Add Resource Tags (#132)

.golangci.yaml

@@ -21,6 +21,8 @@ linters:
   - goconst
   - perfsprint
   - mnd
+  - exportloopref
+  - execinquery
 linters-settings:
   gci:
     sections:

charts/identity/Chart.yaml

@@ -4,8 +4,8 @@ description: A Helm chart for deploying Unikorn's IdP
 
 type: application
 
-version: v0.2.44
-appVersion: v0.2.44
+version: v0.2.45
+appVersion: v0.2.45
 
 icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png
 

charts/identity/crds/identity.unikorn-cloud.org_groups.yaml

@@ -60,6 +60,22 @@ spec:
                 items:
                   type: string
                 type: array
+              tags:
+                description: Tags are aribrary user data.
+                items:
+                  description: Tag is an arbirary key/value.
+                  properties:
+                    name:
+                      description: Name of the tag.
+                      type: string
+                    value:
+                      description: Value of the tag.
+                      type: string
+                  required:
+                  - name
+                  - value
+                  type: object
+                type: array
               users:
                 description: Users are a list of user names that are members of the
                   group.

charts/identity/crds/identity.unikorn-cloud.org_oauth2clients.yaml

@@ -58,6 +58,22 @@ spec:
               redirectUri:
                 description: RedirectURI is the URI to pass control back to the client.
                 type: string
+              tags:
+                description: Tags are aribrary user data.
+                items:
+                  description: Tag is an arbirary key/value.
+                  properties:
+                    name:
+                      description: Name of the tag.
+                      type: string
+                    value:
+                      description: Value of the tag.
+                      type: string
+                  required:
+                  - name
+                  - value
+                  type: object
+                type: array
             required:
             - redirectUri
             type: object

charts/identity/crds/identity.unikorn-cloud.org_oauth2providers.yaml

@@ -68,6 +68,22 @@ spec:
                   OIDC discovery endpoint e.g. https://accounts.google.com.
                   This will be used to verify issued JWTs have the same "iss" claim.
                 type: string
+              tags:
+                description: Tags are aribrary user data.
+                items:
+                  description: Tag is an arbirary key/value.
+                  properties:
+                    name:
+                      description: Name of the tag.
+                      type: string
+                    value:
+                      description: Value of the tag.
+                      type: string
+                  required:
+                  - name
+                  - value
+                  type: object
+                type: array
               type:
                 description: |-
                   Type defines the interface to use with the provider, specifically

charts/identity/crds/identity.unikorn-cloud.org_organizations.yaml

@@ -95,6 +95,22 @@ spec:
                   ProviderScope tells the controller when to find the provider
                   details.
                 type: string
+              tags:
+                description: Tags are aribrary user data.
+                items:
+                  description: Tag is an arbirary key/value.
+                  properties:
+                    name:
+                      description: Name of the tag.
+                      type: string
+                    value:
+                      description: Value of the tag.
+                      type: string
+                  required:
+                  - name
+                  - value
+                  type: object
+                type: array
             type: object
           status:
             description: OrganizationStatus defines the status of the server.

charts/identity/crds/identity.unikorn-cloud.org_projects.yaml

@@ -64,6 +64,22 @@ spec:
               pause:
                 description: Pause, if true, will inhibit reconciliation.
                 type: boolean
+              tags:
+                description: Tags are aribrary user data.
+                items:
+                  description: Tag is an arbirary key/value.
+                  properties:
+                    name:
+                      description: Name of the tag.
+                      type: string
+                    value:
+                      description: Value of the tag.
+                      type: string
+                  required:
+                  - name
+                  - value
+                  type: object
+                type: array
             type: object
           status:
             description: ProjectStatus defines the status of the project.

charts/identity/crds/identity.unikorn-cloud.org_roles.yaml

@@ -148,6 +148,22 @@ spec:
                     - name
                     x-kubernetes-list-type: map
                 type: object
+              tags:
+                description: Tags are aribrary user data.
+                items:
+                  description: Tag is an arbirary key/value.
+                  properties:
+                    name:
+                      description: Name of the tag.
+                      type: string
+                    value:
+                      description: Value of the tag.
+                      type: string
+                  required:
+                  - name
+                  - value
+                  type: object
+                type: array
             type: object
           status:
             description: RoleStatus defines any role status information.

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0
-	github.com/unikorn-cloud/core v0.1.76
+	github.com/unikorn-cloud/core v0.1.85
 	go.opentelemetry.io/otel v1.31.0
 	go.opentelemetry.io/otel/sdk v1.31.0
 	go.opentelemetry.io/otel/trace v1.31.0
@@ -30,6 +30,7 @@ require (
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
+	github.com/Masterminds/semver/v3 v3.3.0 // indirect
 	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -71,7 +72,6 @@ require (
 	github.com/klauspost/compress v1.17.11 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/masterminds/semver v1.5.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/moby/term v0.5.0 // indirect

go.sum

@@ -2,8 +2,8 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
-github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0=
+github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
 github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
 github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk=
@@ -127,8 +127,6 @@ github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffkt
 github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/masterminds/semver v1.5.0 h1:hTxJTTY7tjvnWMrl08O6u3G6BLlKVwxSz01lVac9P8U=
-github.com/masterminds/semver v1.5.0/go.mod h1:s7KNT9fnd7edGzwwP7RBX4H0v/CYd5qdOLfkL1V75yg=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
@@ -192,8 +190,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/unikorn-cloud/core v0.1.76 h1:h9TsNTYimmu7N23RB3J7PLKp+ekJF7vM9AF1yMuVgIo=
-github.com/unikorn-cloud/core v0.1.76/go.mod h1:S9AF4PwTQljImb9w0P2jKjzRe8fLM+rx+ZbxrAHw/yE=
+github.com/unikorn-cloud/core v0.1.85 h1:S4B0nr0jhxF8SCsKyCRVwcx8+kJsI8fQVONLJDf9aic=
+github.com/unikorn-cloud/core v0.1.85/go.mod h1:wEKzCwAnIyTbo27l++Wl+gK95TAxMsFS3y3jbFB03aw=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=

