feat: adding access tag support (#189)

Khuzaima05 · web-flow · commit d342e4db81a0 · 2023-06-30T09:18:05.000+01:00
diff --git a/README.md b/README.md
@@ -64,12 +64,14 @@ You need the following permissions to run this module.
 | [ibm_database.mongodb](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database) | resource |
 | [ibm_iam_authorization_policy.kms_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
 | [ibm_resource_key.service_credentials](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key) | resource |
+| [ibm_resource_tag.mongodb_tag](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_tag) | resource |
 | [ibm_database_connection.database_connection](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/database_connection) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the MongoDB instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | `list(string)` | `[]` | no |
 | <a name="input_admin_pass"></a> [admin\_pass](#input\_admin\_pass) | The password for the database administrator. If the admin password is null then the admin user ID cannot be accessed. More users can be specified in a user block. The admin password must be in the range of 10-32 characters. | `string` | `null` | no |
 | <a name="input_auto_scaling"></a> [auto\_scaling](#input\_auto\_scaling) | Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. See https://cloud.ibm.com/docs/databases-for-mongodb?topic=databases-for-mongodb-autoscaling&interface=cli#autoscaling-considerations in the IBM Cloud Docs. | <pre>object({<br>    disk = object({<br>      capacity_enabled             = optional(bool, false)<br>      free_space_less_than_percent = optional(number, 10)<br>      io_above_percent             = optional(number, 90)<br>      io_enabled                   = optional(bool, false)<br>      io_over_period               = optional(string, "15m")<br>      rate_increase_percent        = optional(number, 10)<br>      rate_limit_mb_per_member     = optional(number, 3670016)<br>      rate_period_seconds          = optional(number, 900)<br>      rate_units                   = optional(string, "mb")<br>    })<br>    memory = object({<br>      io_above_percent         = optional(number, 90)<br>      io_enabled               = optional(bool, false)<br>      io_over_period           = optional(string, "15m")<br>      rate_increase_percent    = optional(number, 10)<br>      rate_limit_mb_per_member = optional(number, 114688)<br>      rate_period_seconds      = optional(number, 900)<br>      rate_units               = optional(string, "mb")<br>    })<br>  })</pre> | `null` | no |
 | <a name="input_backup_encryption_key_crn"></a> [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn) | The CRN of a Key Protect key that you want to use for encrypting the disk that holds deployment backups. Only used if var.kms\_encryption\_enabled is set to true. BYOK for backups is available only in US regions us-south and us-east, and in eu-de. Only keys in the us-south and eu-de are durable to region failures. To ensure that your backups are available even if a region failure occurs, use a key from us-south or eu-de. Hyper Protect Crypto Services for IBM Cloud Databases backups is not currently supported. If no value is passed here, the value passed for the 'kms\_key\_crn' variable is used. And if a HPCS value is passed for var.kms\_key\_crn, the database backup encryption uses the default encryption keys. | `string` | `null` | no |
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -18,5 +18,6 @@ module "mongodb" {
   resource_group_id = module.resource_group.resource_group_id
   instance_name     = "${var.prefix}-mongodb"
   region            = var.region
+  access_tags       = var.access_tags
   tags              = var.resource_tags
 }
diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf
@@ -22,6 +22,12 @@ variable "resource_group" {
   default     = null
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the MongoDB instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
 variable "resource_tags" {
   type        = list(string)
   description = "Optional list of tags to be added to created resources"
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -77,6 +77,7 @@ module "mongodb" {
   existing_kms_instance_guid = module.key_protect_all_inclusive.key_protect_guid
   region                     = var.region
   kms_key_crn                = module.key_protect_all_inclusive.keys["icd.${var.prefix}-mongodb"].crn
+  access_tags                = var.access_tags
   tags                       = var.resource_tags
   service_credential_names   = var.service_credential_names
   cbr_rules = [
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
@@ -28,6 +28,12 @@ variable "resource_tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the MongoDB instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
 variable "mongodb_version" {
   type        = string
   description = "Version of the MongoDB instance. If no value is passed, the current preferred version of IBM Cloud Databases is used."
