Home

Awesome

<img src="ttlogo.png" width="300" alt="Terratag Logo">

ci FOSSA Status

<sub>Terratag is brought to you with ❤️  by <img src="logo.svg" width="150"> Let your team manage their own environment in AWS, Azure and Google. <br/> Governed by your policies and with complete visibility and cost management.

What?

Terratag is a CLI tool allowing for tags or labels to be applied across an entire set of OpenTofu/Terraform files. Terratag will apply tags or labels to any AWS, GCP and Azure resources.

Terratag in action

Why?

Maintaining tags across your application is hard, especially when done manually. Terratag enables you to easily add tags to your existing IaC and benefit from some cross-resource tag applications you wish you had thought of when you had just started writing your OpenTofu/Terraform, saving you tons of time and making future updates easy. Read more on why tagging is important.

How?

Prerequisites

Usage

  1. Install from homebrew:

    brew install env0/terratag/terratag
    

    Or download the latest release binary .

  2. Initialize Opentofu/Terraform modules to get provider schema and pull child modules:

     tofu init
    
     terraform init
    
  3. Run Terratag

     terratag -dir=foo/bar -tags={\"environment_id\": \"prod\"}
    

    or

     terratag -dir=foo/bar -tags="environment_id=prod,some-tag=value"
    

Example Output

Before Terratag

|- aws.tf
|- gcp.tf
# aws.tf
provider "aws" {
  version = "~> 2.0"
  region  = "us-east-1"
}

resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  tags {
    Name        = "My bucket"
  }
}
#gcp.tf
resource "google_storage_bucket" "static-site" {
  name          = "image-store.com"
  location      = "EU"
  force_destroy = true

  bucket_policy_only = true

  website {
    main_page_suffix = "index.html"
    not_found_page   = "404.html"
  }
  cors {
    origin          = ["http://image-store.com"]
    method          = ["GET", "HEAD", "PUT", "POST", "DELETE"]
    response_header = ["*"]
    max_age_seconds = 3600
  }
  labels = {
    "foo" = "bar"
  }
}

After Terratag

Running terratag -tags={\"env0_environment_id\":\"dev\",\"env0_project_id\":\"clientA\"} will output:

|- aws.terratag.tf
|- gcp.terratag.tf
|- aws.tf.bak
|- gcp.tf.bak
# aws.terratag.tf
provider "aws" {
  version = "~> 2.0"
  region  = "us-east-1"
}

resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  tags = merge( map("Name", "My bucket" ), local.terratag_added_main)
}
locals {
  terratag_added_main = {"env0_environment_id"="dev","env0_project_id"="clientA"}
}
# gcp.terratag.tf
resource "google_storage_bucket" "static-site" {
  name          = "image-store.com"
  location      = "EU"
  force_destroy = true

  bucket_policy_only = true

  website {
    main_page_suffix = "index.html"
    not_found_page   = "404.html"
  }
  cors {
    origin          = ["http://image-store.com"]
    method          = ["GET", "HEAD", "PUT", "POST", "DELETE"]
    response_header = ["*"]
    max_age_seconds = 3600
  }
  labels = merge( map("foo" , "bar"), local.terratag_added_main)
}
locals {
  terratag_added_main = {"env0_environment_id"="dev","env0_project_id"="clientA"}
}

Optional CLI flags

Setting options via enviroment variables is also supported. CLI flags have a precedence over envrionment variables.

TERRATAG_TAGS
TERRATAG_DIR
TERRATAG_SKIPTERRATAGFILES
TERRATAG_FILTER
TERRATAG_SKIP
TERRATAG_VERBOSE
TERRATAG_RENAME
TERRATAG_TYPE
TERRATAG_DEFAULT_TO_TERRAFORM
See more samples here

Notes

Develop

Issues and Pull Requests are very welcome!

Prerequisites

Build

git clone https://github.com/env0/terratag
cd terratag
go mod tidy
go build ./cmd/terratag

Test

Structure

The test cases are located under test/tests Each test case placed there should have the following directory structure:

my_test
|+ input
  ...            // any depth under /input
     |- main.tf  // this is where we will run all terraform/terratag commands
|- expected

Each terraform version has it's own config file containing the list of test suites to run. The config file is under test/fixtures/terraform_xx/config.yaml where xx is the terraform version.

What's being tested?

Each test will run:

And finally, will compare the results in out with the expected directory

Running Tests

Tests can only run on a specific Terraform version -

go test -run TestTerraformXX

We use tfenv to switch between versions. The exact versions used in the CI tests can be found under test/tfenvconf.

Release

  1. Create and push a tag locally, in semver format - git tag v0.1.32 && git push origin --tags
  2. Goto Github Releases and edit the draft created by Release Drafter Bot - it should contain the change log for the release (if not press on Auto-generate release notes). Make sure it's pointing at the tag you created in the previous step and publish the release.
  3. Binaries will be automatically generated by the Github action defined in .github/workflows/release.yml
  4. NPM will automatically pick up on the new version.