Tag AWS resources created with Terraform (#1552)

[natanlao]

Author (check before every review)

• PR title references issue
• Title of main commit references issue
• PR is linked to Zenhub issue
• Added DCP/1 label _{or this PR does not target an hca/* branch}
• Created issue to track porting these changes _{or this PR does not need porting}
• Added r tag to commit title _{or this PR does not require reindexing}
• Added reindex label to PR _{or this PR does not require reindexing}
• Freebies are blocked on this PR _{or there are no freebies in this PR}
• Freebies are referenced in commit titles _{or there are no freebies in this PR}
• This PR is blocked by previous PR in chain _{or this PR is not chained to another PR}
• Added chain label to the blocking PR _{or this PR is not chained to another PR}
• Ran make requirements_update _{or this PR leaves requirements*.txt, common.mk and Makefile untouched}
• Added R tag to commit title _{or this PR leaves requirements*.txt untouched}
• Added reqs label to PR _{or this PR leaves requirements*.txt untouched}
• Documented upgrading of deployments in UPGRADING.rst _{or this PR does not require upgrading}
• Added u tag to commit title _{or this PR does not require upgrading}
• Added upgrade label to PR _{or this PR does not require upgrading}
• make integration_test passes in personal deployment _{or this PR does not touch functionality that could break the IT}
• Rebased branch on develop

Primary reviewer (before pushing merge commit)

• Checked reindex label and r commit title tag
• Rebased and squashed branch
• Sanity-checked history
• Build passes in sandbox _{or added no sandbox label}
• Reindexed sandbox _{or this PR does not require reindexing}
• Added PR reference to merge commit
• Moved linked issue to Merged
• Pushed merge commit to Github

Primary reviewer (after pushing merge commit)

• Moved freebies to Merged column _{or there are no freebies in this PR}
• Shortened chain _{or this PR is not the base of another PR}
• Verified that N reviews labelling is accurate
• Commented on demo expectations _{or labeled as no demo}
• Pushed merge commit to Gitlab _{or this changes can be pushed later, together with another PR}
• Reindexed dev _{or this PR does not require reindexing}
• Deleted PR branch from Github and Gitlab
• Unassign reviewer from PR

Amend Terraform configuration to tag all AWS resources with some
Azul-specific tags (Owner, AzulDeployment, Creator, Name) and some tags that
are specified in DCP RFC 0006 (project, env, owner, service, Name,
managedBy).

Update documentation in README.md to specify that manually-created resources
should be tagged in a manner consistent with those maintained by Terraform.

If all tags were static, it would make sense to contain tags in the shared
Terraform configuration. Because the content of the tags depends on user config
it is reasonable to maintain helper code in azul.deployment.

[codecov]

Codecov Report

Merging #1701 (60ed45f) into develop (42f6f7c) will decrease coverage by 0.01%.
The diff coverage is 83.08%.

@@             Coverage Diff             @@
##           develop    #1701      +/-   ##
===========================================
- Coverage    85.11%   85.10%   -0.02%     
===========================================
  Files          123      125       +2     
  Lines        12636    12822     +186     
===========================================
+ Hits         10755    10912     +157     
- Misses        1881     1910      +29     

Impacted Files	Coverage Δ
src/azul/deployment.py	70.55% <ø> (+0.26%)	⬆️
src/azul/__init__.py	81.80% <70.58%> (-0.14%)	⬇️
src/azul/terraform.py	76.10% <76.10%> (ø)
test/test_tagging.py	97.01% <97.01%> (ø)
src/azul/modules.py	100.00% <100.00%> (ø)
test/test_doctests.py	95.55% <100.00%> (+0.10%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 42f6f7c...60ed45f. Read the comment docs.

[coveralls]

Pull Request Test Coverage Report for Build 8318

• 11 of 18 (61.11%) changed or added relevant lines in 2 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.03%) to 83.117%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
src/azul/deployment.py	10	17	58.82%

Totals
Change from base Build 8283:	-0.03%
Covered Lines:	9113
Relevant Lines:	10964

---

💛 - Coveralls

[jessebrennan]

I have some questions and suggestions on resource names:

• Do the names need to be unique across resource types? I don't think it's necessary. For example, I don't think it's ambiguous to have an EC2 instance called Jesse and also an S3 bucket with Name as Jesse.
• I think using proper capitalization and spaces instead of _ or - is more appropriate since this is a "human readable name"
• I think it would make more sense to change the signature of get_aws_tags to

  def get_aws_tags(resource_name: str, **kwargs) -> dict` 
  

  and if you need a config.qualified_resource_name, you can do it at the call site of get_aws_tags.

[natanlao]

Some notes on this latest revision:

• The name tag is kept consistent with any existing resource name, even if it's not unique. (See terraform/gitlab/gitlab.tf.json.template.py.) This can cause some irregularity with the component tag -- I am not sure if the approach I've taken is the best one.
• The scope of this ticket was expanded to also tag GCP resources, but I found no GCP resources in terraform/ that supported tagging.

[jessebrennan]

Nice! this is coming together.

It still seems kind of weird to me to have the two distinct ways of specifying the name tag (either explicitly, or via **kwargs). For example what happens if resource_name is not specified and neither is the name kwarg passed in explicitly? I think it could be more elegant to consolidate those two code paths, but I'm pretty sure that doing it this way was Hannes's specification, in which case it should be left as it is.

I'm also uncertain about the values specified when overwriting name directly (via kwargs). I don't really see a pattern for how the names are determined nor what they're modelled after. I think it would be useful to make the naming conventions clear so that when future resources are added, the tagging stays consistent.

[natanlao]

For example what happens if resource_name is not specified and neither is the name kwarg passed in explicitly?

This is a good point -- I can add a check for this. This actually probably isn't necessary, given the changes I've made from your (correct) point about calls to config.qualified_resource_name being moved to the call site of get_cloud_tags

[natanlao]

Okay, new revision! I've made the following changes:

• get_cloud_tags no longer calls config.qualified_resource_name directly. Hannes's concern was minimizing effort on the part of the caller – that being said, counting invocations of get_cloud_tags, calling qualified_resource_name appears now to be the exception (about 1/3 of cases) rather than the rule (the remaining 2/3).
• Updated the docstring of get_cloud_tags with guidance as to how the name tag is chosen and added doctests
• Split changes to _sanitize_tf into _fix_name_tag
• Reviewed choices for the name tag across all resources. For the most part, I think those values are reasonable, with the potential exception of what's in terraform/s3.tf.json.template.py

[jessebrennan]

See the one change requested, but otherwise I approve.

[hannes-ucsc]

You're missing the point of re.compile. If it is used, it should be in a scope more long-lived than that of the usages of its result. So either do that or don't use it at all.

[hannes-ucsc]

I dislike how the name translation is coded twice, once as a string operation in _patch_name and as regex replacement here. Change the regex to match a TF reference and send the matches through _patch_name.

[hannes-ucsc]

Not sure why we need a method for a simple == comparison. The comparison is NOT an implementation detail that should abstracted away, nor does this method reduce code or duplication. It only has one effect: obfuscation. Inline and remove.

[hannes-ucsc]

For demo, show labelled resources.