Rename tags_network to network_tags

GoogleCloudPlatform · Nov 16, 2022 · b4ea730 · b4ea730
1 parent 11aa193
commit b4ea730
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 13 deletions.
diff --git a/modules/organization/README.md b/modules/organization/README.md
@@ -393,13 +393,13 @@ module "org" {
 # tftest modules=1 resources=7
 ```
 
-You can also define network tags, through a dedicated variable *tags_network*:
+You can also define network tags, through a dedicated variable *network_tags*:
 
 ```hcl
 module "org" {
   source          = "./fabric/modules/organization"
   organization_id = var.organization_id
-  tags_network = {
+  network_tags = {
     net-environment = {
       description  = "This is a network tag."
       network      = "my_project/my_vpc"
@@ -458,13 +458,13 @@ module "org" {
 | [iam_bindings_authoritative](variables.tf#L116) | IAM authoritative bindings, in {ROLE => [MEMBERS]} format. Roles and members not explicitly listed will be cleared. Bindings should also be authoritative when using authoritative audit config. Use with caution. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>null</code> |
 | [logging_exclusions](variables.tf#L122) | Logging exclusions for this organization in the form {NAME -> FILTER}. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
 | [logging_sinks](variables.tf#L129) | Logging sinks to create for the organization. | <code title="map&#40;object&#40;&#123;&#10;  bq_partitioned_table &#61; optional&#40;bool&#41;&#10;  description          &#61; optional&#40;string&#41;&#10;  destination          &#61; string&#10;  disabled             &#61; optional&#40;bool, false&#41;&#10;  exclusions           &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  filter               &#61; string&#10;  include_children     &#61; optional&#40;bool, true&#41;&#10;  type                 &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [network_tags](variables.tf#L255) | Network tags by key name. The `iam` attribute behaves like the similarly named one at module level. | <code title="map&#40;object&#40;&#123;&#10;  description &#61; string&#10;  iam         &#61; map&#40;list&#40;string&#41;&#41;&#10;  network     &#61; string &#35; project_id&#47;vpc_name&#10;  values &#61; map&#40;object&#40;&#123;&#10;    description &#61; string&#10;    iam         &#61; map&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [org_policies](variables.tf#L159) | Organization policies applied to this organization keyed by policy name. | <code title="map&#40;object&#40;&#123;&#10;  inherit_from_parent &#61; optional&#40;bool&#41; &#35; for list policies only.&#10;  reset               &#61; optional&#40;bool&#41;&#10;  allow &#61; optional&#40;object&#40;&#123;&#10;    all    &#61; optional&#40;bool&#41;&#10;    values &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  deny &#61; optional&#40;object&#40;&#123;&#10;    all    &#61; optional&#40;bool&#41;&#10;    values &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  enforce &#61; optional&#40;bool, true&#41; &#35; for boolean policies only.&#10;  rules &#61; optional&#40;list&#40;object&#40;&#123;&#10;    allow &#61; optional&#40;object&#40;&#123;&#10;      all    &#61; optional&#40;bool&#41;&#10;      values &#61; optional&#40;list&#40;string&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    deny &#61; optional&#40;object&#40;&#123;&#10;      all    &#61; optional&#40;bool&#41;&#10;      values &#61; optional&#40;list&#40;string&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    enforce &#61; optional&#40;bool, true&#41; &#35; for boolean policies only.&#10;    condition &#61; object&#40;&#123;&#10;      description &#61; optional&#40;string&#41;&#10;      expression  &#61; optional&#40;string&#41;&#10;      location    &#61; optional&#40;string&#41;&#10;      title       &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#10;  &#125;&#41;&#41;, &#91;&#93;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [org_policies_data_path](variables.tf#L199) | Path containing org policies in YAML format. | <code>string</code> |  | <code>null</code> |
 | [org_policy_custom_constraints](variables.tf#L205) | Organization policiy custom constraints keyed by constraint name. | <code title="map&#40;object&#40;&#123;&#10;  display_name   &#61; optional&#40;string&#41;&#10;  description    &#61; optional&#40;string&#41;&#10;  action_type    &#61; string&#10;  condition      &#61; string&#10;  method_types   &#61; list&#40;string&#41;&#10;  resource_types &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [org_policy_custom_constraints_data_path](variables.tf#L219) | Path containing org policy custom constraints in YAML format. | <code>string</code> |  | <code>null</code> |
 | [tag_bindings](variables.tf#L235) | Tag bindings for this organization, in key => tag value id format. | <code>map&#40;string&#41;</code> |  | <code>null</code> |
-| [tags](variables.tf#L241) | Tags by key name. The `iam` attribute behaves like the similarly named one at module level. | <code title="map&#40;object&#40;&#123;&#10;  description &#61; string&#10;  iam         &#61; map&#40;list&#40;string&#41;&#41;&#10;  values &#61; map&#40;object&#40;&#123;&#10;    description &#61; string&#10;    iam         &#61; map&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
-| [tags_network](variables.tf#L254) | Tags by key name. The `iam` attribute behaves like the similarly named one at module level. | <code title="map&#40;object&#40;&#123;&#10;  description &#61; string&#10;  iam         &#61; map&#40;list&#40;string&#41;&#41;&#10;  network     &#61; string &#35; project_id&#47;vpc_name&#10;  values &#61; map&#40;object&#40;&#123;&#10;    description &#61; string&#10;    iam         &#61; map&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
+| [tags](variables.tf#L241) | Tags by key name. The `iam` attribute behaves like the similarly named one at module level. | <code title="map&#40;object&#40;&#123;&#10;  description &#61; string&#10;  iam         &#61; map&#40;list&#40;string&#41;&#41;&#10;  values &#61; map&#40;object&#40;&#123;&#10;    description &#61; string&#10;    iam         &#61; map&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 
 ## Outputs
 
