[resource-tagging] Add tags or labels to all resource created with shared modules

Author: jwbron

terraform/modules/cloud-build-docker/README.md

@@ -177,6 +177,9 @@ your-app-repo/
 └── README.md
 ```
 
+
+
+
 ## Prerequisites
 
 ### GCP Setup

terraform/modules/cloud-build-docker/variables.tf

@@ -39,3 +39,4 @@ variable "base_digest" {
   type        = string
   default     = "latest"
 }
+

terraform/modules/github-ci-bootstrap/README.md

@@ -191,6 +191,8 @@ jobs:
         uses: google-github-actions/setup-gcloud@v2
 ```
 
+
+
 ## Security Features
 
 - **No Service Account Keys**: Uses Workload Identity Federation for keyless auth

terraform/modules/github-ci-bootstrap/variables.tf

@@ -57,4 +57,5 @@ variable "secret_ids" {
   description = "List of secret IDs that the Terraform configuration needs access to"
   type        = list(string)
   default     = []
-} 
+}
+

terraform/modules/scheduled-job/README.md

@@ -230,6 +230,7 @@ module "data_processor" {
 - `timeout_seconds` - Timeout for functions (60)
 - `environment_variables` - Environment vars ({})
 - `secrets` - Secret Manager secrets ([])
+- `tags` - A map of tags to assign to all resources ({})
 
 ### Cloud Run Job specific (when `execution_type = "job"`)
 - `job_cpu` - CPU allocation (e.g., "1000m", "2") ("1000m")
@@ -389,6 +390,43 @@ Or use Cloud Build directly:
 gcloud builds submit --tag gcr.io/YOUR_PROJECT_ID/YOUR_JOB_NAME:latest ./jobs/your-job
 ```
 
+## Resource Tagging
+
+All resources created by this module are automatically tagged with common metadata:
+
+### Automatic Tags
+- `module` - Set to "scheduled-job"
+- `job_name` - The name of your function/job
+- `execution_type` - Either "function" or "job"
+
+### Custom Tags
+You can add custom tags using the `tags` variable:
+
+```hcl
+module "my_function" {
+  source = "git::https://github.com/Khan/terraform-modules.git//terraform/modules/scheduled-job?ref=v1.0.0"
+  
+  job_name = "my-function"
+  # ... other configuration
+  
+  tags = {
+    "environment" = "production"
+    "team"        = "data-engineering"
+    "cost-center" = "infrastructure"
+    "owner"       = "data-team"
+  }
+}
+```
+
+### Supported Resources
+The following resources support tagging/labeling:
+- **Storage Buckets** - Labels applied
+- **Storage Objects** - Metadata applied
+- **PubSub Topics** - Labels applied
+- **Cloud Scheduler Jobs** - Labels applied
+- **Cloud Functions** - Labels applied
+- **Cloud Run Jobs** - Labels applied
+
 ## Common Cron Patterns
 
 | Schedule | Description |

terraform/modules/scheduled-job/examples/simple-function/main.tf

@@ -48,6 +48,13 @@ module "daily_health_check" {
       version      = "latest"
     }
   ]
+
+  tags = {
+    environment = "example"
+    team        = "platform"
+    cost-center = "infrastructure"
+    owner       = "platform-team"
+  }
 }
 
 # Output the function details

terraform/modules/scheduled-job/examples/simple-job/main.tf

@@ -32,6 +32,13 @@ module "daily_data_processor_image" {
   context_path     = "./job-code"
   project_id       = var.project_id
   image_tag_suffix = "latest"
+
+  tags = {
+    environment = "example"
+    team        = "data-engineering"
+    cost-center = "infrastructure"
+    owner       = "data-team"
+  }
 }
 
 # Simple daily job example
@@ -69,6 +76,13 @@ module "daily_data_processor" {
       version      = "latest"
     }
   ]
+
+  tags = {
+    environment = "example"
+    team        = "data-engineering"
+    cost-center = "infrastructure"
+    owner       = "data-team"
+  }
 }
 
 # Output the job details

terraform/modules/scheduled-job/main.tf

@@ -17,6 +17,15 @@ terraform {
   }
 }
 
+# Common tags for all resources
+locals {
+  common_tags = merge(var.tags, {
+    "module"         = "scheduled-job"
+    "job_name"       = var.job_name
+    "execution_type" = var.execution_type
+  })
+}
+
 # Service account for the Cloud Function/Job
 resource "google_service_account" "function_sa" {
   project      = var.project_id
@@ -34,6 +43,8 @@ resource "google_storage_bucket" "function_bucket" {
   location                    = var.region
   uniform_bucket_level_access = true
   force_destroy               = true
+
+  labels = local.common_tags
 }
 
 # Create function source archive (only for Cloud Functions)
@@ -57,6 +68,8 @@ resource "google_storage_bucket_object" "function_archive" {
   name   = "${var.job_name}-function-${data.archive_file.function_archive[0].output_sha}.zip"
   bucket = google_storage_bucket.function_bucket[0].name
   source = data.archive_file.function_archive[0].output_path
+
+  metadata = local.common_tags
 }
 
 # PubSub topic for triggering the Cloud Function (only created when execution_type is "function")
@@ -65,6 +78,8 @@ resource "google_pubsub_topic" "function_topic" {
 
   project = var.project_id
   name    = "${var.job_name}-topic"
+
+  labels = local.common_tags
 }
 
 # Cloud Scheduler job for Cloud Function (only created when execution_type is "function")
@@ -81,6 +96,8 @@ resource "google_cloud_scheduler_job" "function_scheduler" {
     topic_name = google_pubsub_topic.function_topic[0].id
     data       = base64encode("{}")
   }
+
+  labels = local.common_tags
 }
 
 # Secret Manager IAM bindings for each secret
@@ -104,6 +121,8 @@ resource "google_cloudfunctions2_function" "function" {
   description = var.description
   location    = var.region
 
+  labels = local.common_tags
+
   build_config {
     runtime     = var.runtime
     entry_point = var.entry_point
@@ -160,6 +179,8 @@ resource "google_cloud_run_v2_job" "job" {
   name     = var.job_name
   location = var.region
 
+  labels = local.common_tags
+
   template {
     task_count  = var.job_task_count
     parallelism = var.job_parallelism
@@ -232,4 +253,6 @@ resource "google_cloud_scheduler_job" "job_scheduler" {
       service_account_email = google_service_account.function_sa.email
     }
   }
+
+  labels = local.common_tags
 } 

terraform/modules/scheduled-job/variables.tf

@@ -194,3 +194,9 @@ variable "job_image" {
   type        = string
 }
 
+variable "tags" {
+  description = "A map of tags to assign to all resources created by this module"
+  type        = map(string)
+  default     = {}
+}
+