Enabled support for custom tags across all solutions

Author: chkp-natanelm

modules/common/main.tf

@@ -1,5 +1,6 @@
 resource "azurerm_resource_group" "resource_group" {
   name = var.resource_group_name
   location = var.location
+  tags = var.tags
 }
 

modules/common/variables.tf

@@ -37,8 +37,8 @@ variable "maintenance_mode_password_hash" {
 }
 
 variable "tags" {
-  type        = map(string)
-  description = "A map of the tags to use on the resources that are deployed with this module."
+  description = "Tags to be associated with the resource group."
+  type = map(string)
   default = {}
 }
 

modules/high_availability_existing_vnet/README.md

@@ -23,7 +23,7 @@ provider "azurerm" {
 module "example_module" {
 
         source  = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_existing_vnet"
-        version = "1.0.5"
+        version = "1.0.6"
 
         tenant_id                       = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
         source_image_vhd_uri            = "noCustomUri"
@@ -128,3 +128,4 @@ module "example_module" {
 | **storage_account_additional_ips**    | IPs/CIDRs that are allowed access to the Storage Account                                                                                                          | list(string)   | A list of valid IPs and CIDRs<br />**Default:**  []                                                                                                                                                            |
 | **security_rules**                    | Security rules for the Network Security Group                                                                                                                   | list(any)      | A security rule composed of: {name, priority, direction, access, protocol, source_port_ranges, destination_port_ranges, source_address_prefix, destination_address_prefix, description}<br />**Default:**  []  |
 | **admin_SSH_key**                     | The SSH public key for SSH connections to the instance. Used when the authentication_type is 'SSH Public Key'                                                    | string         | **Default:**  ""                                                                                                                                                                                                                                      |
+| **tags** | Tags can be associated either globally across all resources or scoped to specific resource types. For example, a global tag can be defined as: {"all": {"example": "example"}}.<br/>Supported resource types for tag assignment include:<br>`all` (Applies tags universally to all resource instances)<br/>`resource-group`<br/>`network-interface`<br/>`public-ip`<br/>`public-ip-prefix`<br/>`load-balancer`<br/>`storage-account`<br/>`virtual-machine`<br/>`custom-image`<br/>`availability-set`<br/>**Important:** When identical tag keys are defined both globally under `all` and within a specific resource scope, the tag value specified under `all` overrides the resource-specific tag. | map(map(string)) | {} |

modules/high_availability_existing_vnet/locals.tf

@@ -1,4 +1,4 @@
 locals {
   module_name = "ha_terraform"
-  module_version = "1.0.5"
+  module_version = "1.0.6"
 }

modules/high_availability_existing_vnet/main.tf

@@ -19,6 +19,7 @@ module "common" {
   serial_console_password_hash = var.serial_console_password_hash
   maintenance_mode_password_hash = var.maintenance_mode_password_hash
   storage_account_additional_ips = var.storage_account_additional_ips
+  tags = merge(lookup(var.tags, "resource-group", {}), lookup(var.tags, "all", {}))
 }
 
 //********************** Networking **************************//
@@ -35,6 +36,7 @@ resource "azurerm_public_ip_prefix" "public_ip_prefix" {
   location = module.common.resource_group_location
   resource_group_name = module.common.resource_group_name
   prefix_length = 30
+  tags = merge(lookup(var.tags, "public-ip-prefix", {}), lookup(var.tags, "all", {}))
 }
 