@@ -474,11 +474,11 @@ module "org" {
 | [custom_roles](outputs.tf#L31) | Map of custom roles resources created in the organization. |  |
 | [firewall_policies](outputs.tf#L36) | Map of firewall policy resources created in the organization. |  |
 | [firewall_policy_id](outputs.tf#L41) | Map of firewall policy ids created in the organization. |  |
+| [network_tag_keys](outputs.tf#L86) | Tag key resources. |  |
+| [network_tag_values](outputs.tf#L93) | Tag value resources. |  |
 | [organization_id](outputs.tf#L46) | Organization id dependent on module resources. |  |
 | [sink_writer_identities](outputs.tf#L63) | Writer identities created for each sink. |  |
 | [tag_keys](outputs.tf#L71) | Tag key resources. |  |
-| [tag_network_keys](outputs.tf#L86) | Tag key resources. |  |
-| [tag_network_values](outputs.tf#L93) | Tag value resources. |  |
 | [tag_values](outputs.tf#L78) | Tag value resources. |  |
 
 <!-- END TFDOC -->
diff --git a/modules/organization/outputs.tf b/modules/organization/outputs.tf
@@ -83,14 +83,14 @@ output "tag_values" {
   }
 }
 
-output "tag_network_keys" {
+output "network_tag_keys" {
   description = "Tag key resources."
   value = {
     for k, v in google_tags_tag_key.default : k => v if v.purpose != null
   }
 }
 
-output "tag_network_values" {
+output "network_tag_values" {
   description = "Tag value resources."
   value = {
     for k, v in google_tags_tag_value.default

diff --git a/modules/organization/tags.tf b/modules/organization/tags.tf
@@ -56,7 +56,7 @@ locals {
     for t in local._tag_values_iam : "${t.key}:${t.role}" => t
   }
   tags = {
-    for k, v in merge(coalesce(var.tags, {}), coalesce(var.tags_network, {})) : k => (
+    for k, v in merge(var.tags, var.network_tags) : k => (
       v == null
       ? { description = null, iam = {}, network = null, values = null }
       : merge({ network = null }, v)

diff --git a/modules/organization/variables.tf b/modules/organization/variables.tf
@@ -248,11 +248,12 @@ variable "tags" {
       iam         = map(list(string))
     }))
   }))
-  default = null
+  nullable = false
+  default  = {}
 }
 
-variable "tags_network" {
-  description = "Tags by key name. The `iam` attribute behaves like the similarly named one at module level."
+variable "network_tags" {
+  description = "Network tags by key name. The `iam` attribute behaves like the similarly named one at module level."
   type = map(object({
     description = string
     iam         = map(list(string))
@@ -262,5 +263,6 @@ variable "tags_network" {
       iam         = map(list(string))
     }))
   }))
-  default = null
+  nullable = false
+  default  = {}
 }