From 50265f2169562dcaeff7c2dd61ba2e312ac7998c Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Mon, 24 Feb 2025 23:12:17 +0100
Subject: [PATCH] Expose tags in project factory (#2929)

* Expose tags in project factory

* Update readme

* Remove default and update schema

* Fix tests
---
 modules/project-factory/README.md             | 10 ++++
 modules/project-factory/factory-projects.tf   | 18 +++++++
 modules/project-factory/main.tf               |  1 +
 .../schemas/project.schema.json               | 50 ++++++++++++++++++-
 modules/project/variables-tags.tf             |  2 +-
 .../project_factory/examples/example.yaml     |  2 +-
 6 files changed, 80 insertions(+), 3 deletions(-)

diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md
index 00f55be66..c4247b328 100644
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
@@ -378,6 +378,16 @@ shared_vpc_service_config:
       - container-engine
 billing_budgets:
   - test-100
+tags:
+  my-tag-key-1:
+    values:
+      my-value-1:
+        description: My value 1
+      my-value-2:
+        description: My value 3
+        iam:
+          roles/resourcemanager.tagUser:
+            - user:user@example.com
 # tftest-file id=6 path=data/projects/dev-ta-app0-be.yaml schema=project.schema.json
 ```
 
diff --git a/modules/project-factory/factory-projects.tf b/modules/project-factory/factory-projects.tf
index 5d407111b..1e6e617fa 100644
--- a/modules/project-factory/factory-projects.tf
+++ b/modules/project-factory/factory-projects.tf
@@ -145,6 +145,24 @@ locals {
         try(v.tag_bindings, null),
         var.data_defaults.tag_bindings
       )
+      tags = {
+        for tag_name, tag_data in try(v.tags, {}) : tag_name => {
+          description           = try(tag_data.description, "Managed by the Terraform project-factory module.")
+          id                    = try(tag_data.id, null)
+          iam                   = try(tag_data.iam, {})
+          iam_bindings          = try(tag_data.iam_bindings, {})
+          iam_bindings_additive = try(tag_data.iam_bindings_additive, {})
+          values = {
+            for value_name, value_data in try(tag_data.values, {}) : value_name => {
+              description           = try(value_data.description, "Managed by the Terraform project-factory module.")
+              id                    = try(value_data.id, null)
+              iam                   = try(value_data.iam, {})
+              iam_bindings          = try(value_data.iam_bindings, {})
+              iam_bindings_additive = try(value_data.iam_bindings_additive, {})
+            }
+          }
+        }
+      }
       vpc_sc = (
         var.data_overrides.vpc_sc != null
         ? var.data_overrides.vpc_sc
diff --git a/modules/project-factory/main.tf b/modules/project-factory/main.tf
index 6787c0cf0..fd338b303 100644
--- a/modules/project-factory/main.tf
+++ b/modules/project-factory/main.tf
@@ -87,6 +87,7 @@ module "projects" {
     for k, v in merge(each.value.tag_bindings, var.data_merges.tag_bindings) :
     k => lookup(var.factories_config.context.tag_values, v, v)
   }
+  tags   = each.value.tags
   vpc_sc = each.value.vpc_sc
 }
 
diff --git a/modules/project-factory/schemas/project.schema.json b/modules/project-factory/schemas/project.schema.json
index f848eeaf2..af3f71d81 100644
--- a/modules/project-factory/schemas/project.schema.json
+++ b/modules/project-factory/schemas/project.schema.json
@@ -319,6 +319,54 @@
         }
       }
     },
+    "tags": {
+      "type": "object",
+      "additionalProperties": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+          "description": {
+            "type": "string"
+          },
+          "iam": {
+            "$ref": "#/$defs/iam"
+          },
+          "iam_bindings": {
+            "$ref": "#/$defs/iam_bindings"
+          },
+          "iam_bindings_additive": {
+            "$ref": "#/$defs/iam_bindings_additive"
+          },
+          "id": {
+            "type": "string"
+          },
+          "values": {
+            "type": "object",
+            "additionalProperties": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "description": {
+                  "type": "string"
+                },
+                "iam": {
+                  "$ref": "#/$defs/iam"
+                },
+                "iam_bindings": {
+                  "$ref": "#/$defs/iam_bindings"
+                },
+                "iam_bindings_additive": {
+                  "$ref": "#/$defs/iam_bindings_additive"
+                },
+                "id": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "vpc_sc": {
       "type": "object",
       "additionalItems": false,
@@ -570,4 +618,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/modules/project/variables-tags.tf b/modules/project/variables-tags.tf
index ac73f03fd..be36b6b5f 100644
--- a/modules/project/variables-tags.tf
+++ b/modules/project/variables-tags.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2023 Google LLC
+ * Copyright 2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/tests/modules/project_factory/examples/example.yaml b/tests/modules/project_factory/examples/example.yaml
index 9a79ba243..b1dc655f0 100644
--- a/tests/modules/project_factory/examples/example.yaml
+++ b/tests/modules/project_factory/examples/example.yaml
@@ -515,6 +515,6 @@ counts:
   google_storage_project_service_account: 4
   google_tags_tag_binding: 1
   modules: 20
-  resources: 70
+  resources: 74
 
 outputs: {}