CFE-857 : Apply user defined tags on created gcp resources

openshift · Feb 17, 2024 · 1363d39 · 1363d39
1 parent 905abb4
commit 1363d39
Show file tree

Hide file tree

Showing 14 changed files with 689 additions and 253 deletions.
diff --git a/data/data/gcp/bootstrap/main.tf b/data/data/gcp/bootstrap/main.tf
@@ -18,6 +18,18 @@ resource "google_storage_bucket" "ignition" {
   labels                      = var.gcp_extra_labels
 }
 
+resource "google_tags_location_tag_binding" "user_tag_binding_bucket" {
+  for_each = var.gcp_extra_tags
+
+  parent = format("//storage.googleapis.com/projects/_/buckets/%s",
+    google_storage_bucket.ignition.name,
+  )
+  tag_value = each.value
+  location  = var.gcp_region
+
+  depends_on = [google_storage_bucket.ignition]
+}
+
 resource "google_storage_bucket_object" "ignition" {
   bucket  = google_storage_bucket.ignition.name
   name    = "bootstrap.ign"
@@ -88,10 +100,11 @@ resource "google_compute_instance" "bootstrap" {
 
   boot_disk {
     initialize_params {
-      type   = var.gcp_master_root_volume_type
-      size   = var.gcp_master_root_volume_size
-      image  = var.compute_image
-      labels = var.gcp_extra_labels
+      type                  = var.gcp_master_root_volume_type
+      size                  = var.gcp_master_root_volume_size
+      image                 = var.compute_image
+      labels                = var.gcp_extra_labels
+      resource_manager_tags = var.gcp_extra_tags
     }
     kms_key_self_link = var.gcp_root_volume_kms_key_link
   }
@@ -138,6 +151,10 @@ resource "google_compute_instance" "bootstrap" {
 
   labels = var.gcp_extra_labels
 
+  params {
+    resource_manager_tags = var.gcp_extra_tags
+  }
+
   lifecycle {
     # In GCP TF apply is run a second time to remove bootstrap node from LB.
     # If machine_type = n2-standard series, install will error as TF tries to

diff --git a/data/data/gcp/cluster/main.tf b/data/data/gcp/cluster/main.tf
@@ -35,6 +35,7 @@ module "master" {
   confidential_compute = var.gcp_master_confidential_compute
   on_host_maintenance  = var.gcp_master_on_host_maintenance
   gcp_extra_labels     = var.gcp_extra_labels
+  gcp_extra_tags       = var.gcp_extra_tags
 
   tags = var.gcp_control_plane_tags
 }
@@ -82,4 +83,3 @@ module "dns" {
   project_id         = var.gcp_project_id
   gcp_extra_labels   = var.gcp_extra_labels
 }
-
diff --git a/data/data/gcp/cluster/master/main.tf b/data/data/gcp/cluster/master/main.tf
@@ -47,10 +47,11 @@ resource "google_compute_instance" "master" {
 
   boot_disk {
     initialize_params {
-      type   = var.root_volume_type
-      size   = var.root_volume_size
-      image  = var.image
-      labels = var.gcp_extra_labels
+      type                  = var.root_volume_type
+      size                  = var.root_volume_size
+      image                 = var.image
+      labels                = var.gcp_extra_labels
+      resource_manager_tags = var.gcp_extra_tags
     }
     kms_key_self_link = var.root_volume_kms_key_link
   }
@@ -97,6 +98,10 @@ resource "google_compute_instance" "master" {
     scopes = ["https://www.googleapis.com/auth/cloud-platform"]
   }
 
+  params {
+    resource_manager_tags = var.gcp_extra_tags
+  }
+
   lifecycle {
     # In GCP TF apply is run a second time to remove bootstrap node from LB.
     # If machine_type = n2-standard series, install will error as TF tries to

diff --git a/data/data/gcp/cluster/master/variables.tf b/data/data/gcp/cluster/master/variables.tf
@@ -85,3 +85,12 @@ variable "on_host_maintenance" {
   description = "The behavior when a maintenance event occurs."
   default     = ""
 }
+
+variable "gcp_extra_tags" {
+  type        = map(string)
+  description = <<EOF
+(optional) Extra GCP tags to be applied to the created resources.
+Example: `{ "tagKeys/123" = "tagValues/456", "tagKeys/456" = "tagValues/789" }`
+EOF
+  default = {}
+}
diff --git a/data/data/gcp/variables-gcp.tf b/data/data/gcp/variables-gcp.tf
@@ -165,4 +165,13 @@ variable "gcp_user_provisioned_dns" {
   description = <<EOF
 When true the user has selected to configure their own dns solution, and no dns records will be created.
 EOF
-}
+}
+
+variable "gcp_extra_tags" {
+  type        = map(string)
+  description = <<EOF
+(optional) Extra GCP tags to be applied to the created resources.
+Example: `{ "tagKeys/123" = "tagValues/456", "tagKeys/456" = "tagValues/789" }`
+EOF
+  default = {}
+}
diff --git a/pkg/asset/cluster/tfvars/tfvars.go b/pkg/asset/cluster/tfvars/tfvars.go
@@ -529,6 +529,14 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 			return fmt.Errorf("%s: No GCP build found", st.FormatPrefix(archName))
 		}
 
+		tags, err := gcpconfig.GetUserTags(ctx,
+			gcpconfig.NewTagManager(client),
+			installConfig.Config.Platform.GCP.ProjectID,
+			installConfig.Config.Platform.GCP.UserTags)
+		if err != nil {
+			return fmt.Errorf("failed to fetch user-defined tags: %w", err)
+		}
+
 		data, err := gcptfvars.TFVars(
 			gcptfvars.TFVarsSources{
 				Auth:                auth,
@@ -541,6 +549,7 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 				PublishStrategy:     installConfig.Config.Publish,
 				InfrastructureName:  clusterID.InfraID,
 				UserProvisionedDNS:  installConfig.Config.GCP.UserProvisionedDNS == gcp.UserProvisionedDNSEnabled,
+				UserTags:            tags,
 			},
 		)
 		if err != nil {

diff --git a/pkg/asset/installconfig/gcp/mock/usertags_mock.go b/pkg/asset/installconfig/gcp/mock/usertags_mock.go