diff --git a/lib/web/join_tokens.go b/lib/web/join_tokens.go index df9896f5e1532..d54269df7c381 100644 --- a/lib/web/join_tokens.go +++ b/lib/web/join_tokens.go @@ -631,6 +631,7 @@ func getJoinScript(ctx context.Context, settings scriptSettings, m nodeAPIGetter } var buf bytes.Buffer + var appServerResourceLabels []string // If app install mode is requested but parameters are blank for some reason, // we need to return an error. if settings.appInstallMode { @@ -640,6 +641,12 @@ func getJoinScript(ctx context.Context, settings scriptSettings, m nodeAPIGetter if !appURIPattern.MatchString(settings.appURI) { return "", trace.BadParameter("appURI %q contains invalid characters", settings.appURI) } + + suggestedLabels := token.GetSuggestedLabels() + appServerResourceLabels, err = scripts.MarshalLabelsYAML(suggestedLabels, 4) + if err != nil { + return "", trace.Wrap(err) + } } if settings.discoveryInstallMode { @@ -689,6 +696,7 @@ func getJoinScript(ctx context.Context, settings scriptSettings, m nodeAPIGetter "installUpdater": strconv.FormatBool(settings.installUpdater), "version": shsprintf.EscapeDefaultContext(version), "appInstallMode": strconv.FormatBool(settings.appInstallMode), + "appServerResourceLabels": appServerResourceLabels, "appName": shsprintf.EscapeDefaultContext(settings.appName), "appURI": shsprintf.EscapeDefaultContext(settings.appURI), "joinMethod": shsprintf.EscapeDefaultContext(settings.joinMethod), diff --git a/lib/web/join_tokens_test.go b/lib/web/join_tokens_test.go index ba0b0be4ff9b1..4e0062b333ef3 100644 --- a/lib/web/join_tokens_test.go +++ b/lib/web/join_tokens_test.go @@ -761,6 +761,17 @@ func TestGetNodeJoinScript(t *testing.T) { require.Contains(t, script, fmt.Sprintf("%s=%s", types.InternalResourceIDLabel, internalResourceID)) }, }, + { + desc: "app server labels", + settings: scriptSettings{token: validToken, appInstallMode: true, appName: "app-name", appURI: "app-uri"}, + errAssert: require.NoError, + extraAssertions: func(script string) { + require.Contains(t, script, `APP_NAME='app-name'`) + require.Contains(t, script, `APP_URI='app-uri'`) + require.Contains(t, script, `public_addr`) + require.Contains(t, script, fmt.Sprintf(" labels:\n %s: %s", types.InternalResourceIDLabel, internalResourceID)) + }, + }, } { t.Run(test.desc, func(t *testing.T) { script, err := getJoinScript(context.Background(), test.settings, m) diff --git a/lib/web/scripts/node-join/install.sh b/lib/web/scripts/node-join/install.sh index 3d8403c00787d..64c7cc6b6aab2 100755 --- a/lib/web/scripts/node-join/install.sh +++ b/lib/web/scripts/node-join/install.sh @@ -441,6 +441,11 @@ get_yaml_list() { install_teleport_app_config() { log "Writing Teleport app service config to ${TELEPORT_CONFIG_PATH}" CA_PINS_CONFIG=$(get_yaml_list "ca_pin" "${CA_PIN_HASHES}" " ") + # This file is processed by `shellschek` as part of the lint step + # It detects an issue because of un-set variables - $index and $line. This check is called SC2154. + # However, that's not an issue, because those variables are replaced when we run go's text/template engine over it. + # When executing the script, those are no long variables but actual values. + # shellcheck disable=SC2154 cat << EOF > ${TELEPORT_CONFIG_PATH} version: v3 teleport: @@ -463,6 +468,9 @@ app_service: - name: "${APP_NAME}" uri: "${APP_URI}" public_addr: ${APP_PUBLIC_ADDR} + labels:{{range $index, $line := .appServerResourceLabels}} + {{$line -}} +{{end}} EOF } # installs the provided teleport config (for database service)