Add support for provider tags/tags ignore

pneigel-ca commented 11 months ago

Community Guidelines

[X] I have read and agree to the HashiCorp Community Guidelines .
[X] Vote on this issue by adding a 👍 reaction to the original issue initial description to help the maintainers prioritize.
[X] Do not leave "+1" or other comments that do not add relevant information or questions.
[ ] If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

Tagging resources is a great way to organize and catalog infrastructure. Making tagging easier in Terraform providers can result in more adoption and simplified code. Defining the tags in each resource can be tedious and more effort to maintain, especially across more complex use cases like many resources, modules, or by implementing a common reference using locals/functions.

Today, if we would like to ignore tags, the only feasible way is to set an ignore_changes lifecycle block within the resource:

resource "vsphere_virtual_machine" "web" {
    # ... VM Configuration

    lifecycle {
        ignore_changes = [ tags ]
    }
    tags = [ vshpere_tag.tag.id ]
}

Without the provider or resource supporting a configuration that allows us to ignore certain tags, it seems the only option is to ignore tags on the entire attribute. This can cause problems if changes to tag provided in Terraform are needed.

Use Case(s)

Within my organization, we scan for a tag seeded by infrastructure as code to add and maintain additional tags from an external source. This keeps the infrastructure as code simple, and doesn't require complex modules or implementation to deploy multiple tags/maintain them.

For example, our automation looks for a single tag with a key "MyOrg:ID". The value, let's say "1234", is then referenced by the automation which applies and maintains additional tags with key "MyOrg:Catalog:*", based on metadata belonging to or related to "1234".

This model offers a low-cost to implement for infrastructure owners, and allows for automation external from the Terraform resources to keep the tags up to date when things are changed in the external source, like metadata, such as team ownership or other business information. This is a pattern I have also seen within AWS.

Potential Terraform Provider Configuration

Inspired completely by the hashicorp AWS provider, I believe support for tags and ignore tag prefixes in the provider would provide a lot of value to users who want to apply the same tags across all resources in a configuration set, or anyone who maintains their tags with a combination of infrastructure as code and other means.

Here is an example similar to the AWS provider:

provider "vsphere" {
  user                 = var.vsphere_username
  password             = var.vsphere_password
  vsphere_server       = var.vsphere_url
  default_tags {
    tags = {
      "MyOrg:ID" = var.workload_id
    }
  }
  ignore_tags {
    key_prefixes = ["MyOrg:catalog"]
  }
}

This would also be possible within each resource, if there is a challenge or unique requirement(s) that prevent(s) this from being implemented at the provider level:

resource "vsphere_virtual_machine" "web" {
    # ... VM Configuration

    ignore_external_tags = true
    tags                 = [ vshpere_tag.tag.id ]
}

Alternative:

resource "vsphere_virtual_machine" "web" {
    # ... VM Configuration

    tag_ignore_prefix = "MyOrg:catalog"
    tags              = [ vshpere_tag.tag.id ]
}

References

AWS provider documentation: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#argument-reference

github-actions[bot] commented 11 months ago

Hello, pneigel-ca! 🖐

Thank you for submitting an issue for this provider. The issue will now enter into the issue lifecycle.

If you want to contribute to this project, please review the contributing guidelines and information on submitting pull requests.

github-actions[bot] commented 5 months ago

Marking this issue as stale due to inactivity in the past 180 days. This helps us focus on the active issues. If this issue is reproducible with the latest version of the provider, please comment. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

pneigel-ca commented 5 months ago

Still needed on the latest v2.7.0

philiphope commented 4 months ago

Very much needed

hashicorp / terraform-provider-vsphere