From 619c007fc98d510cb7fec052d62d77cec181bf7b Mon Sep 17 00:00:00 2001
From: velotioaastha <aastha.gupta@velotio.com>
Date: Thu, 5 Sep 2024 15:40:31 +0530
Subject: [PATCH] Enforce Resource Tagging in Terraform Deployments

---
 main.tf                         | 8 ++++++--
 modules/app_gke/main.tf         | 1 +
 modules/app_gke/variables.tf    | 6 ++++++
 modules/kms/main.tf             | 2 +-
 modules/kms/variables.tf        | 6 ++++++
 modules/networking/main.tf      | 1 +
 modules/networking/variables.tf | 6 ++++++
 7 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index 84fc8314..343ea0a0 100644
--- a/main.tf
+++ b/main.tf
@@ -58,6 +58,7 @@ module "kms" {
   source              = "./modules/kms"
   namespace           = var.namespace
   deletion_protection = var.deletion_protection
+  labels              = var.labels
 }
 
 module "kms_default_bucket" {
@@ -67,6 +68,7 @@ module "kms_default_bucket" {
   deletion_protection            = var.deletion_protection
   key_location                   = lower(var.bucket_location)
   bind_pubsub_service_to_kms_key = false
+  labels                         = var.labels
 }
 
 module "kms_default_sql" {
@@ -76,6 +78,7 @@ module "kms_default_sql" {
   deletion_protection            = var.deletion_protection
   key_location                   = data.google_client_config.current.region
   bind_pubsub_service_to_kms_key = false
+  labels                         = var.labels
 }
 locals {
   default_bucket_key = length(module.kms_default_bucket) > 0 ? module.kms_default_bucket[0].crypto_key.id : var.bucket_kms_key_id
@@ -99,10 +102,10 @@ module "storage" {
 }
 
 module "networking" {
-  count = local.create_network ? 1 : 0
-
+  count      = local.create_network ? 1 : 0
   source     = "./modules/networking"
   namespace  = var.namespace
+  labels     = var.labels
   depends_on = [module.project_factory_project_services]
 }
 
@@ -124,6 +127,7 @@ module "app_gke" {
   depends_on               = [module.project_factory_project_services]
   max_node_count           = local.max_node_count
   min_node_count           = local.min_node_count
+  labels                   = var.labels
 }
 
 module "app_lb" {
diff --git a/modules/app_gke/main.tf b/modules/app_gke/main.tf
index 8e5cd769..e3510b14 100644
--- a/modules/app_gke/main.tf
+++ b/modules/app_gke/main.tf
@@ -93,6 +93,7 @@ resource "google_container_node_pool" "default" {
     metadata = {
       disable-legacy-endpoints = "true"
     }
+    labels = var.labels
   }
 
   management {
diff --git a/modules/app_gke/variables.tf b/modules/app_gke/variables.tf
index caa041ad..e497577c 100644
--- a/modules/app_gke/variables.tf
+++ b/modules/app_gke/variables.tf
@@ -58,4 +58,10 @@ variable "deletion_protection" {
   description = "If the GKE Cluster should have deletion protection enabled. The GKE Cluster can't be deleted when this value is set to `true`."
   type        = bool
   default     = true
+}
+
+variable "labels" {
+  description = "Labels which will be applied to all applicable resources."
+  type        = map(string)
+  default     = {}
 }
\ No newline at end of file
diff --git a/modules/kms/main.tf b/modules/kms/main.tf
index c38d40d4..ab8fb49f 100644
--- a/modules/kms/main.tf
+++ b/modules/kms/main.tf
@@ -20,7 +20,7 @@ resource "google_kms_crypto_key" "default" {
   name            = "${var.namespace}-key"
   key_ring        = google_kms_key_ring.default.id
   rotation_period = "100000s"
-
+  labels          = var.labels
   # lifecycle {
   #   prevent_destroy = var.deletion_protection
   # }
diff --git a/modules/kms/variables.tf b/modules/kms/variables.tf
index 3153786d..35cc9a3a 100644
--- a/modules/kms/variables.tf
+++ b/modules/kms/variables.tf
@@ -19,4 +19,10 @@ variable "bind_pubsub_service_to_kms_key" {
   type        = bool
   description = "Whether to bind the Pub/Sub service account to the KMS key for encrypter/decrypter access."
   default     = true
+}
+
+variable "labels" {
+  description = "Labels which will be applied to all applicable resources."
+  type        = map(string)
+  default     = {}
 }
\ No newline at end of file
diff --git a/modules/networking/main.tf b/modules/networking/main.tf
index 49b4ad72..c331db92 100644
--- a/modules/networking/main.tf
+++ b/modules/networking/main.tf
@@ -24,6 +24,7 @@ resource "google_compute_global_address" "private_ip_address" {
   address_type  = "INTERNAL"
   prefix_length = 16
   network       = google_compute_network.vpc.id
+  labels        = var.labels
 }
 
 resource "google_service_networking_connection" "default" {
diff --git a/modules/networking/variables.tf b/modules/networking/variables.tf
index 3c02d917..e037e9a5 100644
--- a/modules/networking/variables.tf
+++ b/modules/networking/variables.tf
@@ -2,3 +2,9 @@ variable "namespace" {
   type        = string
   description = "The name prefix for all resources created."
 }
+
+variable "labels" {
+  description = "Labels which will be applied to all applicable resources."
+  type        = map(string)
+  default     = {}
+}
\ No newline at end of file