From b8cc5fa5bce72a4d798e0ecbfb9c5e1c632632a7 Mon Sep 17 00:00:00 2001 From: "Audun V. Nes" Date: Thu, 14 Dec 2023 11:34:56 +0100 Subject: [PATCH] Add support for tagging policy in compute, database, network and storage (#1236) * Add support for tagging policy in compute, database, network and storage * Add tags for QA --- _sub/network/acm-certificate-san/providers.tf | 8 ++++++++ _sub/network/acm-certificate-san/vars.tf | 6 ++++++ compute/ecr-repo/providers.tf | 4 ++++ compute/ecr-repo/vars.tf | 6 ++++++ compute/eks-ec2/providers.tf | 4 ++++ compute/eks-ec2/vars.tf | 6 ++++++ compute/k8s-services/providers.tf | 12 ++++++++++++ compute/k8s-services/vars.tf | 6 ++++++ database/postgres-restore/providers.tf | 5 +++++ database/postgres-restore/vars.tf | 12 ++++++++++++ database/postgres/providers.tf | 5 +++++ database/postgres/vars.tf | 12 ++++++++++++ network/route53-sub-zone/providers.tf | 8 ++++++++ network/route53-sub-zone/vars.tf | 6 ++++++ storage/s3-ce-cli/providers.tf | 4 ++++ storage/s3-ce-cli/vars.tf | 12 ++++++++++++ storage/s3-eks-public/providers.tf | 4 ++++ storage/s3-eks-public/vars.tf | 12 ++++++++++++ storage/s3-velero-backup/providers.tf | 4 ++++ storage/s3-velero-backup/vars.tf | 12 ++++++++++++ test/integration/account.tfvars | 14 ++++++++++++++ 21 files changed, 162 insertions(+) diff --git a/_sub/network/acm-certificate-san/providers.tf b/_sub/network/acm-certificate-san/providers.tf index b5db5eebb..dcf1a897f 100644 --- a/_sub/network/acm-certificate-san/providers.tf +++ b/_sub/network/acm-certificate-san/providers.tf @@ -1,6 +1,10 @@ provider "aws" { region = var.aws_region + default_tags { + tags = var.tags + } + assume_role { role_arn = var.aws_assume_role_arn } @@ -9,4 +13,8 @@ provider "aws" { provider "aws" { region = var.aws_region alias = "core" + + default_tags { + tags = var.tags + } } diff --git a/_sub/network/acm-certificate-san/vars.tf b/_sub/network/acm-certificate-san/vars.tf index f715cc4d8..acb937e70 100644 --- a/_sub/network/acm-certificate-san/vars.tf +++ b/_sub/network/acm-certificate-san/vars.tf @@ -31,3 +31,9 @@ variable "aws_region" { variable "aws_assume_role_arn" { type = string } + +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} diff --git a/compute/ecr-repo/providers.tf b/compute/ecr-repo/providers.tf index 26eb67931..d3a6dcce9 100644 --- a/compute/ecr-repo/providers.tf +++ b/compute/ecr-repo/providers.tf @@ -4,4 +4,8 @@ terraform { provider "aws" { region = var.aws_region + + default_tags { + tags = var.tags + } } diff --git a/compute/ecr-repo/vars.tf b/compute/ecr-repo/vars.tf index 280e79ab6..8847f5597 100644 --- a/compute/ecr-repo/vars.tf +++ b/compute/ecr-repo/vars.tf @@ -16,3 +16,9 @@ variable "scan_on_push" { type = bool default = true } + +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} diff --git a/compute/eks-ec2/providers.tf b/compute/eks-ec2/providers.tf index 8573c2344..c3289f7c2 100644 --- a/compute/eks-ec2/providers.tf +++ b/compute/eks-ec2/providers.tf @@ -6,6 +6,10 @@ terraform { provider "aws" { region = var.aws_region + default_tags { + tags = var.tags + } + assume_role { role_arn = var.aws_assume_role_arn } diff --git a/compute/eks-ec2/vars.tf b/compute/eks-ec2/vars.tf index c2b561196..cfd758026 100644 --- a/compute/eks-ec2/vars.tf +++ b/compute/eks-ec2/vars.tf @@ -10,6 +10,12 @@ variable "aws_assume_role_arn" { type = string } +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} + # Optional # -------------------------------------------------- diff --git a/compute/k8s-services/providers.tf b/compute/k8s-services/providers.tf index d0bb4851c..c53b9ebc0 100644 --- a/compute/k8s-services/providers.tf +++ b/compute/k8s-services/providers.tf @@ -6,6 +6,10 @@ terraform { provider "aws" { region = var.aws_region + default_tags { + tags = var.tags + } + assume_role { role_arn = var.aws_assume_role_arn } @@ -14,6 +18,10 @@ provider "aws" { provider "aws" { region = var.aws_region alias = "core" + + default_tags { + tags = var.tags + } } locals { @@ -23,6 +31,10 @@ locals { provider "aws" { region = var.aws_region + default_tags { + tags = var.tags + } + assume_role { role_arn = local.aws_assume_logs_role_arn } diff --git a/compute/k8s-services/vars.tf b/compute/k8s-services/vars.tf index 36e097826..2d930beb8 100644 --- a/compute/k8s-services/vars.tf +++ b/compute/k8s-services/vars.tf @@ -29,6 +29,12 @@ variable "workload_dns_zone_name" { type = string } +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} + # Optional # -------------------------------------------------- diff --git a/database/postgres-restore/providers.tf b/database/postgres-restore/providers.tf index 26eb67931..d72a9647b 100644 --- a/database/postgres-restore/providers.tf +++ b/database/postgres-restore/providers.tf @@ -4,4 +4,9 @@ terraform { provider "aws" { region = var.aws_region + + default_tags { + tags = merge(var.tags, var.data_tags) + } + } diff --git a/database/postgres-restore/vars.tf b/database/postgres-restore/vars.tf index cfa46ee3e..d71388b8e 100644 --- a/database/postgres-restore/vars.tf +++ b/database/postgres-restore/vars.tf @@ -54,3 +54,15 @@ variable "db_publicly_accessible" { default = true description = "Should the database be public accessible?" } + +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} + +variable "data_tags" { + type = map(string) + description = "A map of tags to apply to all the data and/or storage deployed by the module" + default = {} +} diff --git a/database/postgres/providers.tf b/database/postgres/providers.tf index 26eb67931..d72a9647b 100644 --- a/database/postgres/providers.tf +++ b/database/postgres/providers.tf @@ -4,4 +4,9 @@ terraform { provider "aws" { region = var.aws_region + + default_tags { + tags = merge(var.tags, var.data_tags) + } + } diff --git a/database/postgres/vars.tf b/database/postgres/vars.tf index a94d600ed..678323f43 100644 --- a/database/postgres/vars.tf +++ b/database/postgres/vars.tf @@ -98,3 +98,15 @@ variable "db_publicly_accessible" { default = true description = "Should the database be public accessible?" } + +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} + +variable "data_tags" { + type = map(string) + description = "A map of tags to apply to all the data and/or storage deployed by the module" + default = {} +} diff --git a/network/route53-sub-zone/providers.tf b/network/route53-sub-zone/providers.tf index 5e5ed83f1..0b6820482 100644 --- a/network/route53-sub-zone/providers.tf +++ b/network/route53-sub-zone/providers.tf @@ -1,11 +1,19 @@ provider "aws" { region = var.aws_region + + default_tags { + tags = var.tags + } } provider "aws" { region = var.aws_region alias = "workload" + default_tags { + tags = var.tags + } + assume_role { role_arn = "arn:aws:iam::${var.aws_workload_account_id}:role/${var.prime_role_name}" } diff --git a/network/route53-sub-zone/vars.tf b/network/route53-sub-zone/vars.tf index 0714e3bc2..0f1fcd59d 100644 --- a/network/route53-sub-zone/vars.tf +++ b/network/route53-sub-zone/vars.tf @@ -14,3 +14,9 @@ variable "prime_role_name" { variable "dns_zone_name" { type = string } + +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} diff --git a/storage/s3-ce-cli/providers.tf b/storage/s3-ce-cli/providers.tf index bccf5b468..071b37783 100644 --- a/storage/s3-ce-cli/providers.tf +++ b/storage/s3-ce-cli/providers.tf @@ -6,6 +6,10 @@ terraform { provider "aws" { region = var.aws_region + default_tags { + tags = merge(var.tags, var.data_tags) + } + assume_role { role_arn = var.aws_assume_role_arn } diff --git a/storage/s3-ce-cli/vars.tf b/storage/s3-ce-cli/vars.tf index 6f2f08b2e..9a73c64a6 100644 --- a/storage/s3-ce-cli/vars.tf +++ b/storage/s3-ce-cli/vars.tf @@ -16,3 +16,15 @@ variable "additional_tags" { type = map(string) default = {} } + +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} + +variable "data_tags" { + type = map(string) + description = "A map of tags to apply to all the data and/or storage deployed by the module" + default = {} +} diff --git a/storage/s3-eks-public/providers.tf b/storage/s3-eks-public/providers.tf index bccf5b468..071b37783 100644 --- a/storage/s3-eks-public/providers.tf +++ b/storage/s3-eks-public/providers.tf @@ -6,6 +6,10 @@ terraform { provider "aws" { region = var.aws_region + default_tags { + tags = merge(var.tags, var.data_tags) + } + assume_role { role_arn = var.aws_assume_role_arn } diff --git a/storage/s3-eks-public/vars.tf b/storage/s3-eks-public/vars.tf index 4a1fed15f..8c03e5b1d 100644 --- a/storage/s3-eks-public/vars.tf +++ b/storage/s3-eks-public/vars.tf @@ -47,3 +47,15 @@ variable "eks_is_sandbox" { type = bool default = false } + +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} + +variable "data_tags" { + type = map(string) + description = "A map of tags to apply to all the data and/or storage deployed by the module" + default = {} +} diff --git a/storage/s3-velero-backup/providers.tf b/storage/s3-velero-backup/providers.tf index bccf5b468..071b37783 100644 --- a/storage/s3-velero-backup/providers.tf +++ b/storage/s3-velero-backup/providers.tf @@ -6,6 +6,10 @@ terraform { provider "aws" { region = var.aws_region + default_tags { + tags = merge(var.tags, var.data_tags) + } + assume_role { role_arn = var.aws_assume_role_arn } diff --git a/storage/s3-velero-backup/vars.tf b/storage/s3-velero-backup/vars.tf index a697e79a8..fec84b3a5 100644 --- a/storage/s3-velero-backup/vars.tf +++ b/storage/s3-velero-backup/vars.tf @@ -28,3 +28,15 @@ variable "velero_role_arn" { type = string default = null } + +variable "tags" { + type = map(string) + description = "A map of tags to apply to all the resources deployed by the module" + default = {} +} + +variable "data_tags" { + type = map(string) + description = "A map of tags to apply to all the data and/or storage deployed by the module" + default = {} +} diff --git a/test/integration/account.tfvars b/test/integration/account.tfvars index 28f7c019d..a2cc18d2c 100644 --- a/test/integration/account.tfvars +++ b/test/integration/account.tfvars @@ -9,3 +9,17 @@ terraform_state_region = "eu-central-1" eks_public_s3_bucket = "dfds-qa-k8s-public" eks_is_sandbox = true + +tags = { + "dfds.owner" = "dfds-qa" # owner set to dummy value on purpose + "dfds.env" = "test" + "dfds.cost.centre" = "ti-arch" + "dfds.service.availability" = "low" + "dfds.automation.tool" = "Terraform" + "dfds.automation.initiator.location" = "https://github.com/dfds/infrastructure-modules" +} + +data_tags = { + "dfds.data.backup" = false + "dfds.data.classification" = "private" +}