 data "azurerm_subnet" "frontend" {
@@ -58,6 +60,7 @@ resource "azurerm_public_ip" "public-ip" {
   sku = var.sku
   domain_name_label = "${lower(var.cluster_name)}-${count.index+1}-${random_id.random_id.hex}"
   public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+  tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_public_ip" "cluster-vip" {
@@ -68,6 +71,7 @@ resource "azurerm_public_ip" "cluster-vip" {
   sku = var.sku
   domain_name_label = "${lower(var.cluster_name)}-vip-${random_id.random_id.hex}"
   public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+  tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_network_interface" "nic_vip" {
@@ -103,6 +107,8 @@ resource "azurerm_network_interface" "nic_vip" {
       ip_configuration
     ]
   }
+
+  tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_network_interface_backend_address_pool_association" "nic_vip_lb_association" {
@@ -137,6 +143,8 @@ resource "azurerm_network_interface" "nic" {
       ip_configuration
     ]
   }
+
+  tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_network_interface_backend_address_pool_association" "nic_lb_association" {
@@ -162,6 +170,8 @@ resource "azurerm_network_interface" "nic1" {
     private_ip_address_allocation = var.vnet_allocation_method
     private_ip_address = cidrhost(data.azurerm_subnet.backend.address_prefixes[0], var.backend_IP_addresses[count.index+1])
   }
+
+  tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_network_interface_backend_address_pool_association" "nic1_lb_association" {
@@ -181,6 +191,7 @@ resource "azurerm_public_ip" "public-ip-lb" {
   sku = var.sku
   domain_name_label = "${lower(var.cluster_name)}-${random_id.random_id.hex}"
   public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+  tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_lb" "frontend-lb" {
@@ -195,6 +206,8 @@ resource "azurerm_lb" "frontend-lb" {
     name = "LoadBalancerFrontend"
     public_ip_address_id = azurerm_public_ip.public-ip-lb.id
   }
+
+  tags = merge(lookup(var.tags, "load-balancer", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_lb_backend_address_pool" "frontend-lb-pool" {
@@ -213,6 +226,8 @@ resource "azurerm_lb" "backend-lb" {
     private_ip_address_allocation = var.vnet_allocation_method
     private_ip_address = cidrhost(data.azurerm_subnet.backend.address_prefixes[0], var.backend_IP_addresses[0])
   }
+
+  tags = merge(lookup(var.tags, "load-balancer", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_lb_backend_address_pool" "backend-lb-pool" {
@@ -256,6 +271,7 @@ resource "azurerm_availability_set" "availability-set" {
   platform_fault_domain_count = 2
   platform_update_domain_count = 5
   managed = true
+  tags = merge(lookup(var.tags, "availability-set", {}), lookup(var.tags, "all", {}))
 }
 
 //********************** Storage accounts **************************//
@@ -283,6 +299,7 @@ resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
       days = "15"
     }
   }
+  tags = merge(lookup(var.tags, "storage-account", {}), lookup(var.tags, "all", {}))
 }
 
 //********************** Virtual Machines **************************//
@@ -301,6 +318,8 @@ resource "azurerm_image" "custom-image" {
     os_state = "Generalized"
     blob_uri = var.source_image_vhd_uri
   }
+
+  tags = merge(lookup(var.tags, "custom-image", {}), lookup(var.tags, "all", {}))
 }
 resource "azurerm_virtual_machine" "vm-instance-availability-set" {
   depends_on = [
@@ -393,6 +412,8 @@ resource "azurerm_virtual_machine" "vm-instance-availability-set" {
     enabled = module.common.boot_diagnostics
     storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
   }
+
+  tags = merge(lookup(var.tags, "virtual-machine", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
@@ -487,6 +508,8 @@ resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
     enabled = module.common.boot_diagnostics
     storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
   }
+
+  tags = merge(lookup(var.tags, "virtual-machine", {}), lookup(var.tags, "all", {}))
 }
 //********************** Role Assigments **************************//
 data "azurerm_role_definition" "virtual_machine_contributor_role_definition" {

modules/high_availability_existing_vnet/variables.tf

@@ -322,3 +322,8 @@ variable "security_rules" {
   default = []
 }
 
+variable "tags" {
+  description = "Assign tags by resource."
+  type = map(map(string))
+  default = {}
+}

