From af5e2e339040198550f22887f601317113546015 Mon Sep 17 00:00:00 2001
From: Pedro Algarvio <palgarvio@vmware.com>
Date: Wed, 8 Mar 2023 07:34:09 +0000
Subject: [PATCH] Try to get the VM environment from the instance tags

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
---
 .github/workflows/test-action.yml          | 17 ++++++++++--
 .github/workflows/test-packages-action.yml | 17 ++++++++++--
 .pre-commit-config.yaml                    |  1 +
 tools/vm.py                                | 32 ++++++++++++++++++++--
 4 files changed, 61 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
index e30395b96b0..6c978f38c7a 100644
--- a/.github/workflows/test-action.yml
+++ b/.github/workflows/test-action.yml
@@ -137,11 +137,18 @@ jobs:
             echo NOX_SESSION=${{ inputs.nox-session }}-tcp >> "$GITHUB_ENV"
           fi
 
+      - name: Get Salt Project GitHub Actions Bot Environment
+        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
+        run: |
+          TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
+          SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
+          echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
+
       - name: Start VM
         if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
         id: spin-up-vm
         run: |
-          tools --timestamps vm create --retries=2 ${{ inputs.distro-slug }}
+          tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
 
       - name: List Free Space
         if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
@@ -241,12 +248,18 @@ jobs:
         with:
           name: testrun-changed-files.txt
 
+      - name: Get Salt Project GitHub Actions Bot Environment
+        run: |
+          TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
+          SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
+          echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
+
       - name: Start VM
         id: spin-up-vm
         env:
           TESTS_CHUNK: ${{ matrix.tests-chunk }}
         run: |
-          tools --timestamps vm create --retries=2 ${{ inputs.distro-slug }}
+          tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
 
       - name: List Free Space
         run: |
diff --git a/.github/workflows/test-packages-action.yml b/.github/workflows/test-packages-action.yml
index 1496e02330e..ae4e53df3c1 100644
--- a/.github/workflows/test-packages-action.yml
+++ b/.github/workflows/test-packages-action.yml
@@ -110,11 +110,18 @@ jobs:
         if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
         uses: ./.github/actions/setup-python-tools-scripts
 
+      - name: Get Salt Project GitHub Actions Bot Environment
+        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
+        run: |
+          TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
+          SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
+          echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
+
       - name: Start VM
         if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
         id: spin-up-vm
         run: |
-          tools --timestamps vm create --retries=2 ${{ inputs.distro-slug }}
+          tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
 
       - name: List Free Space
         if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
@@ -216,10 +223,16 @@ jobs:
       - name: Setup Python Tools Scripts
         uses: ./.github/actions/setup-python-tools-scripts
 
+      - name: Get Salt Project GitHub Actions Bot Environment
+        run: |
+          TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
+          SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
+          echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
+
       - name: Start VM
         id: spin-up-vm
         run: |
-          tools --timestamps vm create --retries=2 ${{ inputs.distro-slug }}
+          tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
 
       - name: List Free Space
         run: |
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 1124ffeb7ba..58dbbe76257 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1330,6 +1330,7 @@ repos:
           - rich
           - types-attrs
           - types-pyyaml
+          - types-requests
 
   - repo: https://github.com/saltstack/mirrors-nox
     rev: v2021.6.12
diff --git a/tools/vm.py b/tools/vm.py
index 10244843e5b..bb0d65d47b7 100644
--- a/tools/vm.py
+++ b/tools/vm.py
@@ -21,6 +21,7 @@ from functools import lru_cache
 from typing import TYPE_CHECKING, cast
 
 from ptscripts import Context, command_group
+from requests.exceptions import ConnectTimeout
 
 import tools.utils
 
@@ -95,8 +96,13 @@ vm.add_argument("--region", help="The AWS region.", default=AWS_REGION)
             "help": "How many times to retry creating and connecting to a vm",
         },
         "environment": {
-            "help": "The AWS environment to use.",
-            "choices": ("prod", "test"),
+            "help": (
+                "The AWS environment to use. When the value is auto, an "
+                "attempt will be made to get the right environment from the "
+                "AWS instance metadata endpoint. This only works for bastion "
+                "VMs."
+            ),
+            "choices": ("prod", "test", "auto"),
         },
     }
 )
@@ -117,6 +123,28 @@ def create(
         ctx.exit(1, "We need a key name to spin a VM")
     if not retries:
         retries = 1
+    if environment == "auto":
+        # Lets get the environment from the instance profile if we're on a bastion VM
+        with ctx.web as web:
+            try:
+                ret = web.put(
+                    "http://169.254.169.254/latest/api/token",
+                    headers={"X-aws-ec2-metadata-token-ttl-seconds": "10"},
+                    timeout=1,
+                )
+                token = ret.text.strip()
+                ret = web.get(
+                    "http://169.254.169.254/latest/meta-data/tags/instance/spb:environment",
+                    headers={"X-aws-ec2-metadata-token": token},
+                )
+                spb_environment = ret.text.strip()
+                if spb_environment:
+                    ctx.info(f"Discovered VM environment: {spb_environment}")
+                    environment = spb_environment
+            except ConnectTimeout:
+                # We're apparently not in bastion VM
+                environment = None
+
     attempts = 0
     while True:
         attempts += 1