kevholditch · kevholditch · Aug 12, 2021 · Aug 10, 2021 · Aug 10, 2021 · Aug 10, 2021
diff --git a/Makefile b/Makefile
@@ -13,6 +13,8 @@ build:
 clean:
 	rm -rf pkg/
 
+fmt:
+	go fmt ./...
 
 
 .PHONY: build test testacc vet goimports goimportscheck errcheck vendor-status test-compile
diff --git a/docs/resources/certificate.md b/docs/resources/certificate.md
@@ -9,6 +9,7 @@ resource "kong_certificate" "certificate" {
     certificate  = "public key --- 123 ----"
     private_key  = "private key --- 456 ----"
     snis         = ["foo.com", "bar.com"]
+    tags         = ["myTag"]
 }
 ```
 
@@ -17,6 +18,7 @@ resource "kong_certificate" "certificate" {
 * `certificate` - (Required) should be the public key of your certificate it is mapped to the `Cert` parameter on the Kong API.
 * `private_key` - (Required) should be the private key of your certificate it is mapped to the `Key` parameter on the Kong API.
 * `snis` - (Optional) a list of SNIs (alternative hosts on the certificate), under the bonnet this will create an SNI object in kong
+* `snis` - (Optional) A list of strings associated with the Certificate for grouping and filtering
 
 ## Import
 

diff --git a/docs/resources/consumer.md b/docs/resources/consumer.md
@@ -8,13 +8,15 @@ The consumer resource maps directly onto the json for creating a Consumer in Kon
 resource "kong_consumer" "consumer" {
     username  = "User1"
     custom_id = "123"
+    tags      = ["mySuperTag"]
 }
 ```
 
 ## Argument Reference
 
 * `username` - (Semi-optional) The username to use, you must set either the username or custom_id
 * `custom_id` - (Semi-optional) A custom id for the consumer, you must set either the username or custom_id
+* `tags` - (Optional) A list of strings associated with the Consumer for grouping and filtering
 
 ## Import
 

diff --git a/docs/resources/consumer_acl.md b/docs/resources/consumer_acl.md
@@ -30,4 +30,4 @@ resource "kong_consumer_acl" "consumer_acl" {
 
 * `consumer_id` - (Required) the id of the consumer to be configured
 * `group` - (Required) the acl group
-* `tags` - (Optional) A list of strings associated with the consumer acl for grouping and filtering.
+* `tags` - (Optional) A list of strings associated with the consumer acl for grouping and filtering
diff --git a/docs/resources/consumer_basic_auth.md b/docs/resources/consumer_basic_auth.md
@@ -27,4 +27,4 @@ resource "kong_consumer_basic_auth" "consumer_basic_auth" {
 * `consumer_id` - (Required) the id of the consumer to be configured with basic auth
 * `username` - (Required) username to be used for basic auth
 * `password` - (Required) password to be used for basic auth
-* `tags` - (Optional) A list of strings associated with the consumer basic auth for grouping and filtering.
+* `tags` - (Optional) A list of strings associated with the consumer basic auth for grouping and filtering
diff --git a/docs/resources/consumer_jwt_auth.md b/docs/resources/consumer_jwt_auth.md
@@ -31,7 +31,8 @@ resource "kong_consumer_jwt_auth" "consumer_jwt_config" {
 ## Argument Reference
 
 * `consumer_id` - (Required) the id of the consumer to be configured with jwt auth
-* `algorithm` - (Optional) The algorithm used to verify the token’s signature. Can be HS256, HS384, HS512, RS256, or ES256, Default is `HS256`.
+* `algorithm` - (Optional) The algorithm used to verify the token’s signature. Can be HS256, HS384, HS512, RS256, or ES256, Default is `HS256`
 * `key` - (Optional) A unique string identifying the credential. If left out, it will be auto-generated.
-* `rsa_public_key` - (Optional) If algorithm is `RS256` or `ES256`, the public key (in PEM format) to use to verify the token’s signature.
-* `secret` - (Optional) If algorithm is `HS256` or `ES256`, the secret used to sign JWTs for this credential. If left out, will be auto-generated.
+* `rsa_public_key` - (Optional) If algorithm is `RS256` or `ES256`, the public key (in PEM format) to use to verify the token’s signature
+* `secret` - (Optional) If algorithm is `HS256` or `ES256`, the secret used to sign JWTs for this credential. If left out, will be auto-generated
+* `tags` - (Optional) A list of strings associated with the consumer JWT auth for grouping and filtering
diff --git a/docs/resources/plugin.md b/docs/resources/plugin.md
@@ -81,13 +81,14 @@ EOT
 