pkg/apis/unikorn/v1alpha1/group_types.go

@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	unikornv1core "github.com/unikorn-cloud/core/pkg/apis/unikorn/v1alpha1"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -43,6 +45,8 @@ type Group struct {
 }
 
 type GroupSpec struct {
+	// Tags are aribrary user data.
+	Tags unikornv1core.TagList `json:"tags,omitempty"`
 	// ProviderID is the name of the group as returned by the provider.
 	// For example a query of https://cloudidentity.googleapis.com/v1/groups/
 	// will return something like groups/01664s551ax43ok.

pkg/apis/unikorn/v1alpha1/organization_types.go

@@ -62,6 +62,8 @@ const (
 
 // OrganizationSpec defines the required configuration for the server.
 type OrganizationSpec struct {
+	// Tags are aribrary user data.
+	Tags unikornv1core.TagList `json:"tags,omitempty"`
 	// Pause, if true, will inhibit reconciliation.
 	Pause bool `json:"pause,omitempty"`
 	// Domain is used by unikorn-identity to map an end-user provided

pkg/apis/unikorn/v1alpha1/project_types.go

@@ -49,9 +49,10 @@ type Project struct {
 
 // ProjectSpec defines project specific metadata.
 type ProjectSpec struct {
+	// Tags are aribrary user data.
+	Tags unikornv1core.TagList `json:"tags,omitempty"`
 	// Pause, if true, will inhibit reconciliation.
 	Pause bool `json:"pause,omitempty"`
-
 	// GroupIDs is a list of groups that are allowed access to the project.
 	GroupIDs []string `json:"groupIDs,omitempty"`
 }

pkg/apis/unikorn/v1alpha1/types.go

@@ -18,6 +18,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	unikornv1core "github.com/unikorn-cloud/core/pkg/apis/unikorn/v1alpha1"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -55,6 +57,8 @@ type OAuth2Client struct {
 
 // OAuth2ClientSpec defines the required configuration for the client.
 type OAuth2ClientSpec struct {
+	// Tags are aribrary user data.
+	Tags unikornv1core.TagList `json:"tags,omitempty"`
 	// RedirectURI is the URI to pass control back to the client.
 	RedirectURI string `json:"redirectUri"`
 	// LoginURI is a URI to pass control to for login dialogs.
@@ -91,6 +95,8 @@ type OAuth2Provider struct {
 // OAuth2ProviderSpec defines the required configuration for an oauth2
 // provider.
 type OAuth2ProviderSpec struct {
+	// Tags are aribrary user data.
+	Tags unikornv1core.TagList `json:"tags,omitempty"`
 	// Type defines the interface to use with the provider, specifically
 	// how to retrieve group information for fine-grained RBAC.  For certain
 	// global provider types e.g. Google or Microsoft, only a single instance
@@ -140,6 +146,8 @@ type Role struct {
 
 // RoleSpec defines the role's requested state.
 type RoleSpec struct {
+	// Tags are aribrary user data.
+	Tags unikornv1core.TagList `json:"tags,omitempty"`
 	// Scopes are a list of uniquely named scopes for the role.
 	Scopes RoleScopes `json:"scopes,omitempty"`
 }

pkg/handler/groups/client.go

@@ -51,7 +51,7 @@ func New(client client.Client, namespace string) *Client {
 
 func convert(in *unikornv1.Group) *openapi.GroupRead {
 	out := &openapi.GroupRead{
-		Metadata: conversion.OrganizationScopedResourceReadMetadata(in, coreopenapi.ResourceProvisioningStatusProvisioned),
+		Metadata: conversion.OrganizationScopedResourceReadMetadata(in, in.Spec.Tags, coreopenapi.ResourceProvisioningStatusProvisioned),
 		Spec: openapi.GroupSpec{
 			RoleIDs: in.Spec.RoleIDs,
 		},
@@ -160,6 +160,8 @@ func (c *Client) generate(ctx context.Context, organization *organizations.Meta,
 		},
 	}
 
+	out.Spec.Tags = conversion.GenerateTagList(in.Metadata.Tags)
+
 	if in.Spec.Users != nil {
 		out.Spec.Users = *in.Spec.Users
 	}

pkg/handler/oauth2providers/client.go

@@ -63,7 +63,7 @@ func (c *Client) get(ctx context.Context, organization *organizations.Meta, prov
 
 func convert(in *unikornv1.OAuth2Provider) *openapi.Oauth2ProviderRead {
 	out := &openapi.Oauth2ProviderRead{
-		Metadata: conversion.OrganizationScopedResourceReadMetadata(in, coreopenapi.ResourceProvisioningStatusProvisioned),
+		Metadata: conversion.OrganizationScopedResourceReadMetadata(in, in.Spec.Tags, coreopenapi.ResourceProvisioningStatusProvisioned),
 		Spec: openapi.Oauth2ProviderSpec{
 			ClientID: in.Spec.ClientID,
 		},
@@ -142,6 +142,8 @@ func (c *Client) generate(ctx context.Context, organization *organizations.Meta,
 		},
 	}
 
+	out.Spec.Tags = conversion.GenerateTagList(in.Metadata.Tags)
+
 	return out, nil
 }