feat: added access tag support (#8)

Author: Aayush-Abhyarthi

README.md

@@ -61,12 +61,14 @@ You need the following permissions to run this module.
 | [ibm_database.rabbitmq_database](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database) | resource |
 | [ibm_iam_authorization_policy.kms_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
 | [ibm_resource_key.service_credentials](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key) | resource |
+| [ibm_resource_tag.rabbitmq_tag](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_tag) | resource |
 | [ibm_database_connection.database_connection](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/database_connection) | data source |
 
 ### Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the rabbitmq instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | `list(string)` | `[]` | no |
 | <a name="input_admin_pass"></a> [admin\_pass](#input\_admin\_pass) | The password for the database administrator. If the admin password is null then the admin user ID cannot be accessed. More users can be specified in a user block. The admin password must be in the range of 10-32 characters. | `string` | `null` | no |
 | <a name="input_auto_scaling"></a> [auto\_scaling](#input\_auto\_scaling) | Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. See https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-autoscaling in the IBM Cloud Docs. | <pre>object({<br>    disk = object({<br>      capacity_enabled             = optional(bool, false)<br>      free_space_less_than_percent = optional(number, 10)<br>      io_above_percent             = optional(number, 90)<br>      io_enabled                   = optional(bool, false)<br>      io_over_period               = optional(string, "15m")<br>      rate_increase_percent        = optional(number, 10)<br>      rate_limit_mb_per_member     = optional(number, 3670016)<br>      rate_period_seconds          = optional(number, 900)<br>      rate_units                   = optional(string, "mb")<br>    })<br>    memory = object({<br>      io_above_percent         = optional(number, 90)<br>      io_enabled               = optional(bool, false)<br>      io_over_period           = optional(string, "15m")<br>      rate_increase_percent    = optional(number, 10)<br>      rate_limit_mb_per_member = optional(number, 114688)<br>      rate_period_seconds      = optional(number, 900)<br>      rate_units               = optional(string, "mb")<br>    })<br>  })</pre> | `null` | no |
 | <a name="input_backup_encryption_key_crn"></a> [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn) | The CRN of a Key Protect key, that you want to use for encrypting disk that holds deployment backups. Only used if var.kms\_encryption\_enabled is set to true. If no value passed, the value passed for the 'kms\_key\_crn' variable will be used. BYOK for backups is available only in US regions us-south and us-east, and eu-de. Only keys in the us-south and eu-de are durable to region failures. To ensure that your backups are available even if a region failure occurs, you must use a key from us-south or eu-de. Take note that Hyper Protect Crypto Services for IBM Cloud® Databases backups is not currently supported, so if no value is passed here, but a HPCS value is passed for var.kms\_key\_crn, databases backup encryption will use the default encryption keys. | `string` | `null` | no |

examples/basic/main.tf

@@ -20,4 +20,5 @@ module "icd_rabbitmq" {
   instance_name     = "${var.prefix}-rabbitmq"
   region            = var.region
   tags              = var.resource_tags
+  access_tags       = var.access_tags
 }

examples/basic/variables.tf

@@ -27,3 +27,9 @@ variable "resource_tags" {
   description = "Optional list of tags to be added to created resources"
   default     = []
 }
+
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the rabbitmq instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}

examples/complete/main.tf

@@ -83,6 +83,7 @@ module "icd_rabbitmq" {
   rabbitmq_version           = var.rabbitmq_version
   kms_key_crn                = module.key_protect_all_inclusive.keys["icd.${var.prefix}-rabbitmq"].crn
   tags                       = var.resource_tags
+  access_tags                = var.access_tags
   auto_scaling               = var.auto_scaling
   cbr_rules = [
     {

examples/complete/variables.tf

@@ -64,6 +64,12 @@ variable "resource_tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the rabbitmq instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
 variable "auto_scaling" {
   type = object({
     disk = object({

main.tf

@@ -119,6 +119,13 @@ resource "ibm_database" "rabbitmq_database" {
   }
 }
 
+resource "ibm_resource_tag" "rabbitmq_tag" {
+  count       = length(var.access_tags) == 0 ? 0 : 1
+  resource_id = ibm_database.rabbitmq_database.resource_crn
+  tags        = var.access_tags
+  tag_type    = "access"
+}
+
 ##############################################################################
 # Context Based Restrictions
 ##############################################################################

