support for defined tags for all resources

junior · junior · commit 7b705e766914 · 2022-09-14T14:42:46.000-05:00
Signed-off-by: junior &lt;junior@users.noreply.github.com&gt;
diff --git a/module-cluster-tools.tf b/module-cluster-tools.tf
@@ -10,8 +10,8 @@ module "cluster-tools" {
   # compartment_ocid = var.compartment_ocid
   region = var.region
 
-  # Deployment Tags + Freeform Tags
-  freeform_deployment_tags = local.freeform_deployment_tags
+  # Deployment Tags + Freeform Tags + Defined Tags
+  oci_tag_values = local.oci_tag_values
 
   # Cluster Tools
   ## Namespace
diff --git a/module-oke.tf b/module-oke.tf
@@ -13,8 +13,9 @@ module "vault" {
   # Oracle Cloud Infrastructure Tenancy and Compartment OCID
   tenancy_ocid = var.tenancy_ocid
 
-  # Deployment Tags + Freeform Tags
-  freeform_deployment_tags = local.freeform_deployment_tags
+  # Deployment Tags + Freeform Tags + Defined Tags
+  # freeform_deployment_tags = local.freeform_deployment_tags
+  oci_tag_values = local.oci_tag_values
 
   # Encryption (OCI Vault/Key Management/KMS)
   use_encryption_from_oci_vault = var.use_encryption_from_oci_vault
@@ -44,9 +45,9 @@ module "oke" {
   region           = var.region
 
   # Deployment Tags + Freeform Tags
-  cluster_freeform_deployment_tags        = local.freeform_deployment_tags
-  load_balancers_freeform_deployment_tags = local.freeform_deployment_tags
-  block_volumes_freeform_deployment_tags  = local.freeform_deployment_tags
+  cluster_tags        = local.oci_tag_values
+  load_balancers_tags = local.oci_tag_values
+  block_volumes_tags  = local.oci_tag_values
 
   # OKE Cluster
   ## create_new_oke_cluster
@@ -76,8 +77,8 @@ module "oke_node_pool" {
   source   = "./modules/oke-node-pool"
 
   # Deployment Tags + Freeform Tags
-  node_pools_freeform_deployment_tags   = local.freeform_deployment_tags
-  worker_nodes_freeform_deployment_tags = local.freeform_deployment_tags
+  node_pools_tags   = local.oci_tag_values
+  worker_nodes_tags = local.oci_tag_values
 
   # Oracle Cloud Infrastructure Tenancy and Compartment OCID
   tenancy_ocid = var.tenancy_ocid
@@ -312,11 +313,15 @@ locals {
     "DeploymentID" = local.deploy_id,
     "AppName"      = var.app_name,
   "Quickstart" = "oke_base" }
-  freeform_deployment_tags = merge(var.tag_values.freeformTags, local.deploy_tags)
-  workers_public_ssh_key   = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.public_key_openssh : var.public_ssh_key
-  app_name                 = var.app_name
-  app_name_normalized      = substr(replace(lower(var.app_name), " ", "-"), 0, 6)
-  app_name_for_dns         = substr(lower(replace(var.app_name, "/\\W|_|\\s/", "")), 0, 6)
+  # freeform_deployment_tags = merge(var.tag_values.freeformTags, local.deploy_tags)
+  oci_tag_values = {
+    "freeformTags" = merge(var.tag_values.freeformTags, local.deploy_tags),
+    "definedTags"  = var.tag_values.definedTags
+  }
+  workers_public_ssh_key = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.public_key_openssh : var.public_ssh_key
+  app_name               = var.app_name
+  app_name_normalized    = substr(replace(lower(var.app_name), " ", "-"), 0, 6)
+  app_name_for_dns       = substr(lower(replace(var.app_name, "/\\W|_|\\s/", "")), 0, 6)
 }
 
 # OKE Outputs
diff --git a/modules/cluster-tools/cluster-tools.tf b/modules/cluster-tools/cluster-tools.tf
@@ -27,7 +27,7 @@ locals {
 
 # OCI Provider
 variable "tenancy_ocid" {}
-variable "compartment_ocid" {}
+# variable "compartment_ocid" {}
 variable "region" {}
 
