Skip to content

add tags to s3 backend files #30121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ArtyMaury wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add tags to s3 backend files #30121

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions internal/backend/remote-state/s3/backend.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,13 @@ func New() backend.Backend {
Default: "",
},

"tags": {
Copy link
Contributor

@bschaatsbergen bschaatsbergen Jan 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be worth considering renaming this argument to object_tags or bring it under an object block to clearly indicate where the tags are being applied. Have you thought about this already?

Added, I think that a more Terraform-native approach is cleaner than a string of tags, in a way similar to the tags block used for AWS provider-managed resources:

object_tags = {
  Environment = "Test"
}

See the existing assume_role block schema, already featuring tags. I would imagine that this simply uses cty.Map(cty.String).

Type: schema.TypeString,
Optional: true,
Description: "The tag-set for the object. The tag-set must be encoded as URL Query parameters. (For example, “Key1=Value1”)",
Default: "",
},

"access_key": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -280,6 +287,7 @@ type Backend struct {
serverSideEncryption bool
customerEncryptionKey []byte
acl string
tags string
kmsKeyID string
ddbTable string
workspaceKeyPrefix string
Expand All @@ -302,6 +310,7 @@ func (b *Backend) configure(ctx context.Context) error {
b.bucketName = data.Get("bucket").(string)
b.keyName = data.Get("key").(string)
b.acl = data.Get("acl").(string)
b.tags = data.Get("tags").(string)
b.workspaceKeyPrefix = data.Get("workspace_key_prefix").(string)
b.serverSideEncryption = data.Get("encrypt").(bool)
b.kmsKeyID = data.Get("kms_key_id").(string)
Expand Down
1 change: 1 addition & 0 deletions internal/backend/remote-state/s3/backend_state.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ func (b *Backend) remoteClient(name string) (*RemoteClient, error) {
serverSideEncryption: b.serverSideEncryption,
customerEncryptionKey: b.customerEncryptionKey,
acl: b.acl,
tags: b.tags,
kmsKeyID: b.kmsKeyID,
ddbTable: b.ddbTable,
}
Expand Down
1 change: 1 addition & 0 deletions internal/backend/remote-state/s3/backend_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -471,6 +471,7 @@ func TestBackendExtraPaths(t *testing.T) {
path: b.path("s1"),
serverSideEncryption: b.serverSideEncryption,
acl: b.acl,
tags: b.tags,
kmsKeyID: b.kmsKeyID,
ddbTable: b.ddbTable,
}
Expand Down
5 changes: 5 additions & 0 deletions internal/backend/remote-state/s3/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ type RemoteClient struct {
serverSideEncryption bool
customerEncryptionKey []byte
acl string
tags string
kmsKeyID string
ddbTable string
}
Expand Down Expand Up @@ -176,6 +177,10 @@ func (c *RemoteClient) Put(data []byte) error {
i.ACL = aws.String(c.acl)
}

if c.tags != "" {
i.Tagging = aws.String(c.tags)
}

log.Printf("[DEBUG] Uploading remote state to S3: %#v", i)

_, err := c.s3Client.PutObject(i)
Expand Down
1 change: 1 addition & 0 deletions website/docs/language/settings/backends/s3.html.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ The following configuration is required:
The following configuration is optional:

* `acl` - (Optional) [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) to be applied to the state file.
* `tags` - (Optional) The [tags](https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging-managing.html) for the object. The tag-set must be encoded as URL Query parameters. (For example, “Key1=Value1”).
* `encrypt` - (Optional) Enable [server side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html) of the state file.
* `endpoint` - (Optional) Custom endpoint for the AWS S3 API. This can also be sourced from the `AWS_S3_ENDPOINT` environment variable.
* `force_path_style` - (Optional) Enable path-style S3 URLs (`https://<HOST>/<BUCKET>` instead of `https://<BUCKET>.<HOST>`).
Expand Down