[release-4.7] Bug 1955176: Setting user provided tags on bucket creation

go.mod

@@ -3,13 +3,13 @@ module github.com/openshift/cluster-image-registry-operator
 go 1.13
 
 require (
-	cloud.google.com/go/storage v1.0.0
+	cloud.google.com/go/storage v1.6.0
 	github.com/Azure/azure-pipeline-go v0.2.2
 	github.com/Azure/azure-sdk-for-go v30.1.0+incompatible
 	github.com/Azure/azure-storage-blob-go v0.7.0
-	github.com/Azure/go-autorest/autorest v0.9.6
+	github.com/Azure/go-autorest/autorest v0.11.1
 	github.com/Azure/go-autorest/autorest/azure/auth v0.4.2
-	github.com/Azure/go-autorest/autorest/mocks v0.3.0
+	github.com/Azure/go-autorest/autorest/mocks v0.4.1
 	github.com/Azure/go-autorest/autorest/to v0.3.0
 	github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
@@ -23,18 +23,17 @@ require (
 	github.com/go-logr/logr v0.3.0 // indirect
 	github.com/go-openapi/spec v0.19.5 // indirect
 	github.com/go-openapi/swag v0.19.6 // indirect
-	github.com/google/go-cmp v0.4.0
+	github.com/google/go-cmp v0.5.2
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/uuid v1.1.1
+	github.com/google/uuid v1.1.2
 	github.com/gophercloud/gophercloud v0.11.1-0.20200607170258-326e5f9d72d8
 	github.com/gophercloud/utils v0.0.0-20190527093828-25f1b77b8c03
-	github.com/gorilla/websocket v1.4.1 // indirect
 	github.com/goware/urlx v0.3.1
 	github.com/grpc-ecosystem/go-grpc-middleware v1.1.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.3 // indirect
 	github.com/imdario/mergo v0.3.8 // indirect
 	github.com/onsi/gomega v1.7.1 // indirect
-	github.com/openshift/api v0.0.0-20201117184740-859beeffd973
+	github.com/openshift/api v0.0.0-20210428205234-a8389931bee7
 	github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab
 	github.com/openshift/client-go v0.0.0-20200729195840-c2b1adc6bed6
 	github.com/openshift/installer v0.9.0-master.0.20190726121806-6e8f9c335410
@@ -47,15 +46,15 @@ require (
 	go.uber.org/multierr v1.4.0 // indirect
 	go.uber.org/zap v1.13.0 // indirect
 	golang.org/x/net v0.0.0-20201110031124-69a78807bb2b
-	golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	golang.org/x/text v0.3.4 // indirect
-	google.golang.org/api v0.15.0
+	google.golang.org/api v0.20.0
 	gopkg.in/yaml.v2 v2.3.0
-	k8s.io/api v0.19.4
-	k8s.io/apimachinery v0.19.4
-	k8s.io/apiserver v0.19.0 // indirect
-	k8s.io/client-go v0.19.0
+	k8s.io/api v0.20.0
+	k8s.io/apimachinery v0.20.0
+	k8s.io/apiserver v0.20.0 // indirect
+	k8s.io/client-go v0.20.0
 	k8s.io/klog/v2 v2.4.0
-	k8s.io/utils v0.0.0-20200729134348-d5654de09c73
+	k8s.io/utils v0.0.0-20201110183641-67b214c5f920
 	sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect
 )

pkg/storage/s3/s3.go

@@ -24,6 +24,7 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/klog/v2"
 
 	configapiv1 "github.com/openshift/api/config/v1"
 	imageregistryv1 "github.com/openshift/api/imageregistry/v1"
@@ -472,6 +473,8 @@ func (d *driver) CreateStorage(cr *imageregistryv1.Config) error {
 		}
 
 	}
+
+	bucketCreatedByOperator := false
 	if len(d.Config.Bucket) != 0 && bucketExists {
 		if cr.Spec.Storage.ManagementState == "" {
 			cr.Spec.Storage.ManagementState = imageregistryv1.StorageManagementStateUnmanaged
@@ -521,7 +524,7 @@ func (d *driver) CreateStorage(cr *imageregistryv1.Config) error {
 				S3: d.Config.DeepCopy(),
 			}
 			cr.Spec.Storage.S3 = d.Config.DeepCopy()
-
+			bucketCreatedByOperator = true
 			util.UpdateCondition(cr, defaults.StorageExists, operatorapi.ConditionTrue, "Creation Successful", "S3 bucket was successfully created")
 
 			break
@@ -574,20 +577,38 @@ func (d *driver) CreateStorage(cr *imageregistryv1.Config) error {
 	// Tag the bucket with the openshiftClusterID
 	// along with any user defined tags from the cluster configuration
 	if cr.Spec.Storage.ManagementState == imageregistryv1.StorageManagementStateManaged {
+		klog.Info("setting aws bucket tags")
+
+		tagset := []*s3.Tag{
+			{
+				Key:   aws.String("kubernetes.io/cluster/" + infra.Status.InfrastructureName),
+				Value: aws.String("owned"),
+			},
+			{
+				Key:   aws.String("Name"),
+				Value: aws.String(infra.Status.InfrastructureName + "-image-registry"),
+			},
+		}
+
+		// at this stage we are not keeping user tags in sync. as per enhancement proposal
+		// we only set user provided tags when we created the bucket.
+		hasAWSStatus := infra.Status.PlatformStatus != nil && infra.Status.PlatformStatus.AWS != nil
+		if bucketCreatedByOperator && hasAWSStatus {
+			klog.Infof("user provided %d tags", len(infra.Status.PlatformStatus.AWS.ResourceTags))
+			for _, tag := range infra.Status.PlatformStatus.AWS.ResourceTags {
+				klog.Infof("user provided bucket tag: %s: %s", tag.Key, tag.Value)
+				tagset = append(tagset, &s3.Tag{
+					Key:   aws.String(tag.Key),
+					Value: aws.String(tag.Value),
+				})
+			}
+		}
+		klog.V(5).Infof("tagging bucket with tags: %+v", tagset)
+
 		_, err := svc.PutBucketTaggingWithContext(d.Context, &s3.PutBucketTaggingInput{
 			Bucket: aws.String(d.Config.Bucket),
 			Tagging: &s3.Tagging{
-
-				TagSet: []*s3.Tag{
-					{
-						Key:   aws.String("kubernetes.io/cluster/" + infra.Status.InfrastructureName),
-						Value: aws.String("owned"),
-					},
-					{
-						Key:   aws.String("Name"),
-						Value: aws.String(infra.Status.InfrastructureName + "-image-registry"),
-					},
-				},
+				TagSet: tagset,
 			},
 		})
 		if err != nil {
@@ -599,6 +620,8 @@ func (d *driver) CreateStorage(cr *imageregistryv1.Config) error {
 		} else {
 			util.UpdateCondition(cr, defaults.StorageTagged, operatorapi.ConditionTrue, "Tagging Successful", "Tags were successfully applied to the S3 bucket")
 		}
+	} else {
+		klog.Info("ignoring bucket tags, storage is not managed")
 	}
 
 	// Enable default encryption on the bucket