CFE-857: Apply user defined tags on created gcp resources

data/data/gcp/bootstrap/main.tf

@@ -18,6 +18,18 @@ resource "google_storage_bucket" "ignition" {
   labels                      = var.gcp_extra_labels
 }
 
+resource "google_tags_location_tag_binding" "user_tag_binding_bucket" {
+  for_each = var.gcp_extra_tags
+
+  parent = format("//storage.googleapis.com/projects/_/buckets/%s",
+    google_storage_bucket.ignition.name,
+  )
+  tag_value = each.value
+  location  = var.gcp_region
+
+  depends_on = [google_storage_bucket.ignition]
+}
+
 resource "google_storage_bucket_object" "ignition" {
   bucket  = google_storage_bucket.ignition.name
   name    = "bootstrap.ign"
@@ -88,10 +100,11 @@ resource "google_compute_instance" "bootstrap" {
 
   boot_disk {
     initialize_params {
-      type   = var.gcp_master_root_volume_type
-      size   = var.gcp_master_root_volume_size
-      image  = var.compute_image
-      labels = var.gcp_extra_labels
+      type                  = var.gcp_master_root_volume_type
+      size                  = var.gcp_master_root_volume_size
+      image                 = var.compute_image
+      labels                = var.gcp_extra_labels
+      resource_manager_tags = var.gcp_extra_tags
     }
     kms_key_self_link = var.gcp_root_volume_kms_key_link
   }
@@ -138,6 +151,10 @@ resource "google_compute_instance" "bootstrap" {
 
   labels = var.gcp_extra_labels
 
+  params {
+    resource_manager_tags = var.gcp_extra_tags
+  }
+
   lifecycle {
     # In GCP TF apply is run a second time to remove bootstrap node from LB.
     # If machine_type = n2-standard series, install will error as TF tries to

data/data/gcp/cluster/main.tf

@@ -35,6 +35,7 @@ module "master" {
   confidential_compute = var.gcp_master_confidential_compute
   on_host_maintenance  = var.gcp_master_on_host_maintenance
   gcp_extra_labels     = var.gcp_extra_labels
+  gcp_extra_tags       = var.gcp_extra_tags
 
   tags = var.gcp_control_plane_tags
 }
@@ -82,4 +83,3 @@ module "dns" {
   project_id         = var.gcp_project_id
   gcp_extra_labels   = var.gcp_extra_labels
 }
-

data/data/gcp/cluster/master/main.tf

@@ -47,10 +47,11 @@ resource "google_compute_instance" "master" {
 
   boot_disk {
     initialize_params {
-      type   = var.root_volume_type
-      size   = var.root_volume_size
-      image  = var.image
-      labels = var.gcp_extra_labels
+      type                  = var.root_volume_type
+      size                  = var.root_volume_size
+      image                 = var.image
+      labels                = var.gcp_extra_labels
+      resource_manager_tags = var.gcp_extra_tags
     }
     kms_key_self_link = var.root_volume_kms_key_link
   }
@@ -97,6 +98,10 @@ resource "google_compute_instance" "master" {
     scopes = ["https://www.googleapis.com/auth/cloud-platform"]
   }
 
+  params {
+    resource_manager_tags = var.gcp_extra_tags
+  }
+
   lifecycle {
     # In GCP TF apply is run a second time to remove bootstrap node from LB.
     # If machine_type = n2-standard series, install will error as TF tries to

data/data/gcp/cluster/master/variables.tf

@@ -85,3 +85,12 @@ variable "on_host_maintenance" {
   description = "The behavior when a maintenance event occurs."
   default     = ""
 }
+
+variable "gcp_extra_tags" {
+  type        = map(string)
+  description = <<EOF
+(optional) Extra GCP tags to be applied to the created resources.
+Example: `{ "tagKeys/123" = "tagValues/456", "tagKeys/456" = "tagValues/789" }`
+EOF
+  default = {}
+}

data/data/gcp/variables-gcp.tf

@@ -165,4 +165,13 @@ variable "gcp_user_provisioned_dns" {
   description = <<EOF
 When true the user has selected to configure their own dns solution, and no dns records will be created.
 EOF
-}
+}
+
+variable "gcp_extra_tags" {
+  type        = map(string)
+  description = <<EOF
+(optional) Extra GCP tags to be applied to the created resources.
+Example: `{ "tagKeys/123" = "tagValues/456", "tagKeys/456" = "tagValues/789" }`
+EOF
+  default = {}
+}

go.mod

@@ -43,6 +43,7 @@ require (
 	github.com/golang/protobuf v1.5.3
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.6.0
+	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/gophercloud/gophercloud v1.6.0
 	github.com/gophercloud/utils v0.0.0-20230523080330-de873b9cf00d
 	github.com/h2non/filetype v1.0.12
@@ -182,7 +183,6 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect

pkg/asset/cluster/tfvars/tfvars.go

@@ -529,6 +529,14 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 			return fmt.Errorf("%s: No GCP build found", st.FormatPrefix(archName))
 		}
 
+		tags, err := gcpconfig.GetUserTags(ctx,
+			gcpconfig.NewTagManager(client),
+			installConfig.Config.Platform.GCP.ProjectID,
+			installConfig.Config.Platform.GCP.UserTags)
+		if err != nil {
+			return fmt.Errorf("failed to fetch user-defined tags: %w", err)
+		}
+
 		data, err := gcptfvars.TFVars(
 			gcptfvars.TFVarsSources{
 				Auth:                auth,
@@ -541,6 +549,7 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 				PublishStrategy:     installConfig.Config.Publish,
 				InfrastructureName:  clusterID.InfraID,
 				UserProvisionedDNS:  installConfig.Config.GCP.UserProvisionedDNS == gcp.UserProvisionedDNSEnabled,
+				UserTags:            tags,
 			},
 		)
 		if err != nil {