diff --git a/pkg/model/awsmodel/api_loadbalancer.go b/pkg/model/awsmodel/api_loadbalancer.go index abd9a2c91e..f1cbe87873 100644 --- a/pkg/model/awsmodel/api_loadbalancer.go +++ b/pkg/model/awsmodel/api_loadbalancer.go @@ -151,6 +151,7 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error { Description: s("Security group for api ELB"), RemoveExtraRules: []string{"port=443"}, } + t.Tags = b.CloudTags(*t.Name, false) c.AddTask(t) } diff --git a/pkg/model/bastion.go b/pkg/model/bastion.go index 5d6f4dd75c..f5a0b86f1a 100644 --- a/pkg/model/bastion.go +++ b/pkg/model/bastion.go @@ -64,6 +64,7 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { Description: s("Security group for bastion"), RemoveExtraRules: []string{"port=22"}, } + t.Tags = b.CloudTags(*t.Name, false) c.AddTask(t) } @@ -136,6 +137,7 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { Description: s("Security group for bastion ELB"), RemoveExtraRules: []string{"port=22"}, } + t.Tags = b.CloudTags(*t.Name, false) c.AddTask(t) } diff --git a/pkg/model/firewall.go b/pkg/model/firewall.go index 3010d057f7..9d554fc5f4 100644 --- a/pkg/model/firewall.go +++ b/pkg/model/firewall.go @@ -60,6 +60,7 @@ func (b *FirewallModelBuilder) buildNodeRules(c *fi.ModelBuilderContext) error { Description: s("Security group for nodes"), RemoveExtraRules: []string{"port=22"}, } + t.Tags = b.CloudTags(*t.Name, false) c.AddTask(t) } @@ -333,6 +334,7 @@ func (b *FirewallModelBuilder) buildMasterRules(c *fi.ModelBuilderContext) error // TODO: Protocol 4 for calico }, } + t.Tags = b.CloudTags(*t.Name, false) c.AddTask(t) } diff --git a/upup/pkg/fi/cloudup/awstasks/securitygroup.go b/upup/pkg/fi/cloudup/awstasks/securitygroup.go index 9cf0a8fdd5..a468b17c4e 100644 --- a/upup/pkg/fi/cloudup/awstasks/securitygroup.go +++ b/upup/pkg/fi/cloudup/awstasks/securitygroup.go @@ -43,6 +43,8 @@ type SecurityGroup struct { // Shared is set if this is a shared security group (one we don't create or own) Shared *bool + + Tags map[string]string } var _ fi.CompareWithID = &SecurityGroup{} @@ -74,6 +76,7 @@ func (e *SecurityGroup) Find(c *fi.Context) (*SecurityGroup, error) { Name: sg.GroupName, Description: sg.Description, VPC: &VPC{ID: sg.VpcId}, + Tags: intersectTags(sg.Tags, e.Tags), } glog.V(2).Infof("found matching SecurityGroup %q", *actual.ID) @@ -180,7 +183,7 @@ func (_ *SecurityGroup) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *Security e.ID = response.GroupId } - return t.AddAWSTags(*e.ID, t.Cloud.BuildTags(e.Name)) + return t.AddAWSTags(*e.ID, e.Tags) } type terraformSecurityGroup struct { @@ -191,8 +194,6 @@ type terraformSecurityGroup struct { } func (_ *SecurityGroup) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *SecurityGroup) error { - cloud := t.Cloud.(awsup.AWSCloud) - shared := fi.BoolValue(e.Shared) if shared { // Not terraform owned / managed @@ -203,7 +204,7 @@ func (_ *SecurityGroup) RenderTerraform(t *terraform.TerraformTarget, a, e, chan Name: e.Name, VPCID: e.VPC.TerraformLink(), Description: e.Description, - Tags: cloud.BuildTags(e.Name), + Tags: e.Tags, } return t.RenderResource("aws_security_group", *e.Name, tf) @@ -237,13 +238,11 @@ func (_ *SecurityGroup) RenderCloudformation(t *cloudformation.CloudformationTar return nil } - cloud := t.Cloud.(awsup.AWSCloud) - tf := &cloudformationSecurityGroup{ //Name: e.Name, VpcId: e.VPC.CloudformationLink(), Description: e.Description, - Tags: buildCloudformationTags(cloud.BuildTags(e.Name)), + Tags: buildCloudformationTags(e.Tags), } return t.RenderResource("AWS::EC2::SecurityGroup", *e.Name, tf) diff --git a/upup/pkg/fi/cloudup/awstasks/securitygroup_test.go b/upup/pkg/fi/cloudup/awstasks/securitygroup_test.go index c3b9564856..e51cd45cd4 100644 --- a/upup/pkg/fi/cloudup/awstasks/securitygroup_test.go +++ b/upup/pkg/fi/cloudup/awstasks/securitygroup_test.go @@ -109,6 +109,7 @@ func TestSecurityGroupCreate(t *testing.T) { Name: s("sg1"), Description: s("Description"), VPC: vpc1, + Tags: map[string]string{"Name": "sg1"}, } return map[string]fi.Task{