modules/high_availability_new_vnet/README.md

@@ -29,7 +29,7 @@ provider "azurerm" {
 module "example_module" {
 
         source  = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_new_vnet"
-        version = "1.0.5"
+        version = "1.0.6"
 
         tenant_id                       = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
         source_image_vhd_uri            = "noCustomUri"
@@ -130,3 +130,4 @@ module "example_module" {
 | **storage_account_additional_ips**| IPs/CIDRs that are allowed access to the Storage Account                                                                                                          | list(string)   | A list of valid IPs and CIDRs<br />**Default:** []                                                                                                                                                                                                                                                                                                         |
 | **security_rules**                | Security rules for the Network Security Group                                                                                                                   | list(any)      | A security rule composed of: {name, priority, direction, access, protocol, source_port_ranges, destination_port_ranges, source_address_prefix, destination_address_prefix, description}<br />**Default:** []                                                                                                        |
 | **admin_SSH_key**                 | The SSH public key for SSH connections to the instance. Used when the authentication_type is 'SSH Public Key'                                                    | string         | **Default:** ""                                                                                                                                                                                                                                                                                                                                           |
+| **tags** | Tags can be associated either globally across all resources or scoped to specific resource types. For example, a global tag can be defined as: {"all": {"example": "example"}}.<br/>Supported resource types for tag assignment include:<br>`all` (Applies tags universally to all resource instances)<br/>`resource-group`<br/>`virtual-network`<br/>`network-security-group`<br/>`network-interface`<br/>`public-ip`<br/>`public-ip-prefix`<br/>`load-balancer`<br/>`route-table`<br/>`storage-account`<br/>`virtual-machine`<br/>`custom-image`<br/>`availability-set`<br/>**Important:** When identical tag keys are defined both globally under `all` and within a specific resource scope, the tag value specified under `all` overrides the resource-specific tag. | map(map(string)) | {} |

modules/high_availability_new_vnet/locals.tf

@@ -1,4 +1,4 @@
 locals {
   module_name = "ha_terraform"
-  module_version = "1.0.5"
+  module_version = "1.0.6"
 }

modules/high_availability_new_vnet/main.tf

@@ -19,6 +19,7 @@ module "common" {
   serial_console_password_hash = var.serial_console_password_hash
   maintenance_mode_password_hash = var.maintenance_mode_password_hash
   storage_account_additional_ips = var.storage_account_additional_ips
+  tags = merge(lookup(var.tags, "resource-group", {}), lookup(var.tags, "all", {}))
 }
 
 //********************** Networking **************************//
@@ -30,6 +31,7 @@ module "vnet" {
   nsg_id = var.nsg_id == "" ? module.network_security_group[0].network_security_group_id: var.nsg_id
   address_space = var.address_space
   subnet_prefixes = var.subnet_prefixes
+  tags = var.tags
 }
 
 module "network_security_group" {
@@ -39,6 +41,7 @@ module "network_security_group" {
   security_group_name = "${module.common.resource_group_name}_nsg"
   location = module.common.resource_group_location
   security_rules = var.security_rules
+  tags = merge(lookup(var.tags, "network-security-group", {}), lookup(var.tags, "all", {}))
 }
 