 # Namespace
diff --git a/modules/cluster-tools/grafana.tf b/modules/cluster-tools/grafana.tf
@@ -199,7 +199,7 @@ resource "kubernetes_ingress_v1" "grafana" {
 
     tls {
       secret_name = "grafana-${var.ingress_cluster_issuer}-tls"
-      hosts = local.ingress_hosts
+      hosts       = local.ingress_hosts
     }
   }
   depends_on = [helm_release.ingress_nginx, helm_release.grafana]
diff --git a/modules/cluster-tools/ingress-nginx.tf b/modules/cluster-tools/ingress-nginx.tf
@@ -46,8 +46,8 @@ variable "ingress_email_issuer" {
   default     = "no-reply@example.cloud"
   description = "You must replace this email address with your own. The certificate provider will use this to contact you about expiring certificates, and issues related to your account."
 }
-# Deployment Details + Freeform Tags
-variable "freeform_deployment_tags" {
+# Deployment Details + Freeform Tags + Defined Tags
+variable "oci_tag_values" {
   description = "Tags to be added to the resources"
 }
 
@@ -119,7 +119,7 @@ locals {
     (var.ingress_tls && var.cert_manager_enabled) ? local.ingress_nginx_annotations_cert_manager : {}
   )
   ingress_hosts     = compact(concat(split(",", var.ingress_hosts), [local.app_nip_io_domain]))
-  app_name          = var.freeform_deployment_tags.AppName
+  app_name          = var.oci_tag_values.freeformTags.AppName
   app_name_for_dns  = substr(lower(replace(local.app_name, "/\\W|_|\\s/", "")), 0, 6)
   app_nip_io_domain = (var.ingress_nginx_enabled && var.ingress_hosts_include_nip_io) ? format("${local.app_name_for_dns}.%s.${var.nip_io_domain}", local.ingress_controller_load_balancer_ip_hex) : ""
 }
diff --git a/modules/new-subnet-from-oke-vcn/security-lists.tf b/modules/new-subnet-from-oke-vcn/security-lists.tf
@@ -6,7 +6,8 @@ resource "oci_core_security_list" "extra_subnet_security_list" {
   compartment_id = var.oke_vcn_compartment_ocid
   display_name   = "${local.subnet_name_normalized}-seclist-${local.deploy_id}"
   vcn_id         = var.oke_vcn_ocid
-  freeform_tags  = var.freeform_deployment_tags
+  freeform_tags  = var.oci_tag_values.freeformTags
+  defined_tags   = var.oci_tag_values.definedTags
 
   # Ingresses
 
diff --git a/modules/new-subnet-from-oke-vcn/subnet.tf b/modules/new-subnet-from-oke-vcn/subnet.tf
@@ -12,7 +12,8 @@ resource "oci_core_subnet" "extra_subnet" {
   route_table_id             = oci_core_route_table.extra_subnet_route_table[0].id
   dhcp_options_id            = var.oke_vcn_default_dhcp_ocid
   security_list_ids          = [oci_core_security_list.extra_subnet_security_list[0].id]
-  freeform_tags              = var.freeform_deployment_tags
+  freeform_tags              = var.oci_tag_values.freeformTags
+  defined_tags               = var.oci_tag_values.definedTags
 
   count = var.create_new_subnet ? 1 : 0
 }
@@ -21,7 +22,8 @@ resource "oci_core_route_table" "extra_subnet_route_table" {
   compartment_id = var.oke_vcn_compartment_ocid
   vcn_id         = var.oke_vcn_ocid
   display_name   = "${local.subnet_name_normalized}-route-table-${local.deploy_id}"
-  freeform_tags  = var.freeform_deployment_tags
+  freeform_tags  = var.oci_tag_values.freeformTags
+  defined_tags   = var.oci_tag_values.definedTags
 
   route_rules {
     description       = "Traffic to/from internet"
diff --git a/modules/new-subnet-from-oke-vcn/variables.tf b/modules/new-subnet-from-oke-vcn/variables.tf
@@ -40,14 +40,14 @@ variable "subnet_name" {
   description = "Subnet Name"
 }
 
-# Deployment Details + Freeform Tags
-variable "freeform_deployment_tags" {
+# Deployment Details + Freeform Tags + Defined Tags
+variable "oci_tag_values" {
   description = "Tags to be added to the resources"
 }
 
