Skip to content

Commit fac7874

Browse files
Fix non-cluster tag cleanup after resource-events username lookup
Tagging can resolve owners via get_username_from_resource_events while teardown still used CloudTrail-only lookup, leaving partial tags that caused validate_existing_tag to skip re-applying Budget and LaunchTime. Align removal with tagging and require input tags in validation. Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 0e81030 commit fac7874

3 files changed

Lines changed: 37 additions & 2 deletions

File tree

cloud_governance/policy/policy_operations/aws/tag_non_cluster/non_cluster_operations.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -249,7 +249,9 @@ def validate_existing_tag(self, tags: list):
249249
@param tags:
250250
@return:
251251
"""
252-
check_tags = ['User', 'Project', 'Manager', 'Owner', 'Email']
252+
check_tags = ['User', 'Project', 'Manager', 'Owner', 'Email', 'LaunchTime']
253+
if self.input_tags:
254+
check_tags.extend(key for key in self.input_tags if key not in check_tags)
253255
tag_count = 0
254256
if tags:
255257
for tag in tags:

cloud_governance/policy/policy_operations/aws/tag_non_cluster/remove_non_cluster_tags.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,11 @@ def __get_instance_tags(self, launch_time: datetime, instance_id: str, tags: lis
1717
@param tags:
1818
@return:
1919
"""
20-
username = self._get_username_from_cloudtrail(start_time=launch_time, resource_id=instance_id, resource_type='AWS::EC2::Instance')
20+
username = self.ec2_operations.get_tag_value_from_tags(tags=tags or [], tag_name='User')
21+
if not username or username == self.NA_VALUE:
22+
username = self.get_username(
23+
start_time=launch_time, resource_id=instance_id,
24+
resource_type='AWS::EC2::Instance', tags=tags or [])
2125
search_tags = []
2226
user_tags = self.iam_client.get_user_tags(username=username)
2327
if not username:

tests/unittest/cloud_governance/aws/tag_non_cluster/test_non_cluster_operations.py

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,3 +51,32 @@ def test_resource_events_fallback_excludes_automation_user(self):
5151
assert result == CLUSTER_OWNER
5252
call_kwargs = ops.cloudtrail.get_username_from_resource_events.call_args.kwargs
5353
assert call_kwargs['exclude_users'] == {AUTOMATION_USER}
54+
55+
56+
class TestNonClusterOperationsValidateExistingTag:
57+
def test_returns_false_when_budget_tag_missing(self):
58+
ops = NonClusterOperations.__new__(NonClusterOperations)
59+
ops.input_tags = {'Budget': 'PERF-DEPT'}
60+
tags = [
61+
{'Key': 'User', 'Value': 'cluster-owner'},
62+
{'Key': 'Project', 'Value': 'test'},
63+
{'Key': 'Manager', 'Value': 'manager'},
64+
{'Key': 'Owner', 'Value': 'owner'},
65+
{'Key': 'Email', 'Value': 'cluster-owner@redhat.com'},
66+
{'Key': 'LaunchTime', 'Value': '2026/06/30 14:00:00'},
67+
]
68+
assert ops.validate_existing_tag(tags=tags) is False
69+
70+
def test_returns_true_when_all_required_tags_present(self):
71+
ops = NonClusterOperations.__new__(NonClusterOperations)
72+
ops.input_tags = {'Budget': 'PERF-DEPT'}
73+
tags = [
74+
{'Key': 'User', 'Value': 'cluster-owner'},
75+
{'Key': 'Project', 'Value': 'test'},
76+
{'Key': 'Manager', 'Value': 'manager'},
77+
{'Key': 'Owner', 'Value': 'owner'},
78+
{'Key': 'Email', 'Value': 'cluster-owner@redhat.com'},
79+
{'Key': 'LaunchTime', 'Value': '2026/06/30 14:00:00'},
80+
{'Key': 'Budget', 'Value': 'PERF-DEPT'},
81+
]
82+
assert ops.validate_existing_tag(tags=tags) is True

0 commit comments

Comments
 (0)