 resource "random_id" "random_id" {
@@ -54,6 +57,7 @@ resource "azurerm_public_ip_prefix" "public_ip_prefix" {
   location = module.common.resource_group_location
   resource_group_name = module.common.resource_group_name
   prefix_length = 30
+  tags = merge(lookup(var.tags, "public-ip-prefix", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_public_ip" "public-ip" {
@@ -65,6 +69,7 @@ resource "azurerm_public_ip" "public-ip" {
   sku = var.sku
   domain_name_label = "${lower(var.cluster_name)}-${count.index+1}-${random_id.random_id.hex}"
   public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+  tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_public_ip" "cluster-vip" {
@@ -75,6 +80,7 @@ resource "azurerm_public_ip" "cluster-vip" {
   sku = var.sku
   domain_name_label = "${lower(var.cluster_name)}-vip-${random_id.random_id.hex}"
   public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+  tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_network_interface" "nic_vip" {
@@ -110,6 +116,8 @@ resource "azurerm_network_interface" "nic_vip" {
       ip_configuration
     ]
   }
+
+  tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_network_interface_backend_address_pool_association" "nic_vip_lb_association" {
@@ -144,6 +152,8 @@ resource "azurerm_network_interface" "nic" {
       ip_configuration
     ]
   }
+
+  tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_network_interface_backend_address_pool_association" "nic_lb_association" {
@@ -169,6 +179,8 @@ resource "azurerm_network_interface" "nic1" {
     private_ip_address_allocation = module.vnet.allocation_method
     private_ip_address = cidrhost(module.vnet.subnet_prefixes[1], count.index+5)
   }
+
+  tags = merge(lookup(var.tags, "network-interface", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_network_interface_backend_address_pool_association" "nic1_lb_association" {
@@ -188,6 +200,7 @@ resource "azurerm_public_ip" "public-ip-lb" {
   sku = var.sku
   domain_name_label = "${lower(var.cluster_name)}-${random_id.random_id.hex}"
   public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+  tags = merge(lookup(var.tags, "public-ip", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_lb" "frontend-lb" {
@@ -202,6 +215,8 @@ resource "azurerm_lb" "frontend-lb" {
     name = "LoadBalancerFrontend"
     public_ip_address_id = azurerm_public_ip.public-ip-lb.id
   }
+
+  tags = merge(lookup(var.tags, "load-balancer", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_lb_backend_address_pool" "frontend-lb-pool" {
@@ -220,6 +235,8 @@ resource "azurerm_lb" "backend-lb" {
     private_ip_address_allocation = module.vnet.allocation_method
     private_ip_address = cidrhost(module.vnet.subnet_prefixes[1], 4)
   }
+
+  tags = merge(lookup(var.tags, "load-balancer", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_lb_backend_address_pool" "backend-lb-pool" {
@@ -263,6 +280,8 @@ resource "azurerm_availability_set" "availability-set" {
   platform_fault_domain_count = 2
   platform_update_domain_count = 5
   managed = true
+
+  tags = merge(lookup(var.tags, "availability-set", {}), lookup(var.tags, "all", {}))
 }
 
 //********************** Storage accounts **************************//
@@ -290,6 +309,7 @@ resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
       days = "15"
     }
   }
+  tags = merge(lookup(var.tags, "storage-account", {}), lookup(var.tags, "all", {}))
 }
 
 //********************** Virtual Machines **************************//
@@ -308,6 +328,8 @@ resource "azurerm_image" "custom-image" {
     os_state = "Generalized"
     blob_uri = var.source_image_vhd_uri
   }
+
+  tags = merge(lookup(var.tags, "custom-image", {}), lookup(var.tags, "all", {}))
 }
 resource "azurerm_virtual_machine" "vm-instance-availability-set" {
   depends_on = [
@@ -400,6 +422,8 @@ resource "azurerm_virtual_machine" "vm-instance-availability-set" {
     enabled = module.common.boot_diagnostics
     storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
   }
+
+  tags = merge(lookup(var.tags, "virtual-machine", {}), lookup(var.tags, "all", {}))
 }
 
 resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
@@ -494,6 +518,8 @@ resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
     enabled = module.common.boot_diagnostics
     storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
   }
+
+  tags = merge(lookup(var.tags, "virtual-machine", {}), lookup(var.tags, "all", {}))
 }
 //********************** Role Assigments **************************//
 data "azurerm_role_definition" "virtual_machine_contributor_role_definition" {

modules/high_availability_new_vnet/variables.tf

@@ -321,3 +321,9 @@ variable "security_rules" {
     }
   ]
 }
+
+variable "tags" {
+  description = "Assign tags by resource."
+  type = map(map(string))
+  default = {}
+}