feat: added access tag support (#166)

Author: MatthewLemmond

README.md

@@ -36,6 +36,12 @@ You need the following permissions to run this module.
     - **Databases for PostgreSQL** service
         - `Editor` role access
 
+To attach access management tags to resources in this module, you need the following permissions.
+
+- IAM Services
+    - **Tagging** service
+        - `Administrator` platform access
+
 <!-- BEGIN EXAMPLES HOOK -->
 ## Examples
 
@@ -66,11 +72,13 @@ You need the following permissions to run this module.
 | [ibm_database.postgresql_db](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database) | resource |
 | [ibm_iam_authorization_policy.kms_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
 | [ibm_resource_key.service_credentials](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_key) | resource |
+| [ibm_resource_tag.postgresql_tag](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_tag) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the PostgreSQL instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | `list(string)` | `[]` | no |
 | <a name="input_auto_scaling"></a> [auto\_scaling](#input\_auto\_scaling) | Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. See https://ibm.biz/autoscaling-considerations in the IBM Cloud Docs. | <pre>object({<br>    disk = object({<br>      capacity_enabled             = optional(bool, false)<br>      free_space_less_than_percent = optional(number, 10)<br>      io_above_percent             = optional(number, 90)<br>      io_enabled                   = optional(bool, false)<br>      io_over_period               = optional(string, "15m")<br>      rate_increase_percent        = optional(number, 10)<br>      rate_limit_mb_per_member     = optional(number, 3670016)<br>      rate_period_seconds          = optional(number, 900)<br>      rate_units                   = optional(string, "mb")<br>    })<br>    memory = object({<br>      io_above_percent         = optional(number, 90)<br>      io_enabled               = optional(bool, false)<br>      io_over_period           = optional(string, "15m")<br>      rate_increase_percent    = optional(number, 10)<br>      rate_limit_mb_per_member = optional(number, 114688)<br>      rate_period_seconds      = optional(number, 900)<br>      rate_units               = optional(string, "mb")<br>    })<br>  })</pre> | `null` | no |
 | <a name="input_backup_crn"></a> [backup\_crn](#input\_backup\_crn) | The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<…>:backup:. If omitted, the database is provisioned empty. | `string` | `null` | no |
 | <a name="input_backup_encryption_key_crn"></a> [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn) | The CRN of a Key Protect key that you want to use for encrypting the disk that holds deployment backups. Only used if var.kms\_encryption\_enabled is set to true. BYOK for backups is available only in US regions us-south and us-east, and in eu-de. Only keys in the us-south and eu-de are durable to region failures. To ensure that your backups are available even if a region failure occurs, use a key from us-south or eu-de. Hyper Protect Crypto Services for IBM Cloud Databases backups is not currently supported. If no value is passed here, the value passed for the 'kms\_key\_crn' variable is used. And if a HPCS value is passed for var.kms\_key\_crn, the database backup encryption uses the default encryption keys. | `string` | `null` | no |

examples/backup/main.tf

@@ -17,6 +17,7 @@ module "postgresql_db" {
   pg_version        = var.pg_version
   region            = var.region
   resource_tags     = var.resource_tags
+  access_tags       = var.access_tags
 }
 
 data "ibm_database_backups" "backup_database" {
@@ -32,5 +33,6 @@ module "restored_postgresql_db" {
   pg_version        = var.pg_version
   region            = var.region
   resource_tags     = var.resource_tags
+  access_tags       = var.access_tags
   backup_crn        = var.postgresql_db_backup_crn == null ? data.ibm_database_backups.backup_database[0].backups[0].backup_id : var.postgresql_db_backup_crn
 }

examples/backup/variables.tf

@@ -34,6 +34,12 @@ variable "resource_tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the PostgreSQL instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
 variable "postgresql_db_backup_crn" {
   type        = string
   description = "The existing CRN of a backup resource to restore from. If null then it will create a new instance first and then create another instance pointing to the backup of the first instance."

examples/basic/main.tf

@@ -20,6 +20,7 @@ module "postgresql_db" {
   pg_version        = var.pg_version
   region            = var.region
   resource_tags     = var.resource_tags
+  access_tags       = var.access_tags
 }
 
 ##############################################################################
@@ -33,6 +34,7 @@ module "read_only_replica_postgresql_db" {
   name              = "${var.prefix}-read-only-replica-${count.index}"
   region            = var.region
   resource_tags     = var.resource_tags
+  access_tags       = var.access_tags
   pg_version        = var.pg_version
   remote_leader_crn = module.postgresql_db.crn
   member_memory_mb  = 2304  # Must be an increment of 384 megabytes. The minimum size of a read-only replica is 2 GB RAM

examples/basic/variables.tf

@@ -34,6 +34,12 @@ variable "resource_tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the PostgreSQL instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
 variable "read_only_replicas_count" {
   type        = number
   description = "Number of read-only replicas per leader"

examples/complete/main.tf

@@ -77,6 +77,7 @@ module "postgresql_db" {
   existing_kms_instance_guid = module.key_protect_all_inclusive.key_protect_guid
   resource_tags              = var.resource_tags
   service_credential_names   = var.service_credential_names
+  access_tags                = var.access_tags
   cbr_rules = [
     {
       description      = "${var.prefix}-postgres access only from vpc"

examples/complete/variables.tf

@@ -28,6 +28,12 @@ variable "resource_tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the PostgreSQL instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
 variable "pg_version" {
   description = "Version of the PostgreSQL instance. If no value is passed, the current preferred version of IBM Cloud Databases is used."
   type        = string

examples/fscloud/main.tf

@@ -61,6 +61,7 @@ module "postgresql_db" {
   existing_kms_instance_guid = var.existing_kms_instance_guid
   resource_tags              = var.resource_tags
   service_credential_names   = var.service_credential_names
+  access_tags                = var.access_tags
   auto_scaling               = var.auto_scaling
   cbr_rules = [
     {

examples/fscloud/variables.tf

@@ -28,6 +28,12 @@ variable "resource_tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the PostgreSQL instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
 variable "pg_version" {
   description = "Version of the PostgreSQL instance. If no value is passed, the current preferred version of IBM Cloud Databases is used."
   type        = string

examples/pitr/main.tf

@@ -20,6 +20,7 @@ module "postgresql_db_pitr" {
   name              = "${var.prefix}-postgres-pitr"
   region            = var.region
   resource_tags     = var.resource_tags
+  access_tags       = var.access_tags
   member_memory_mb  = 3072
   member_disk_mb    = 15360
   member_cpu_count  = 9