feat: add resource_manager_tags to bastion compute_instance (#227)

bdashrad · web-flow · commit 625c343b8d2b · 2025-07-01T14:00:57.000-07:00
diff --git a/README.md b/README.md
@@ -96,6 +96,7 @@ If the user does not share the same domain as the org the bastion is in, you wil
 | project | The project ID to deploy to | `string` | n/a | yes |
 | random\_role\_id | Enables role random id generation. | `bool` | `true` | no |
 | region | The region where the bastion instance template will live | `string` | `null` | no |
+| resource\_manager\_tags | (Optional) A tag is a key-value pair that can be attached to a Google Cloud resource. You can use tags to conditionally allow or deny policies based on whether a resource has a specific tag. This value is not returned by the API. In Terraform, this value cannot be updated and changing it will recreate the resource. | `map(string)` | `null` | no |
 | scopes | List of scopes to attach to the bastion host | `list(string)` | <pre>[<br>  "cloud-platform"<br>]</pre> | no |
 | service\_account\_email | If set, the service account and its permissions will not be created. The service account being passed in should have at least the roles listed in the `service_account_roles` variable so that logging and OS Login work as expected. | `string` | `""` | no |
 | service\_account\_name | Account ID for the service account | `string` | `"bastion"` | no |
diff --git a/main.tf b/main.tf
@@ -103,6 +103,10 @@ resource "google_compute_instance_from_template" "bastion_vm" {
   }
 
   source_instance_template = module.instance_template.self_link
+
+  params {
+    resource_manager_tags = var.resource_manager_tags
+  }
 }
 
 module "iap_tunneling" {
diff --git a/variables.tf b/variables.tf
@@ -287,3 +287,9 @@ variable "can_ip_forward" {
   description = "Whether the bastion should allow IP forwarding."
   default     = false
 }
+
+variable "resource_manager_tags" {
+  description = "(Optional) A tag is a key-value pair that can be attached to a Google Cloud resource. You can use tags to conditionally allow or deny policies based on whether a resource has a specific tag. This value is not returned by the API. In Terraform, this value cannot be updated and changing it will recreate the resource."
+  type        = map(string)
+  default     = null
+}

Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,10 @@ resource "google_compute_instance_from_template" "bastion_vm" {`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`source_instance_template = module.instance_template.self_link`
	`106`	`+`
	`107`	`+ params {`
	`108`	`+ resource_manager_tags = var.resource_manager_tags`
	`109`	`+ }`
`106`	`110`	`}`
`107`	`111`
`108`	`112`	`module "iap_tunneling" {`