From 619c007fc98d510cb7fec052d62d77cec181bf7b Mon Sep 17 00:00:00 2001 From: velotioaastha Date: Thu, 5 Sep 2024 15:40:31 +0530 Subject: [PATCH] Enforce Resource Tagging in Terraform Deployments --- main.tf | 8 ++++++-- modules/app_gke/main.tf | 1 + modules/app_gke/variables.tf | 6 ++++++ modules/kms/main.tf | 2 +- modules/kms/variables.tf | 6 ++++++ modules/networking/main.tf | 1 + modules/networking/variables.tf | 6 ++++++ 7 files changed, 27 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 84fc8314..343ea0a0 100644 --- a/main.tf +++ b/main.tf @@ -58,6 +58,7 @@ module "kms" { source = "./modules/kms" namespace = var.namespace deletion_protection = var.deletion_protection + labels = var.labels } module "kms_default_bucket" { @@ -67,6 +68,7 @@ module "kms_default_bucket" { deletion_protection = var.deletion_protection key_location = lower(var.bucket_location) bind_pubsub_service_to_kms_key = false + labels = var.labels } module "kms_default_sql" { @@ -76,6 +78,7 @@ module "kms_default_sql" { deletion_protection = var.deletion_protection key_location = data.google_client_config.current.region bind_pubsub_service_to_kms_key = false + labels = var.labels } locals { default_bucket_key = length(module.kms_default_bucket) > 0 ? module.kms_default_bucket[0].crypto_key.id : var.bucket_kms_key_id @@ -99,10 +102,10 @@ module "storage" { } module "networking" { - count = local.create_network ? 1 : 0 - + count = local.create_network ? 1 : 0 source = "./modules/networking" namespace = var.namespace + labels = var.labels depends_on = [module.project_factory_project_services] } @@ -124,6 +127,7 @@ module "app_gke" { depends_on = [module.project_factory_project_services] max_node_count = local.max_node_count min_node_count = local.min_node_count + labels = var.labels } module "app_lb" { diff --git a/modules/app_gke/main.tf b/modules/app_gke/main.tf index 8e5cd769..e3510b14 100644 --- a/modules/app_gke/main.tf +++ b/modules/app_gke/main.tf @@ -93,6 +93,7 @@ resource "google_container_node_pool" "default" { metadata = { disable-legacy-endpoints = "true" } + labels = var.labels } management { diff --git a/modules/app_gke/variables.tf b/modules/app_gke/variables.tf index caa041ad..e497577c 100644 --- a/modules/app_gke/variables.tf +++ b/modules/app_gke/variables.tf @@ -58,4 +58,10 @@ variable "deletion_protection" { description = "If the GKE Cluster should have deletion protection enabled. The GKE Cluster can't be deleted when this value is set to `true`." type = bool default = true +} + +variable "labels" { + description = "Labels which will be applied to all applicable resources." + type = map(string) + default = {} } \ No newline at end of file diff --git a/modules/kms/main.tf b/modules/kms/main.tf index c38d40d4..ab8fb49f 100644 --- a/modules/kms/main.tf +++ b/modules/kms/main.tf @@ -20,7 +20,7 @@ resource "google_kms_crypto_key" "default" { name = "${var.namespace}-key" key_ring = google_kms_key_ring.default.id rotation_period = "100000s" - + labels = var.labels # lifecycle { # prevent_destroy = var.deletion_protection # } diff --git a/modules/kms/variables.tf b/modules/kms/variables.tf index 3153786d..35cc9a3a 100644 --- a/modules/kms/variables.tf +++ b/modules/kms/variables.tf @@ -19,4 +19,10 @@ variable "bind_pubsub_service_to_kms_key" { type = bool description = "Whether to bind the Pub/Sub service account to the KMS key for encrypter/decrypter access." default = true +} + +variable "labels" { + description = "Labels which will be applied to all applicable resources." + type = map(string) + default = {} } \ No newline at end of file diff --git a/modules/networking/main.tf b/modules/networking/main.tf index 49b4ad72..c331db92 100644 --- a/modules/networking/main.tf +++ b/modules/networking/main.tf @@ -24,6 +24,7 @@ resource "google_compute_global_address" "private_ip_address" { address_type = "INTERNAL" prefix_length = 16 network = google_compute_network.vpc.id + labels = var.labels } resource "google_service_networking_connection" "default" { diff --git a/modules/networking/variables.tf b/modules/networking/variables.tf index 3c02d917..e037e9a5 100644 --- a/modules/networking/variables.tf +++ b/modules/networking/variables.tf @@ -2,3 +2,9 @@ variable "namespace" { type = string description = "The name prefix for all resources created." } + +variable "labels" { + description = "Labels which will be applied to all applicable resources." + type = map(string) + default = {} +} \ No newline at end of file