 # Subnet Name Locals
 locals {
   subnet_name_for_dns    = substr(lower(replace(var.subnet_name, "/\\W|_|\\s/", "")), 0, 6)
   subnet_name_normalized = substr(replace(lower(var.subnet_name), " ", "-"), 0, 6)
-  deploy_id              = var.freeform_deployment_tags.DeploymentID
+  deploy_id              = var.oci_tag_values.freeformTags.DeploymentID
 }
diff --git a/modules/oci-vault-kms/policies.tf b/modules/oci-vault-kms/policies.tf
@@ -73,11 +73,3 @@ locals {
     "Allow group ${var.user_admin_group_for_vault_policy} to use key-delegate in compartment id ${var.oke_cluster_compartment_ocid}"
   ]
 }
-
-# Conditional locals
-locals {
-  app_dynamic_group   = (var.use_encryption_from_oci_vault && var.create_dynamic_group_for_nodes_in_compartment) ? oci_identity_dynamic_group.app_dynamic_group.0.name : "void"
-  app_name_normalized = substr(replace(lower(var.freeform_deployment_tags.AppName), " ", "-"), 0, 6)
-  app_name            = var.freeform_deployment_tags.AppName
-  deploy_id           = var.freeform_deployment_tags.DeploymentID
-}
diff --git a/modules/oci-vault-kms/variables.tf b/modules/oci-vault-kms/variables.tf
@@ -17,7 +17,7 @@ variable "existent_encryption_key_id" {
 }
 
 # Deployment Details + Freeform Tags
-variable "freeform_deployment_tags" {
+variable "oci_tag_values" {
   description = "Tags to be added to the resources"
 }
 
@@ -48,3 +48,11 @@ variable "create_compartment_policies" {
 
 # OCI Provider
 variable "tenancy_ocid" {}
+
+# Conditional locals
+locals {
+  app_dynamic_group   = (var.use_encryption_from_oci_vault && var.create_dynamic_group_for_nodes_in_compartment) ? oci_identity_dynamic_group.app_dynamic_group.0.name : "void"
+  app_name_normalized = substr(replace(lower(var.oci_tag_values.freeformTags.AppName), " ", "-"), 0, 6)
+  app_name            = var.oci_tag_values.freeformTags.AppName
+  deploy_id           = var.oci_tag_values.freeformTags.DeploymentID
+}
diff --git a/modules/oke-node-pool/main.tf b/modules/oke-node-pool/main.tf
@@ -9,7 +9,8 @@ resource "oci_containerengine_node_pool" "oke_node_pool" {
   name               = var.node_pool_name
   node_shape         = var.node_pool_shape
   ssh_public_key     = var.public_ssh_key
-  freeform_tags      = var.node_pools_freeform_deployment_tags
+  freeform_tags      = var.node_pools_tags.freeformTags
+  defined_tags       = var.node_pools_tags.definedTags
 
   node_config_details {
     dynamic "placement_configs" {
@@ -26,7 +27,8 @@ resource "oci_containerengine_node_pool" "oke_node_pool" {
     # nsg_ids       = []
     size          = var.node_pool_min_nodes
     kms_key_id    = var.oci_vault_key_id_oke_node_boot_volume != "" ? var.oci_vault_key_id_oke_node_boot_volume : null
-    freeform_tags = var.worker_nodes_freeform_deployment_tags
+    freeform_tags = var.worker_nodes_tags.freeformTags
+    defined_tags  = var.worker_nodes_tags.definedTags
   }
 
   dynamic "node_shape_config" {
diff --git a/modules/oke-node-pool/variables.tf b/modules/oke-node-pool/variables.tf
@@ -85,13 +85,13 @@ variable "tenancy_ocid" {}
 
 # App Name Locals
 locals {
-  app_name_normalized = substr(replace(lower(var.node_pools_freeform_deployment_tags.AppName), " ", "-"), 0, 6)
+  app_name_normalized = substr(replace(lower(var.node_pools_tags.freeformTags.AppName), " ", "-"), 0, 6)
 }
 
 # Deployment Details + Freeform Tags
-variable "node_pools_freeform_deployment_tags" {
+variable "node_pools_tags" {
   description = "Tags to be added to the node pools resources"
 }
-variable "worker_nodes_freeform_deployment_tags" {
+variable "worker_nodes_tags" {
   description = "Tags to be added to the worker nodes resources"
 }
diff --git a/modules/oke/main.tf b/modules/oke/main.tf
@@ -8,7 +8,8 @@ resource "oci_containerengine_cluster" "oke_cluster" {
   name               = "${local.app_name} (${local.deploy_id})"
   vcn_id             = oci_core_virtual_network.oke_vcn[0].id
   kms_key_id         = var.oci_vault_key_id_oke_secrets != "" ? var.oci_vault_key_id_oke_secrets : null
-  freeform_tags      = var.cluster_freeform_deployment_tags
+  freeform_tags      = var.cluster_tags.freeformTags
+  defined_tags       = var.cluster_tags.definedTags
 