 ## Argument reference
 
-`plugin_name` - (Required) the name of the plugin you want to configure
-`consumer_id` - (Optional) the consumer id you want to configure the plugin for
-`service_id`  - (Optional) the service id that you want to configure the plugin for
-`route_id` - (Optional) the route id that you want to configure the plugin for
-`enabled` - (Optional) whether the plugin is enabled or not, use if you want to keep the plugin installed but disable it
-`config_json` - (Optional) this is the configuration json for how you want to configure the plugin.  The json is passed straight through to kong as is.  You can get the json config from the Kong documentation
+* `plugin_name` - (Required) the name of the plugin you want to configure
+* `consumer_id` - (Optional) the consumer id you want to configure the plugin for
+* `service_id`  - (Optional) the service id that you want to configure the plugin for
+* `route_id` - (Optional) the route id that you want to configure the plugin for
+* `enabled` - (Optional) whether the plugin is enabled or not, use if you want to keep the plugin installed but disable it
+* `config_json` - (Optional) this is the configuration json for how you want to configure the plugin.  The json is passed straight through to kong as is.  You can get the json config from the Kong documentation
 page of the plugin you are configuring
+* `tags` - (Optional) A list of strings associated with the Plugin for grouping and filtering
 
 ## Import
 

diff --git a/docs/resources/target.md b/docs/resources/target.md
@@ -15,6 +15,7 @@ resource "kong_target" "target" {
 * `target` - (Required) is the target address (IP or hostname) and port. If omitted the port defaults to 8000.
 * `weight` - (Required) is the weight this target gets within the upstream load balancer (0-1000, defaults to 100).
 * `upstream_id` - (Required) is the id of the upstream to apply this target to.
+* `tags` - (Optional) A list set of strings associated with the Plugin for grouping and filtering
 
 ## Import
 

diff --git a/kong/resource_kong_certificate.go b/kong/resource_kong_certificate.go
@@ -38,20 +38,20 @@ func resourceKongCertificate() *schema.Resource {
 				ForceNew: false,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
+			"tags": {
+				Type:     schema.TypeList,
+				Optional: true,
+				ForceNew: false,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
 		},
 	}
 }
 
 func resourceKongCertificateCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 
-	certificateRequest := &kong.Certificate{
-		Cert: kong.String(d.Get("certificate").(string)),
-		Key:  kong.String(d.Get("private_key").(string)),
-		SNIs: readStringArrayPtrFromResource(d, "snis"),
-	}
-
+	certificateRequest := buildCertificateRequestFromResourceData(d)
 	client := meta.(*config).adminClient.Certificates
-
 	certificate, err := client.Create(ctx, certificateRequest)
 
 	if err != nil {
@@ -66,15 +66,10 @@ func resourceKongCertificateCreate(ctx context.Context, d *schema.ResourceData,
 func resourceKongCertificateUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	d.Partial(false)
 
-	certificateRequest := &kong.Certificate{
-		ID:   kong.String(d.Id()),
-		Cert: kong.String(d.Get("certificate").(string)),
-		Key:  kong.String(d.Get("private_key").(string)),
-		SNIs: readStringArrayPtrFromResource(d, "snis"),
-	}
+	certificateRequest := buildCertificateRequestFromResourceData(d)
+	certificateRequest.ID = kong.String(d.Id())
 
 	client := meta.(*config).adminClient.Certificates
-
 	_, err := client.Update(ctx, certificateRequest)
 
 	if err != nil {
@@ -84,6 +79,16 @@ func resourceKongCertificateUpdate(ctx context.Context, d *schema.ResourceData,
 	return resourceKongCertificateRead(ctx, d, meta)
 }
 
+func buildCertificateRequestFromResourceData(d *schema.ResourceData) *kong.Certificate {
+	certificateRequest := &kong.Certificate{
+		Cert: kong.String(d.Get("certificate").(string)),
+		Key:  kong.String(d.Get("private_key").(string)),
+		SNIs: readStringArrayPtrFromResource(d, "snis"),
+		Tags: readStringArrayPtrFromResource(d, "tags"),
+	}
+	return certificateRequest
+}
+
 func resourceKongCertificateRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 
 	var diags diag.Diagnostics
@@ -118,6 +123,10 @@ func resourceKongCertificateRead(ctx context.Context, d *schema.ResourceData, me
 				return diag.FromErr(err)
 			}
 		}
+		err = d.Set("tags", certificate.Tags)
+		if err != nil {
+			return diag.FromErr(err)
+		}
 	}
 
