Add tags or labels to all resources created with shared modules

[jwbron]

Summary:

Added comprehensive resource tagging support to the scheduled-job Terraform module with automatic tags and custom tag support.

Changes Made

scheduled-job Module

• Added tags variable to allow custom tagging
• Added automatic tagging using existing module variables
• Applied labels to all supported resources
• Updated README with tagging documentation
• Updated example configurations to demonstrate tagging

Module-Specific Tags

scheduled-job Module:

• module = "scheduled-job"
• job_name = var.job_name
• execution_type = var.execution_type

Other Modules

• github-ci-bootstrap: No tagging support (resources don't support labels)
• cloud-build-docker: No tagging support (only data source, no resources)

Resource Support

Resource Type	scheduled-job	github-ci-bootstrap	cloud-build-docker
Storage Buckets	✅ Labels	N/A	N/A
Storage Objects	✅ Metadata	N/A	N/A
PubSub Topics	✅ Labels	N/A	N/A
Cloud Functions	✅ Labels	N/A	N/A
Cloud Run Jobs	✅ Labels	N/A	N/A
Service Accounts	⚠️ Limited	⚠️ Limited	N/A
Workload Identity	N/A	⚠️ Limited	N/A
Container Images	N/A	N/A	⚠️ Limited

Legend:

• ✅ Full Support: Labels/tags applied automatically
• ⚠️ Limited Support: Some resources may not support labels in Google provider
• N/A Not Applicable: Resource type not used in this module

Example Usage

module "my_function" {
  source = "git::https://github.com/Khan/terraform-modules.git//terraform/modules/scheduled-job?ref=v1.0.0"
  
  job_name = "my-function"
  # ... other configuration
  
  tags = {
    environment = "production"
    team        = "data-engineering"
    owner       = "data-team"
  }
}

Benefits

• Resource Organization: Easy identification and grouping of resources
• Cost Management: Track costs by team, project, or environment
• Compliance: Support for governance requirements
• Automation: Enable automated resource management and cleanup
• Auditing: Better visibility into resource ownership and purpose

Backward Compatibility

• All changes are backward compatible
• tags variable defaults to empty map {}
• Existing configurations continue to work without modification
• Automatic tags are always applied; custom tags are optional

Additional Improvements

• Made job_image variable optional with proper validation for Cloud Run Jobs
• Fixed linter issues by removing unused variables and locals from modules that don't support tagging

Issue: INFRA-XXXX

Test plan:

Update culture-cron to use these updated modules, verify tags were created.

[csilvers]

Good idea!

[csilvers]

Nice! Do we want to use some consistent way of naming the team? Like should it be a github tag (@owner or #team), or the list of teams in ownership_data.json, or something else?

[jwbron]

Yeah, I should probably add a predefined list of teams here.

[csilvers]

This seems misnamed -- I'd expect common_tags to just be the 3 common tags you list below, not that merged with var.tags. Should it be all_tags maybe?

Also, who wins in case of a merge conflict? I'm guessing that the ones below take precedence over the ones in var.tags. Is that the desired behavior?

[jwbron]

this means "common for all resources generated by this usage of this module". Does "all_tags" sound better to you?

Good call on the merge conflicts, I'll make sure your guess is correct and document it.

[csilvers]

all_tags sounds good to me!

[csilvers]

What happens if you try to add tags somewhere else? It seems like it's just silently ignored?

[jwbron]

If you add a field not supported in a terraform resource (in this case label or tag), it fails well before an apply, I think it's during the check stage.