Pass join token suggestedLabels to app server labels during install.sh (

#50720) * Allow adding app server labels from join token for install.sh * Address CRs * Reduce label yaml space, improve test
gravitational · Jan 9, 2025 · 4ee850e · 4ee850e
1 parent a26c2a9
commit 4ee850e
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/lib/web/join_tokens.go b/lib/web/join_tokens.go
@@ -631,6 +631,7 @@ func getJoinScript(ctx context.Context, settings scriptSettings, m nodeAPIGetter
 	}
 
 	var buf bytes.Buffer
+	var appServerResourceLabels []string
 	// If app install mode is requested but parameters are blank for some reason,
 	// we need to return an error.
 	if settings.appInstallMode {
@@ -640,6 +641,12 @@ func getJoinScript(ctx context.Context, settings scriptSettings, m nodeAPIGetter
 		if !appURIPattern.MatchString(settings.appURI) {
 			return "", trace.BadParameter("appURI %q contains invalid characters", settings.appURI)
 		}
+
+		suggestedLabels := token.GetSuggestedLabels()
+		appServerResourceLabels, err = scripts.MarshalLabelsYAML(suggestedLabels, 4)
+		if err != nil {
+			return "", trace.Wrap(err)
+		}
 	}
 
 	if settings.discoveryInstallMode {
@@ -689,6 +696,7 @@ func getJoinScript(ctx context.Context, settings scriptSettings, m nodeAPIGetter
 		"installUpdater":             strconv.FormatBool(settings.installUpdater),
 		"version":                    shsprintf.EscapeDefaultContext(version),
 		"appInstallMode":             strconv.FormatBool(settings.appInstallMode),
+		"appServerResourceLabels":    appServerResourceLabels,
 		"appName":                    shsprintf.EscapeDefaultContext(settings.appName),
 		"appURI":                     shsprintf.EscapeDefaultContext(settings.appURI),
 		"joinMethod":                 shsprintf.EscapeDefaultContext(settings.joinMethod),

diff --git a/lib/web/join_tokens_test.go b/lib/web/join_tokens_test.go
@@ -761,6 +761,17 @@ func TestGetNodeJoinScript(t *testing.T) {
 				require.Contains(t, script, fmt.Sprintf("%s=%s", types.InternalResourceIDLabel, internalResourceID))
 			},
 		},
+		{
+			desc:      "app server labels",
+			settings:  scriptSettings{token: validToken, appInstallMode: true, appName: "app-name", appURI: "app-uri"},
+			errAssert: require.NoError,
+			extraAssertions: func(script string) {
+				require.Contains(t, script, `APP_NAME='app-name'`)
+				require.Contains(t, script, `APP_URI='app-uri'`)
+				require.Contains(t, script, `public_addr`)
+				require.Contains(t, script, fmt.Sprintf("    labels:\n      %s: %s", types.InternalResourceIDLabel, internalResourceID))
+			},
+		},
 	} {
 		t.Run(test.desc, func(t *testing.T) {
 			script, err := getJoinScript(context.Background(), test.settings, m)

diff --git a/lib/web/scripts/node-join/install.sh b/lib/web/scripts/node-join/install.sh
@@ -441,6 +441,11 @@ get_yaml_list() {
 install_teleport_app_config() {
     log "Writing Teleport app service config to ${TELEPORT_CONFIG_PATH}"
     CA_PINS_CONFIG=$(get_yaml_list "ca_pin" "${CA_PIN_HASHES}" "  ")
+    # This file is processed by `shellschek` as part of the lint step
+    # It detects an issue because of un-set variables - $index and $line. This check is called SC2154.
+    # However, that's not an issue, because those variables are replaced when we run go's text/template engine over it.
+    # When executing the script, those are no long variables but actual values.
+    # shellcheck disable=SC2154
     cat << EOF > ${TELEPORT_CONFIG_PATH}
 version: v3
 teleport:
@@ -463,6 +468,9 @@ app_service:
   - name: "${APP_NAME}"
     uri: "${APP_URI}"
     public_addr: ${APP_PUBLIC_ADDR}
+    labels:{{range $index, $line := .appServerResourceLabels}}
+      {{$line -}}
+{{end}}
 EOF
 }
 # installs the provided teleport config (for database service)