module-metadata.json

@@ -1,6 +1,27 @@
 {
   "path": ".",
   "variables": {
+    "access_tags": {
+      "name": "access_tags",
+      "type": "list(string)",
+      "description": "A list of access tags to apply to the rabbitmq instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details",
+      "default": [],
+      "source": [
+        "ibm_resource_tag.rabbitmq_tag.count",
+        "ibm_resource_tag.rabbitmq_tag.tags"
+      ],
+      "pos": {
+        "filename": "variables.tf",
+        "line": 27
+      },
+      "min_length": 1,
+      "max_length": 128,
+      "matches": "^[A-Za-z0-9:_ .-]+$",
+      "computed": true,
+      "elem": {
+        "type": "TypeString"
+      }
+    },
     "admin_pass": {
       "name": "admin_pass",
       "type": "string",
@@ -11,7 +32,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 132
+        "line": 145
       }
     },
     "auto_scaling": {
@@ -20,7 +41,7 @@
       "description": "Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. See https://cloud.ibm.com/docs/messages-for-rabbitmq?topic=messages-for-rabbitmq-autoscaling in the IBM Cloud Docs.",
       "pos": {
         "filename": "variables.tf",
-        "line": 94
+        "line": 107
       }
     },
     "backup_encryption_key_crn": {
@@ -29,7 +50,7 @@
       "description": "The CRN of a Key Protect key, that you want to use for encrypting disk that holds deployment backups. Only used if var.kms_encryption_enabled is set to true. If no value passed, the value passed for the 'kms_key_crn' variable will be used. BYOK for backups is available only in US regions us-south and us-east, and eu-de. Only keys in the us-south and eu-de are durable to region failures. To ensure that your backups are available even if a region failure occurs, you must use a key from us-south or eu-de. Take note that Hyper Protect Crypto Services for IBM Cloud® Databases backups is not currently supported, so if no value is passed here, but a HPCS value is passed for var.kms_key_crn, databases backup encryption will use the default encryption keys.",
       "pos": {
         "filename": "variables.tf",
-        "line": 175
+        "line": 188
       }
     },
     "cbr_rules": {
@@ -46,7 +67,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 201
+        "line": 214
       }
     },
     "cpu_count": {
@@ -56,7 +77,7 @@
       "default": 0,
       "pos": {
         "filename": "variables.tf",
-        "line": 82
+        "line": 95
       }
     },
     "disk_mb": {
@@ -66,7 +87,7 @@
       "default": 1024,
       "pos": {
         "filename": "variables.tf",
-        "line": 88
+        "line": 101
       }
     },
     "endpoints": {
@@ -81,7 +102,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 33
+        "line": 46
       },
       "options": "public, private, public-and-private"
     },
@@ -94,7 +115,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 191
+        "line": 204
       },
       "immutable": true,
       "computed": true
@@ -122,7 +143,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 155
+        "line": 168
       }
     },
     "kms_key_crn": {
@@ -134,7 +155,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 161
+        "line": 174
       },
       "immutable": true
     },
@@ -145,7 +166,7 @@
       "default": 3,
       "pos": {
         "filename": "variables.tf",
-        "line": 69
+        "line": 82
       }
     },
     "memory_mb": {
@@ -155,7 +176,7 @@
       "default": 1024,
       "pos": {
         "filename": "variables.tf",
-        "line": 76
+        "line": 89
       }
     },
     "plan": {
@@ -169,7 +190,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 57
+        "line": 70
       },
       "immutable": true,
       "options": "standard, enterprise"
@@ -184,7 +205,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 27
+        "line": 40
       }
     },
     "rabbitmq_version": {
@@ -196,7 +217,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 43
+        "line": 56
       },
       "immutable": true,
       "computed": true
@@ -246,7 +267,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 121
+        "line": 134
       }
     },
     "skip_iam_authorization_policy": {
@@ -256,7 +277,7 @@
       "default": false,
       "pos": {
         "filename": "variables.tf",
-        "line": 185
+        "line": 198
       }
     },
     "tags": {
@@ -286,7 +307,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 139
+        "line": 152
       }
     }
   },
@@ -441,7 +462,23 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 163
+        "line": 170
+      }
+    },
+    "ibm_resource_tag.rabbitmq_tag": {
+      "mode": "managed",
+      "type": "ibm_resource_tag",
+      "name": "rabbitmq_tag",
+      "attributes": {
+        "count": "access_tags",
+        "tags": "access_tags"
+      },
+      "provider": {
+        "name": "ibm"
+      },
+      "pos": {
+        "filename": "main.tf",
+        "line": 122
       }
     }
   },
@@ -461,7 +498,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 192
+        "line": 199
       }
     }
   },
@@ -539,7 +576,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 125
+        "line": 132
       }
     }
   }

variables.tf

@@ -24,6 +24,19 @@ variable "tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the rabbitmq instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+
+  validation {
+    condition = alltrue([
+      for tag in var.access_tags : can(regex("[\\w\\-_\\.]+:[\\w\\-_\\.]+", tag)) && length(tag) <= 128
+    ])
+    error_message = "Tags must match the regular expression \"[\\w\\-_\\.]+:[\\w\\-_\\.]+\", see https://cloud.ibm.com/docs/account?topic=account-tag&interface=ui#limits for more details"
+  }
+}
+
 variable "plan_validation" {
   type        = bool
   description = "Enable or disable validating the database parameters for rabbitmq during the plan phase"