 	return diags

diff --git a/kong/resource_kong_certificate_test.go b/kong/resource_kong_certificate_test.go
@@ -22,6 +22,9 @@ func TestAccKongCertificate(t *testing.T) {
 					testAccCheckKongCertificateExists("kong_certificate.certificate"),
 					resource.TestCheckResourceAttr("kong_certificate.certificate", "certificate", testCert1+"\n"),
 					resource.TestCheckResourceAttr("kong_certificate.certificate", "private_key", testKey1+"\n"),
+					resource.TestCheckResourceAttr("kong_certificate.certificate", "tags.#", "2"),
+					resource.TestCheckResourceAttr("kong_certificate.certificate", "tags.0", "a"),
+					resource.TestCheckResourceAttr("kong_certificate.certificate", "tags.1", "b"),
 				),
 			},
 			{
@@ -30,6 +33,8 @@ func TestAccKongCertificate(t *testing.T) {
 					testAccCheckKongCertificateExists("kong_certificate.certificate"),
 					resource.TestCheckResourceAttr("kong_certificate.certificate", "certificate", testCert2+"\n"),
 					resource.TestCheckResourceAttr("kong_certificate.certificate", "private_key", testKey2+"\n"),
+					resource.TestCheckResourceAttr("kong_certificate.certificate", "tags.#", "1"),
+					resource.TestCheckResourceAttr("kong_certificate.certificate", "tags.0", "a"),
 				),
 			},
 		},
@@ -116,6 +121,7 @@ EOF
 %s
 EOF
    snis			= ["foo.com"]
+   tags         = ["a", "b"]
 }
 `
 const testUpdateCertificateConfig = `
@@ -127,6 +133,7 @@ EOF
 %s
 EOF
 	snis			= ["foo.com"]
+    tags            = ["a"]
 }
 `
 

diff --git a/kong/resource_kong_consumer.go b/kong/resource_kong_consumer.go
@@ -30,6 +30,12 @@ func resourceKongConsumer() *schema.Resource {
 				Optional: true,
 				ForceNew: false,
 			},
+			"tags": {
+				Type:     schema.TypeList,
+				Optional: true,
+				ForceNew: false,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
 		},
 	}
 }
@@ -39,6 +45,7 @@ func resourceKongConsumerCreate(ctx context.Context, d *schema.ResourceData, met
 	consumerRequest := &kong.Consumer{
 		Username: kong.String(d.Get("username").(string)),
 		CustomID: kong.String(d.Get("custom_id").(string)),
+		Tags:     readStringArrayPtrFromResource(d, "tags"),
 	}
 
 	client := meta.(*config).adminClient.Consumers
@@ -60,6 +67,7 @@ func resourceKongConsumerUpdate(ctx context.Context, d *schema.ResourceData, met
 		ID:       kong.String(d.Id()),
 		Username: kong.String(d.Get("username").(string)),
 		CustomID: kong.String(d.Get("custom_id").(string)),
+		Tags:     readStringArrayPtrFromResource(d, "tags"),
 	}
 
 	client := meta.(*config).adminClient.Consumers
@@ -97,6 +105,10 @@ func resourceKongConsumerRead(ctx context.Context, d *schema.ResourceData, meta
 		if err != nil {
 			return diag.FromErr(err)
 		}
+		err = d.Set("tags", consumer.Tags)
+		if err != nil {
+			return diag.FromErr(err)
+		}
 	}
 
 	return diags

diff --git a/kong/resource_kong_consumer_jwt_auth.go b/kong/resource_kong_consumer_jwt_auth.go
@@ -45,6 +45,12 @@ func resourceKongConsumerJWTAuth() *schema.Resource {
 				Optional: true,
 				ForceNew: false,
 			},
+			"tags": {
+				Type:     schema.TypeList,
+				Optional: true,
+				ForceNew: false,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
 		},
 	}
 }
@@ -56,6 +62,7 @@ func resourceKongConsumerJWTAuthCreate(ctx context.Context, d *schema.ResourceDa
 		Key:          kong.String(d.Get("key").(string)),
 		RSAPublicKey: kong.String(d.Get("rsa_public_key").(string)),
 		Secret:       kong.String(d.Get("secret").(string)),
+		Tags:         readStringArrayPtrFromResource(d, "tags"),
 	}
 
 	consumerId := kong.String(d.Get("consumer_id").(string))
@@ -100,6 +107,7 @@ func resourceKongConsumerJWTAuthUpdate(ctx context.Context, d *schema.ResourceDa
 		Key:          kong.String(d.Get("key").(string)),
 		RSAPublicKey: kong.String(d.Get("rsa_public_key").(string)),
 		Secret:       kong.String(d.Get("secret").(string)),
+		Tags:         readStringArrayPtrFromResource(d, "tags"),
 	}
 
 	consumerId := kong.String(d.Get("consumer_id").(string))
@@ -153,6 +161,10 @@ func resourceKongConsumerJWTAuthRead(ctx context.Context, d *schema.ResourceData
 		if err != nil {
 			return diag.FromErr(err)
 		}
+		err = d.Set("tags", JWTAuth.Tags)
+		if err != nil {
+			return diag.FromErr(err)
+		}
 	}
 