diff --git a/examples/fscloud/main.tf b/examples/fscloud/main.tf
@@ -57,6 +57,7 @@ module "mongodb" {
   instance_name              = "${var.prefix}-mongodb"
   region                     = var.region
   tags                       = var.resource_tags
+  access_tags                = var.access_tags
   kms_key_crn                = var.kms_key_crn
   existing_kms_instance_guid = var.existing_kms_instance_guid
   mongodb_version            = var.mongodb_version
diff --git a/examples/fscloud/variables.tf b/examples/fscloud/variables.tf
@@ -28,6 +28,12 @@ variable "resource_tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the MongoDB instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
 variable "existing_kms_instance_guid" {
   description = "The GUID of the Hyper Protect Crypto service in which the key specified in var.kms_key_crn is coming from"
   type        = string
diff --git a/main.tf b/main.tf
@@ -120,6 +120,13 @@ resource "ibm_database" "mongodb" {
   }
 }
 
+resource "ibm_resource_tag" "mongodb_tag" {
+  count       = length(var.access_tags) == 0 ? 0 : 1
+  resource_id = ibm_database.mongodb.resource_crn
+  tags        = var.access_tags
+  tag_type    = "access"
+}
+
 ##############################################################################
 # Context Based Restrictions
 ##############################################################################
diff --git a/module-metadata.json b/module-metadata.json
@@ -1,6 +1,27 @@
 {
   "path": ".",
   "variables": {
+    "access_tags": {
+      "name": "access_tags",
+      "type": "list(string)",
+      "description": "A list of access tags to apply to the MongoDB instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details",
+      "default": [],
+      "source": [
+        "ibm_resource_tag.mongodb_tag.count",
+        "ibm_resource_tag.mongodb_tag.tags"
+      ],
+      "pos": {
+        "filename": "variables.tf",
+        "line": 35
+      },
+      "min_length": 1,
+      "max_length": 128,
+      "matches": "^[A-Za-z0-9:_ .-]+$",
+      "computed": true,
+      "elem": {
+        "type": "TypeString"
+      }
+    },
     "admin_pass": {
       "name": "admin_pass",
       "type": "string",
@@ -11,7 +32,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 122
+        "line": 135
       }
     },
     "auto_scaling": {
@@ -20,7 +41,7 @@
       "description": "Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. See https://cloud.ibm.com/docs/databases-for-mongodb?topic=databases-for-mongodb-autoscaling\u0026interface=cli#autoscaling-considerations in the IBM Cloud Docs.",
       "pos": {
         "filename": "variables.tf",
-        "line": 141
+        "line": 154
       }
     },
     "backup_encryption_key_crn": {
@@ -29,7 +50,7 @@
       "description": "The CRN of a Key Protect key that you want to use for encrypting the disk that holds deployment backups. Only used if var.kms_encryption_enabled is set to true. BYOK for backups is available only in US regions us-south and us-east, and in eu-de. Only keys in the us-south and eu-de are durable to region failures. To ensure that your backups are available even if a region failure occurs, use a key from us-south or eu-de. Hyper Protect Crypto Services for IBM Cloud Databases backups is not currently supported. If no value is passed here, the value passed for the 'kms_key_crn' variable is used. And if a HPCS value is passed for var.kms_key_crn, the database backup encryption uses the default encryption keys.",
       "pos": {
         "filename": "variables.tf",
-        "line": 192
+        "line": 205
       }
     },
     "cbr_rules": {
@@ -46,7 +67,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 218
+        "line": 231
       }
     },
     "configuration": {
@@ -58,7 +79,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 35
+        "line": 48
       }
     },
     "cpu_count": {
@@ -68,7 +89,7 @@
       "default": 0,
       "pos": {
         "filename": "variables.tf",
-        "line": 97
+        "line": 110
       }
     },
     "disk_mb": {
@@ -78,7 +99,7 @@
       "default": 10240,
       "pos": {
         "filename": "variables.tf",
-        "line": 90
+        "line": 103
       }
     },
     "endpoints": {
@@ -93,7 +114,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 72
+        "line": 85
       },
       "options": "public, private, public-and-private"
     },
@@ -106,7 +127,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 208
+        "line": 221
       },
       "immutable": true,
       "computed": true
@@ -134,7 +155,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 172
+        "line": 185
       }
     },
     "kms_key_crn": {
@@ -146,7 +167,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 178
+        "line": 191
       },
       "immutable": true
     },
@@ -157,7 +178,7 @@
       "default": 3,
       "pos": {
         "filename": "variables.tf",
-        "line": 104
+        "line": 117
       }
     },
     "memory_mb": {
@@ -167,7 +188,7 @@
       "default": 1024,
       "pos": {
         "filename": "variables.tf",
-        "line": 83
+        "line": 96
       }
     },
     "mongodb_version": {
@@ -179,7 +200,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 47
+        "line": 60
       },
       "immutable": true,
       "computed": true
@@ -239,7 +260,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 61
+        "line": 74
       },
       "cloud_data_type": "resource_group",
       "immutable": true,
@@ -258,7 +279,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 111
+        "line": 124
       }
     },
     "skip_iam_authorization_policy": {
@@ -268,7 +289,7 @@
       "default": false,
       "pos": {
         "filename": "variables.tf",
-        "line": 202
+        "line": 215
       }
     },
     "tags": {
@@ -282,7 +303,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 66
+        "line": 79
       }
     },
     "users": {
@@ -298,7 +319,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 129
+        "line": 142
       }
     }
   },
