Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional inheritable key/value tags for resource querying automation #729

Open
obriensystems opened this issue Nov 24, 2023 · 1 comment
Open

Add additional inheritable key/value tags for resource querying automation #729

obriensystems opened this issue Nov 24, 2023 · 1 comment
Assignees
@fmichaelobrien
Labels
automation logging tag_label

Comments

@obriensystems
Copy link
Collaborator

obriensystems commented Nov 24, 2023
edited
Loading

see

https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/wiki/Onboarding#resource-manager-tags
Shadow GoogleCloudPlatform/pbmm-on-gcp-onboarding#341
Add optional FinOps billing

Select for tags (inherit at the folder level)

Tags for hierarchical tree based inheritance - with policy filtering
https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing

reference

Tagging walkthrough

IAM permissions

Prototyping gcloud

michael@cloudshell:~ (clouddeploy-ol)$ gcloud config set project bigquery-ol
Updated property [core/project].
michael@cloudshell:~ (bigquery-ol)$ export BOOT_PROJECT_ID=bigquery-ol
michael@cloudshell:~ (bigquery-ol)$ export ORGANIZATION_ID=$(gcloud projects get-ancestors $BOOT_PROJECT_ID --format='get(id)' | tail -1)
michael@cloudshell:~ (bigquery-ol)$ export SUPER_ADMIN_EMAIL=$(gcloud config list --format json|jq .core.account | sed 's/"//g')
michael@cloudshell:~ (bigquery-ol)$ gcloud organizations add-iam-policy-binding $ORGANIZATION_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/resourcemanager.tagAdmin --quiet > /dev/null 1>&1
Updated IAM policy for organization [5...8].
michael@cloudshell:~ (bigquery-ol)$ gcloud organizations add-iam-policy-binding $ORGANIZATION_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/resourcemanager.tagUser --quiet > /dev/null 1>&1

Create tag key - at the org or project level

https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing#creating_tag

At the org level
Screenshot 2023-11-24 at 11 14 26

michael@cloudshell:~ (bigquery-ol)$ export TAG_NAME=environment
michael@cloudshell:~ (bigquery-ol)$ export RESOURCE_ID=organizations/$ORGANIZATION_ID
michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags keys create $TAG_NAME --parent=$RESOURCE_ID
Waiting for TagKey [environment] to be created...done.                                                                              
createTime: '2023-11-24T16:21:06.833463Z'
etag: Bw+agEibA3OLrqEOTDRSag==
name: tagKeys/281477004159305
namespacedName: 583..68/environment
parent: organizations/5..8
shortName: environment
updateTime: '2023-11-24T16:21:06.833463Z'

View key

michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags keys describe tagKeys/281477004159305

Create tag value

michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags values create development  --parent=583...868/environment
Waiting for TagValue [development] to be created...done.                                                                            
createTime: '2023-11-24T16:24:27.774244Z'
etag: OsmovPw5O03VOqypXAC4FQ==
name: tagValues/281...818
namespacedName: 58...868/environment/development
parent: tagKeys/28147...305
shortName: development
updateTime: '2023-11-24T16:24:27.774244Z'

michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags values describe tagValues/281476455852818

Attach tag k/v pair to the org, folder or project level

https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing#attaching

michael@cloudshell:~ (bigquery-ol)$ export TAG_RESOURCE_ID=//cloudresourcemanager.googleapis.com/folders/354005104432
michael@cloudshell:~ (bigquery-ol)$ export TAGVALUE_NAME=tagValues/281476455852818
michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags bindings create --tag-value=$TAGVALUE_NAME --parent=$TAG_RESOURCE_IDdone: true
response:
  '@type': type.googleapis.com/google.cloud.resourcemanager.v3.TagBinding
  name: tagBindings/%2F%2Fcloudresourcemanager.googleapis.com%2Ffolders%2F354005104432/tagValues/281476455852818
  parent: //cloudresourcemanager.googleapis.com/folders/354005104432
  tagValue: tagValues/281476455852818
  tagValueNamespacedName: 583..68/environment/development


listing
michael@cloudshell:~ (bigquery-ol)$ gcloud resource-manager tags bindings list --parent=$TAG_RESOURCE_ID 
---
name: tagBindings/%2F%2Fcloudresourcemanager.googleapis.com%2Ffolders%2F354005104432/tagValues/281476455852818
parent: //cloudresourcemanager.googleapis.com/folders/354005104432
tagValue: tagValues/281476455852818

Viewing - org level

Screenshot 2023-11-24 at 11 34 59

values
Screenshot 2023-11-24 at 11 35 52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fmichaelobrien fmichaelobrien

Labels
automation logging tag_label
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@obriensystems @fmichaelobrien