diff --git a/cloudmock/aws/mockiam/iaminstanceprofile.go b/cloudmock/aws/mockiam/iaminstanceprofile.go index 8b1f44e605..5c12dde79c 100644 --- a/cloudmock/aws/mockiam/iaminstanceprofile.go +++ b/cloudmock/aws/mockiam/iaminstanceprofile.go @@ -92,6 +92,34 @@ func (m *MockIAM) CreateInstanceProfileRequest(*iam.CreateInstanceProfileInput) panic("Not implemented") } +func (m *MockIAM) TagInstanceProfile(request *iam.TagInstanceProfileInput) (*iam.TagInstanceProfileOutput, error) { + m.mutex.Lock() + defer m.mutex.Unlock() + + klog.Infof("CreateInstanceProfile: %v", request) + + ip := m.InstanceProfiles[aws.StringValue(request.InstanceProfileName)] + if ip == nil { + return nil, fmt.Errorf("InstanceProfile not found") + } + + for _, tag := range request.Tags { + key := *tag.Key + overwritten := false + for _, existingTag := range ip.Tags { + if *existingTag.Key == key { + existingTag.Value = tag.Value + overwritten = true + break + } + } + if !overwritten { + ip.Tags = append(ip.Tags, tag) + } + } + return &iam.TagInstanceProfileOutput{}, nil +} + func (m *MockIAM) AddRoleToInstanceProfile(request *iam.AddRoleToInstanceProfileInput) (*iam.AddRoleToInstanceProfileOutput, error) { m.mutex.Lock() defer m.mutex.Unlock() diff --git a/upup/pkg/fi/cloudup/awstasks/iaminstanceprofile.go b/upup/pkg/fi/cloudup/awstasks/iaminstanceprofile.go index 86b8f20ae5..f01d9c0616 100644 --- a/upup/pkg/fi/cloudup/awstasks/iaminstanceprofile.go +++ b/upup/pkg/fi/cloudup/awstasks/iaminstanceprofile.go @@ -118,7 +118,6 @@ func (_ *IAMInstanceProfile) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *IAM request := &iam.CreateInstanceProfileInput{ InstanceProfileName: e.Name, - Tags: mapToIAMTags(e.Tags), } response, err := t.Cloud.IAM().CreateInstanceProfile(request) @@ -126,6 +125,19 @@ func (_ *IAMInstanceProfile) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *IAM return fmt.Errorf("error creating IAMInstanceProfile: %v", err) } + tagRequest := &iam.TagInstanceProfileInput{ + InstanceProfileName: e.Name, + Tags: mapToIAMTags(e.Tags), + } + _, err = t.Cloud.IAM().TagInstanceProfile(tagRequest) + if err != nil { + if awsup.AWSErrorCode(err) == awsup.AWSErrCodeInvalidAction { + klog.Warningf("Ignoring unsupported IAMInstanceProfile tagging %v", *a.Name) + } else { + return fmt.Errorf("error tagging IAMInstanceProfile: %v", err) + } + } + e.ID = response.InstanceProfile.InstanceProfileId e.Name = response.InstanceProfile.InstanceProfileName } else { @@ -151,14 +163,17 @@ func (_ *IAMInstanceProfile) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *IAM } _, err := t.Cloud.IAM().TagInstanceProfile(tagRequest) if err != nil { - return fmt.Errorf("error tagging IAMInstanceProfile: %v", err) + if awsup.AWSErrorCode(err) == awsup.AWSErrCodeInvalidAction { + klog.Warningf("Ignoring unsupported IAMInstanceProfile tagging %v", *a.Name) + } else { + return fmt.Errorf("error tagging IAMInstanceProfile: %v", err) + } } } } } - // TODO: Should we use path as our tag? - return nil // No tags in IAM + return nil } func (_ *IAMInstanceProfile) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *IAMInstanceProfile) error { diff --git a/upup/pkg/fi/cloudup/awsup/aws_cloud.go b/upup/pkg/fi/cloudup/awsup/aws_cloud.go index 88fde460c2..1ec84d2a25 100644 --- a/upup/pkg/fi/cloudup/awsup/aws_cloud.go +++ b/upup/pkg/fi/cloudup/awsup/aws_cloud.go @@ -115,6 +115,9 @@ const ( WellKnownAccountUbuntu = "099720109477" ) +// AWSErrCodeInvalidAction is returned in AWS partitions that don't support certain actions +const AWSErrCodeInvalidAction = "InvalidAction" + type AWSCloud interface { fi.Cloud CloudFormation() *cloudformation.CloudFormation