@@ -454,7 +475,23 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 166
+        "line": 173
+      }
+    },
+    "ibm_resource_tag.mongodb_tag": {
+      "mode": "managed",
+      "type": "ibm_resource_tag",
+      "name": "mongodb_tag",
+      "attributes": {
+        "count": "access_tags",
+        "tags": "access_tags"
+      },
+      "provider": {
+        "name": "ibm"
+      },
+      "pos": {
+        "filename": "main.tf",
+        "line": 123
       }
     }
   },
@@ -474,7 +511,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 195
+        "line": 202
       }
     }
   },
@@ -552,7 +589,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 127
+        "line": 134
       }
     }
   }
diff --git a/profiles/fscloud/README.md b/profiles/fscloud/README.md
@@ -32,6 +32,7 @@ No resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the MongoDB instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | `list(string)` | `[]` | no |
 | <a name="input_admin_pass"></a> [admin\_pass](#input\_admin\_pass) | The password for the database administrator. If the admin password is null then the admin user ID cannot be accessed. More users can be specified in a user block. The admin password must be in the range of 10-32 characters. | `string` | `null` | no |
 | <a name="input_auto_scaling"></a> [auto\_scaling](#input\_auto\_scaling) | Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. See https://cloud.ibm.com/docs/databases-for-mongodb?topic=databases-for-mongodb-autoscaling&interface=cli#autoscaling-considerations in the IBM Cloud Docs. | <pre>object({<br>    disk = object({<br>      capacity_enabled             = optional(bool, false)<br>      free_space_less_than_percent = optional(number, 10)<br>      io_above_percent             = optional(number, 90)<br>      io_enabled                   = optional(bool, false)<br>      io_over_period               = optional(string, "15m")<br>      rate_increase_percent        = optional(number, 10)<br>      rate_limit_mb_per_member     = optional(number, 3670016)<br>      rate_period_seconds          = optional(number, 900)<br>      rate_units                   = optional(string, "mb")<br>    })<br>    memory = object({<br>      io_above_percent         = optional(number, 90)<br>      io_enabled               = optional(bool, false)<br>      io_over_period           = optional(string, "15m")<br>      rate_increase_percent    = optional(number, 10)<br>      rate_limit_mb_per_member = optional(number, 114688)<br>      rate_period_seconds      = optional(number, 900)<br>      rate_units               = optional(string, "mb")<br>    })<br>  })</pre> | `null` | no |
 | <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of CBR rules to create | <pre>list(object({<br>    description = string<br>    account_id  = string<br>    rule_contexts = list(object({<br>      attributes = optional(list(object({<br>        name  = string<br>        value = string<br>    }))) }))<br>    enforcement_mode = string<br>  }))</pre> | `[]` | no |
diff --git a/profiles/fscloud/main.tf b/profiles/fscloud/main.tf
@@ -11,6 +11,7 @@ module "mongodb" {
   kms_key_crn                   = var.kms_key_crn
   backup_encryption_key_crn     = null # Need to use default encryption until ICD adds HPCS support for backup encryption
   cbr_rules                     = var.cbr_rules
+  access_tags                   = var.access_tags
   tags                          = var.tags
   configuration                 = var.configuration
   plan                          = var.plan
diff --git a/profiles/fscloud/variables.tf b/profiles/fscloud/variables.tf
@@ -13,6 +13,12 @@ variable "mongodb_version" {
   default     = null
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the MongoDB instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
 variable "region" {
   description = "The region where you want to deploy your instance. Must be the same region as the Hyper Protect Crypto Services instance."
   type        = string
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -51,6 +51,7 @@ func TestRunFSCloudExample(t *testing.T) {
 		*/
 		//ResourceGroup: resourceGroup,
 		TerraformVars: map[string]interface{}{
+			"access_tags":                permanentResources["accessTags"],
 			"existing_kms_instance_guid": permanentResources["hpcs_south"],
 			"kms_key_crn":                permanentResources["hpcs_south_root_key_crn"],
 			"mongodb_version":            "5.0", // Always lock this test into the latest supported MongoDB version
diff --git a/variables.tf b/variables.tf
@@ -32,6 +32,19 @@ variable "plan" {
   }
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the MongoDB instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+
+  validation {
+    condition = alltrue([
+      for tag in var.access_tags : can(regex("[\\w\\-_\\.]+:[\\w\\-_\\.]+", tag)) && length(tag) <= 128
+    ])
+    error_message = "Tags must match the regular expression \"[\\w\\-_\\.]+:[\\w\\-_\\.]+\", see https://cloud.ibm.com/docs/account?topic=account-tag&interface=ui#limits for more details"
+  }
+}
+
 variable "configuration" {
   description = "Database Configuration."
   type = object({

Original file line number	Diff line number	Diff line change
`@@ -18,5 +18,6 @@ module "mongodb" {`
`18`	`18`	`resource_group_id = module.resource_group.resource_group_id`
`19`	`19`	`instance_name = "${var.prefix}-mongodb"`
`20`	`20`	`region = var.region`
	`21`	`+ access_tags = var.access_tags`
`21`	`22`	`tags = var.resource_tags`
`22`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,13 @@ resource "ibm_database" "mongodb" {`
`120`	`120`	`}`
`121`	`121`	`}`
`122`	`122`
	`123`	`+resource "ibm_resource_tag" "mongodb_tag" {`
	`124`	`+ count = length(var.access_tags) == 0 ? 0 : 1`
	`125`	`+ resource_id = ibm_database.mongodb.resource_crn`
	`126`	`+ tags = var.access_tags`
	`127`	`+ tag_type = "access"`
	`128`	`+}`
	`129`	`+`
`123`	`130`	`##############################################################################`
`124`	`131`	`# Context Based Restrictions`
`125`	`132`	`##############################################################################`