   endpoint_config {
     is_public_ip_enabled = (var.cluster_endpoint_visibility == "Private") ? false : true
@@ -29,10 +30,12 @@ resource "oci_containerengine_cluster" "oke_cluster" {
       pods_cidr     = lookup(var.network_cidrs, "PODS-CIDR")
     }
     persistent_volume_config {
-      freeform_tags = var.block_volumes_freeform_deployment_tags
+      freeform_tags = var.block_volumes_tags.freeformTags
+      defined_tags  = var.block_volumes_tags.definedTags
     }
     service_lb_config {
-      freeform_tags = var.load_balancers_freeform_deployment_tags
+      freeform_tags = var.load_balancers_tags.freeformTags
+      defined_tags  = var.load_balancers_tags.definedTags
     }
   }
   image_policy_config {
@@ -48,72 +51,6 @@ resource "oci_containerengine_cluster" "oke_cluster" {
   count = var.create_new_oke_cluster ? 1 : 0
 }
 
-# resource "oci_containerengine_node_pool" "oke_node_pool" {
-#   cluster_id         = oci_containerengine_cluster.oke_cluster[0].id
-#   compartment_id     = local.oke_compartment_ocid
-#   kubernetes_version = (var.k8s_version == "Latest") ? local.node_pool_k8s_latest_version : var.k8s_version
-#   name               = var.node_pool_name
-#   node_shape         = var.node_pool_shape
-#   ssh_public_key     = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.public_key_openssh : var.public_ssh_key
-#   freeform_tags      = local.freeform_deployment_tags
-
-#   node_config_details {
-#     dynamic "placement_configs" {
-#       for_each = data.oci_identity_availability_domains.ADs.availability_domains
-
-#       content {
-#         availability_domain = placement_configs.value.name
-#         subnet_id           = oci_core_subnet.oke_nodes_subnet[0].id
-#       }
-#     }
-#     node_pool_pod_network_option_details {
-#       cni_type = "FLANNEL_OVERLAY"
-#     }
-#     # nsg_ids       = []
-#     size          = var.num_pool_workers
-#     kms_key_id    = var.use_encryption_from_oci_vault ? (var.create_new_encryption_key ? oci_kms_key.oke_key[0].id : var.existent_encryption_key_id) : null
-#     freeform_tags = local.freeform_deployment_tags
-#   }
-
-#   dynamic "node_shape_config" {
-#     for_each = local.is_flexible_node_shape ? [1] : []
-#     content {
-#       ocpus         = var.node_pool_node_shape_config_ocpus
-#       memory_in_gbs = var.node_pool_node_shape_config_memory_in_gbs
-#     }
-#   }
-
-#   node_source_details {
-#     source_type             = "IMAGE"
-#     image_id                = lookup(data.oci_core_images.node_pool_images.images[0], "id")
-#     boot_volume_size_in_gbs = var.node_pool_boot_volume_size_in_gbs
-#   }
-#   # node_eviction_node_pool_settings {
-#   #   eviction_grace_duration              = "PT1H"
-#   #   is_force_delete_after_grace_duration = false
-#   # }
-#   # node_metadata = {}
-
-#   initial_node_labels {
-#     key   = "name"
-#     value = var.node_pool_name
-#   }
-
-#   count = var.create_new_oke_cluster ? 1 : 0
-# }
-
-# resource "oci_identity_compartment" "oke_compartment" {
-#   compartment_id = var.compartment_ocid
-#   name           = "${local.app_name_normalized}-${random_string.deploy_id.result}"
-#   description    = "${var.app_name} ${var.oke_compartment_description} (Deployment ${random_string.deploy_id.result})"
-#   enable_delete  = true
-
-#   count = var.create_new_compartment_for_oke ? 1 : 0
-# }
-# locals {
-#   oke_compartment_ocid = var.create_new_compartment_for_oke ? oci_identity_compartment.oke_compartment.0.id : var.compartment_ocid
-# }
-
 # Local kubeconfig for when using Terraform locally. Not used by Oracle Resource Manager
 resource "local_file" "oke_kubeconfig" {
