My notes and ramblings, normally about automation

Terraform Cloud Introduces Workspace Tags

· Read in about 3 min · (435 Words)

Managing infrastructure as code at scale can be a challenge to many organizations. While HashiCorp Terraform Cloud provides organizations with a fast and easy way to adopt Terraform, managing workspaces can bring about obstacles requiring additional planning and visibility. Now, they announced workspace tags that give you an easier way to organize and filter your workspaces within the top-level workspaces page.

Workspace Tags

Workspace tags bring additional contextual awareness to the workspace level. The usage of tags allows you to correlate, organize, and even filter workspaces based on the assigned tags.

The workspaces page, which lists all the available workspaces in an organization, now features the assigned tags next to their respective names. A “Filter by Tag” button is also available as an option. You can use the button to select one or multiple tags to isolate only those workspaces with the specified tags. The “Clear Filters” option will return you to the default list of workspaces. Your browser’s URL address bar will update so you can easily bookmark or share your filtered view with others.

Terraform Cloud UI - Organization Workspace View

The workspace overview page has been updated to provide an easy option to manage tags. There is an additional panel to create, assign, and remove tags through the “search for or create a new tag” dropdown box. Tag names are defined by a combination of alphanumeric characters and colons.

Additionally, the workspace overview page provides an option for you to interact with the assigned tags. Clicking a tag will take you to the top-level workspaces page, presenting a filtered view of only those workspaces which also are assigned that tag.

Terraform Cloud UI - Workspace Overview - Select a Tag

Administrators have the ability to delete tags at the organization level and en masse. The organization’s Settings panel has a subsection for tags as well. Here, you can select one or more tags to remove from the organization. Alternatively, managing tags are also available at the API level through the Organization Tags API and will soon be available in the TFE provider.

Terraform Cloud UI - Organization Settings - Tag Management

Tags also make themselves available in one other area. Sentinel, HashiCorp’s policy as code framework, can reference tags as part of the tfrundata. This allows you to be able to dynamically apply Sentinel policies based on whether or not a specific tag has been applied to a workspace. One such example can be seen as follows:

is_production = filter tfrun.workspace.tags as _, tag {
		tag is "source:azure"
} is not empty

You can find a more complete policy example in the Sentinel Playground. The example has mock tfplan and tfrun data alongside a Sentinel policy that includes the above code block to check for a particular tag.