 	return diags

diff --git a/kong/resource_kong_consumer_jwt_auth_test.go b/kong/resource_kong_consumer_jwt_auth_test.go
@@ -24,6 +24,9 @@ func TestAccJWTAuth(t *testing.T) {
 					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "key", "my_key"),
 					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "secret", "my_secret"),
 					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "rsa_public_key", "foo"),
+					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "tags.#", "2"),
+					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "tags.0", "foo"),
+					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "tags.1", "bar"),
 				),
 			},
 			{
@@ -34,6 +37,8 @@ func TestAccJWTAuth(t *testing.T) {
 					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "key", "updated_key"),
 					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "secret", "updated_secret"),
 					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "rsa_public_key", "bar"),
+					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "tags.#", "1"),
+					resource.TestCheckResourceAttr("kong_consumer_jwt_auth.consumer_jwt_config", "tags.0", "foo"),
 				),
 			},
 		},
@@ -133,6 +138,7 @@ resource "kong_consumer_jwt_auth" "consumer_jwt_config" {
 	key            = "my_key"
 	rsa_public_key = "foo"
 	secret         = "my_secret"
+    tags           = ["foo", "bar"]
 }
 `
 const testUpdateJWTAuthConfig = `
@@ -156,5 +162,6 @@ resource "kong_consumer_jwt_auth" "consumer_jwt_config" {
 	key            = "updated_key"
 	rsa_public_key = "bar"
 	secret         = "updated_secret"
+	tags           = ["foo"]
 }
 `
diff --git a/kong/resource_kong_consumer_test.go b/kong/resource_kong_consumer_test.go
@@ -22,6 +22,9 @@ func TestAccKongConsumer(t *testing.T) {
 					testAccCheckKongConsumerExists("kong_consumer.consumer"),
 					resource.TestCheckResourceAttr("kong_consumer.consumer", "username", "User1"),
 					resource.TestCheckResourceAttr("kong_consumer.consumer", "custom_id", "123"),
+					resource.TestCheckResourceAttr("kong_consumer.consumer", "tags.#", "2"),
+					resource.TestCheckResourceAttr("kong_consumer.consumer", "tags.0", "a"),
+					resource.TestCheckResourceAttr("kong_consumer.consumer", "tags.1", "b"),
 				),
 			},
 			{
@@ -30,6 +33,8 @@ func TestAccKongConsumer(t *testing.T) {
 					testAccCheckKongConsumerExists("kong_consumer.consumer"),
 					resource.TestCheckResourceAttr("kong_consumer.consumer", "username", "User2"),
 					resource.TestCheckResourceAttr("kong_consumer.consumer", "custom_id", "456"),
+					resource.TestCheckResourceAttr("kong_consumer.consumer", "tags.#", "1"),
+					resource.TestCheckResourceAttr("kong_consumer.consumer", "tags.0", "a"),
 				),
 			},
 		},
@@ -111,11 +116,13 @@ const testCreateConsumerConfig = `
 resource "kong_consumer" "consumer" {
 	username  = "User1"
 	custom_id = "123"
+    tags      = ["a", "b"]
 }
 `
 const testUpdateConsumerConfig = `
 resource "kong_consumer" "consumer" {
 	username  = "User2"
 	custom_id = "456"
+    tags      = ["a"] 
 }
 `
diff --git a/kong/resource_kong_plugin.go b/kong/resource_kong_plugin.go
@@ -69,6 +69,12 @@ func resourceKongPlugin() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"tags": {
+				Type:     schema.TypeList,
+				Optional: true,
+				ForceNew: false,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
 		},
 	}
 }
@@ -148,6 +154,10 @@ func resourceKongPluginRead(ctx context.Context, d *schema.ResourceData, meta in
 		if err != nil {
 			return diag.FromErr(err)
 		}
+		err = d.Set("tags", plugin.Tags)
+		if err != nil {
+			return diag.FromErr(err)
+		}
 
 		// We sync this property from upstream as a method to allow you to import a resource with the config tracked in
 		// terraform state. We do not track `config` as it will be a source of a perpetual diff.
@@ -225,6 +235,7 @@ func createKongPluginRequestFromResourceData(d *schema.ResourceData) (*kong.Plug
 
 	pluginRequest.Name = readStringPtrFromResource(d, "name")
 	pluginRequest.Enabled = readBoolPtrFromResource(d, "enabled")
+	pluginRequest.Tags = readStringArrayPtrFromResource(d, "tags")
 
 	if data, ok := d.GetOk("config_json"); ok {
 		var configJSON map[string]interface{}