A simple module used to retrieve tags data from a GCP project and to assign tags (binding) to passed resources. The module will create the bindings if they don't exist, but it will fail to create the bindings if they are already present.
Actually the module supports tagging of:
- Cloud Storage buckets
- CloudSQL instances
- Artifact Registry repositories
IMPORTANT: when tagging multi-regional buckets, check the location in the
Google cloud console (for example it can be eu). When tagging clodSQL instances,
you must specify the region as the location, not the zone (for example europe-west1
and not europe-west1-b).
IMPORTANT: all the CloudSQL roles have to be granted at the project level as lowest-level. This means that you can tag resources only for convinience, but you can not use them in the IAM conditions.
You can pass the tags to the module in a user-friendly and easy to read format, <TAG_KEY_SHORTNAME>/<TAG_VALUE_SHORTNAME>, so that it will be easy to understand, for example, you can write tasgs to be applied to resources like:
["dev-team/viewer", "ops-team/admin"]
You can also use the module to retrieve information about tags availables in your
project, populanting the variable tags_to_be_discovered with a full tag structure,
where the tag key is the map key, and the tag values are the values of each map key.
For example:
tags_to_be_discovered = {
"dev-team" : [
"viewer",
"editor",
"admin"
],
"ops-team" : [
"viewer",
"editor",
"admin"
]
}In the module output you can retrieve all tags keys and values informations.
| Name | Version |
|---|---|
| >= 4.47.0 |
| Name | Version |
|---|---|
| terraform | >= 1.2 |
| >= 4.47.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| artifact_registry_repositories_to_be_tagged | A structured list of objects, containing the list of repositories we want to tag, with repository id, repository location (region) and tag values. | list(object({ |
[] |
no |
| buckets_to_be_tagged | A structured list of objects, containing the list of buckets we want to tag and the tag values, in the form <TAG_KEY_SHORTNAME>/<TAG_VALUE_SHORTNAME>. If no bucket_location is specified, the value of default_location will be used. |
list(object({ |
[] |
no |
| cloudsql_instances_to_be_tagged | A structured list of objects, containing the list of cloudSQL instances we want to tag, with instance name, instance location (region) and tag values. | list(object({ |
[] |
no |
| default_location | The default location (region) used for the resources to be tagged. | string |
n/a | yes |
| global_tags | A list of tags to be applied to all the resources, in the form tag_key_short_name/tag_value_short_name. If a resource specify a list of tags, the global tags will overridden and replaced by those specified in the resource. | list(string) |
[] |
no |
| project_id | The Google Cloud project ID. | string |
n/a | yes |
| tags_to_be_discovered | The map with the tags we want to discover with a full structure key / values, see the README.md for an example. The module will print the tag informations as output. | map(list(string)) |
{} |
no |
| Name | Description |
|---|---|
| discovered_tag_keys | n/a |
| discovered_tag_keys_ids | n/a |
| discovered_tag_keys_names | n/a |
| discovered_tag_values | n/a |
| discovered_tag_values_ids | n/a |
| Name | Type |
|---|---|
| google_tags_location_tag_binding.artifact_registry | resource |
| google_tags_location_tag_binding.buckets | resource |
| google_tags_location_tag_binding.cloudsql | resource |
| google_tags_tag_key.project_tag_keys_to_discover | data source |
| google_tags_tag_key.tag_keys | data source |
| google_tags_tag_value.project_tag_values_to_be_discovered | data source |
| google_tags_tag_value.tag_values | data source |
No modules.