   content  = data.oci_containerengine_cluster_kube_config.oke.content
diff --git a/modules/oke/network.tf b/modules/oke/network.tf
diff --git a/modules/oke/oke-orm-private-endpoint.tf b/modules/oke/oke-orm-private-endpoint.tf
diff --git a/modules/oke/security-lists.tf b/modules/oke/security-lists.tf
diff --git a/modules/oke/variables.tf b/modules/oke/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -199,7 +199,7 @@ resource "kubernetes_ingress_v1" "grafana" {`
`199`	`199`
`200`	`200`	`tls {`
`201`	`201`	`secret_name = "grafana-${var.ingress_cluster_issuer}-tls"`
`202`		`- hosts = local.ingress_hosts`
	`202`	`+ hosts = local.ingress_hosts`
`203`	`203`	`}`
`204`	`204`	`}`
`205`	`205`	`depends_on = [helm_release.ingress_nginx, helm_release.grafana]`
Original file line number	Diff line number	Diff line change
`@@ -46,8 +46,8 @@ variable "ingress_email_issuer" {`
`46`	`46`	`default = "no-reply@example.cloud"`
`47`	`47`	`description = "You must replace this email address with your own. The certificate provider will use this to contact you about expiring certificates, and issues related to your account."`
`48`	`48`	`}`
`49`		`-# Deployment Details + Freeform Tags`
`50`		`-variable "freeform_deployment_tags" {`
	`49`	`+# Deployment Details + Freeform Tags + Defined Tags`
	`50`	`+variable "oci_tag_values" {`
`51`	`51`	`description = "Tags to be added to the resources"`
`52`	`52`	`}`
`53`	`53`
`@@ -119,7 +119,7 @@ locals {`
`119`	`119`	`(var.ingress_tls && var.cert_manager_enabled) ? local.ingress_nginx_annotations_cert_manager : {}`
`120`	`120`	`)`
`121`	`121`	`ingress_hosts = compact(concat(split(",", var.ingress_hosts), [local.app_nip_io_domain]))`
`122`		`- app_name = var.freeform_deployment_tags.AppName`
	`122`	`+ app_name = var.oci_tag_values.freeformTags.AppName`
`123`	`123`	`app_name_for_dns = substr(lower(replace(local.app_name, "/\\W\|_\|\\s/", "")), 0, 6)`
`124`	`124`	`app_nip_io_domain = (var.ingress_nginx_enabled && var.ingress_hosts_include_nip_io) ? format("${local.app_name_for_dns}.%s.${var.nip_io_domain}", local.ingress_controller_load_balancer_ip_hex) : ""`
`125`	`125`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,14 +40,14 @@ variable "subnet_name" {`
`40`	`40`	`description = "Subnet Name"`
`41`	`41`	`}`
`42`	`42`
`43`		`-# Deployment Details + Freeform Tags`
`44`		`-variable "freeform_deployment_tags" {`
	`43`	`+# Deployment Details + Freeform Tags + Defined Tags`
	`44`	`+variable "oci_tag_values" {`
`45`	`45`	`description = "Tags to be added to the resources"`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`# Subnet Name Locals`
`49`	`49`	`locals {`
`50`	`50`	`subnet_name_for_dns = substr(lower(replace(var.subnet_name, "/\\W\|_\|\\s/", "")), 0, 6)`
`51`	`51`	`subnet_name_normalized = substr(replace(lower(var.subnet_name), " ", "-"), 0, 6)`
`52`		`- deploy_id = var.freeform_deployment_tags.DeploymentID`
	`52`	`+ deploy_id = var.oci_tag_values.freeformTags.DeploymentID`
`53`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -73,11 +73,3 @@ locals {`
`73`	`73`	`"Allow group ${var.user_admin_group_for_vault_policy} to use key-delegate in compartment id ${var.oke_cluster_compartment_ocid}"`
`74`	`74`	`]`
`75`	`75`	`}`
`76`		`-`
`77`		`-# Conditional locals`
`78`		`-locals {`
`79`		`- app_dynamic_group = (var.use_encryption_from_oci_vault && var.create_dynamic_group_for_nodes_in_compartment) ? oci_identity_dynamic_group.app_dynamic_group.0.name : "void"`
`80`		`- app_name_normalized = substr(replace(lower(var.freeform_deployment_tags.AppName), " ", "-"), 0, 6)`
`81`		`- app_name = var.freeform_deployment_tags.AppName`
`82`		`- deploy_id = var.freeform_deployment_tags.DeploymentID`
`83`		`-}`