map[string]*string{cloud.TagRole: nil},
 			wantRole: role.Unknown,
 		},
 		"nil tags": {
@ -280,7 +281,7 @@ func newListContainingNilScaleSetVirtualMachinesStub() *stubVirtualMachineScaleS
 					ID:         to.Ptr("/subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/scale-set-name/virtualMachines/instance-id"),
 					InstanceID: to.Ptr("instance-id"),
 					Tags: map[string]*string{
-						"role": to.Ptr("worker"),
+						cloud.TagRole: to.Ptr("worker"),
 					},
 					Properties: &armcomputev2.VirtualMachineScaleSetVMProperties{
 						NetworkProfile: &armcomputev2.NetworkProfile{