Enforce Resource Tagging in Terraform Deployments

wandb · Sep 5, 2024 · ce54280 · ce54280
1 parent 043e541
commit ce54280
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 3 deletions.
diff --git a/main.tf b/main.tf
@@ -52,6 +52,7 @@ module "kms" {
   source              = "./modules/kms"
   namespace           = var.namespace
   deletion_protection = var.deletion_protection
+  labels              = var.labels
 }
 
 module "kms_default_bucket" {
@@ -61,6 +62,7 @@ module "kms_default_bucket" {
   deletion_protection            = var.deletion_protection
   key_location                   = lower(var.bucket_location)
   bind_pubsub_service_to_kms_key = false
+  labels                         = var.labels
 }
 
 module "kms_default_sql" {
@@ -70,6 +72,7 @@ module "kms_default_sql" {
   deletion_protection            = var.deletion_protection
   key_location                   = data.google_client_config.current.region
   bind_pubsub_service_to_kms_key = false
+  labels                         = var.labels
 }
 locals {
   default_bucket_key = length(module.kms_default_bucket) > 0 ? module.kms_default_bucket[0].crypto_key.id : var.bucket_kms_key_id
@@ -93,10 +96,10 @@ module "storage" {
 }
 
 module "networking" {
-  count = local.create_network ? 1 : 0
-
+  count      = local.create_network ? 1 : 0
   source     = "./modules/networking"
   namespace  = var.namespace
+  labels     = var.labels
   depends_on = [module.project_factory_project_services]
 }
 
@@ -117,6 +120,7 @@ module "app_gke" {
   create_workload_identity = var.create_workload_identity
   deletion_protection      = var.deletion_protection
   depends_on               = [module.project_factory_project_services]
+  labels                   = var.labels
 }
 
 module "app_lb" {

diff --git a/modules/app_gke/main.tf b/modules/app_gke/main.tf
@@ -88,6 +88,7 @@ resource "google_container_node_pool" "default" {
     metadata = {
       disable-legacy-endpoints = "true"
     }
+    labels = var.labels
   }
 
   management {

diff --git a/modules/app_gke/variables.tf b/modules/app_gke/variables.tf
@@ -54,4 +54,10 @@ variable "deletion_protection" {
   description = "If the GKE Cluster should have deletion protection enabled. The GKE Cluster can't be deleted when this value is set to `true`."
   type        = bool
   default     = true
+}
+
+variable "labels" {
+  description = "Labels which will be applied to all applicable resources."
+  type        = map(string)
+  default     = {}
 }
diff --git a/modules/kms/main.tf b/modules/kms/main.tf
@@ -20,7 +20,7 @@ resource "google_kms_crypto_key" "default" {
   name            = "${var.namespace}-key"
   key_ring        = google_kms_key_ring.default.id
   rotation_period = "100000s"
-
+  labels          = var.labels
   # lifecycle {
   #   prevent_destroy = var.deletion_protection
   # }

diff --git a/modules/kms/variables.tf b/modules/kms/variables.tf
@@ -19,4 +19,10 @@ variable "bind_pubsub_service_to_kms_key" {
   type        = bool
   description = "Whether to bind the Pub/Sub service account to the KMS key for encrypter/decrypter access."
   default     = true
+}
+
+variable "labels" {
+  description = "Labels which will be applied to all applicable resources."
+  type        = map(string)
+  default     = {}
 }
diff --git a/modules/networking/main.tf b/modules/networking/main.tf
@@ -24,6 +24,7 @@ resource "google_compute_global_address" "private_ip_address" {
   address_type  = "INTERNAL"
   prefix_length = 16
   network       = google_compute_network.vpc.id
+  labels        = var.labels
 }
 
 resource "google_service_networking_connection" "default" {

diff --git a/modules/networking/variables.tf b/modules/networking/variables.tf
@@ -2,3 +2,9 @@ variable "namespace" {
   type        = string
   description = "The name prefix for all resources created."
 }
+
+variable "labels" {
+  description = "Labels which will be applied to all applicable resources."
+  type        = map(string)
+  default     = {}
+}