search

GoogleCloudPlatform / pubsec-declarative-toolkit

The GCP PubSec Declarative Toolkit is a collection of declarative solutions to help you on your Journey to Google Cloud. Solutions are designed using Config Connector and deployed using Config Controller.
Apache License 2.0
31 stars 28 forks source link

Add additional inheritable key/value tags for resource querying automation #729

Open obriensystems opened 11 months ago

obriensystems commented 11 months ago

see

https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/wiki/Onboarding#resource-manager-tags Shadow https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/341 Add optional FinOps billing

Select for tags (inherit at the folder level)

Tags for hierarchical tree based inheritance - with policy filtering https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing

reference

Tagging walkthrough

IAM permissions

Prototyping gcloud

Create tag key - at the org or project level

https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing#creating_tag

At the org level

Screenshot 2023-11-24 at 11 14 26 
michael@cloudshell:~ (bigquery-ol)$ export TAG_NAME=environment
michael@cloudshell:~ (bigquery-ol)$ export RESOURCE_ID=organizations/$ORGANIZATION_ID
michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags keys create $TAG_NAME --parent=$RESOURCE_ID
Waiting for TagKey [environment] to be created...done.                                                                              
createTime: '2023-11-24T16:21:06.833463Z'
etag: Bw+agEibA3OLrqEOTDRSag==
name: tagKeys/281477004159305
namespacedName: 583..68/environment
parent: organizations/5..8
shortName: environment
updateTime: '2023-11-24T16:21:06.833463Z'

View key

michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags keys describe tagKeys/281477004159305

Create tag value

michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags values create development  --parent=583...868/environment
Waiting for TagValue [development] to be created...done.                                                                            
createTime: '2023-11-24T16:24:27.774244Z'
etag: OsmovPw5O03VOqypXAC4FQ==
name: tagValues/281...818
namespacedName: 58...868/environment/development
parent: tagKeys/28147...305
shortName: development
updateTime: '2023-11-24T16:24:27.774244Z'

michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags values describe tagValues/281476455852818

Attach tag k/v pair to the org, folder or project level

https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing#attaching

michael@cloudshell:~ (bigquery-ol)$ export TAG_RESOURCE_ID=//cloudresourcemanager.googleapis.com/folders/354005104432
michael@cloudshell:~ (bigquery-ol)$ export TAGVALUE_NAME=tagValues/281476455852818
michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags bindings create --tag-value=$TAGVALUE_NAME --parent=$TAG_RESOURCE_IDdone: true
response:
  '@type': type.googleapis.com/google.cloud.resourcemanager.v3.TagBinding
  name: tagBindings/%2F%2Fcloudresourcemanager.googleapis.com%2Ffolders%2F354005104432/tagValues/281476455852818
  parent: //cloudresourcemanager.googleapis.com/folders/354005104432
  tagValue: tagValues/281476455852818
  tagValueNamespacedName: 583..68/environment/development

listing
michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags bindings list --parent=$TAG_RESOURCE_ID 
---
name: tagBindings/%2F%2Fcloudresourcemanager.googleapis.com%2Ffolders%2F354005104432/tagValues/281476455852818
parent: //cloudresourcemanager.googleapis.com/folders/354005104432
tagValue: tagValues/281476455852818

Viewing - org level

Screenshot 2023-11-24 at 11 34 59

values

Screenshot 2023-11-24 at 11 35 52
obriensystems commented 8 months ago

see https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/wiki/Onboarding#resource-manager-tags