| Name | tf-tagguard JSON |
| Version |
1.0.0
JSON |
| download |
| home_page | None |
| Summary | CLI tool to validate and enforce AWS tags for resources deployed using Terraform. Targeted for CI/CD pipelines and CLI environments. |
| upload_time | 2025-09-15 10:39:35 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.8 |
| license | MIT |
| keywords |
terraform
aws
tags
validation
ci/cd
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# tf-tagguard
[](https://pypi.org/project/tf-tagguard/)
[](LICENSE)
[](https://python.org)
[](tests/)
`tf-tagguard` is a production-ready CLI tool to validate and enforce AWS tags on resources deployed via Terraform. It features intelligent resource detection, comprehensive validation, and seamless CI/CD integration for **enterprise-grade** tagging compliance.
---
## Features
- **Smart Resource Detection**: Auto-detects taggable AWS resources using Terraform provider schema
- **Action Filtering**: Option to validate only resources being created/updated/replaced
- **Tag Validation**: Presence, exact values, lists, and regex patterns
- **Terraform Integration**: Shows Terraform and AWS provider versions
- **Non-taggable Skipping**: Automatically skips resources that don't support tags
- **Comprehensive Reporting**: Detailed validation results with resource counts
- **CI/CD Ready**: Proper exit codes and structured output
---
## Installation
```
pip install tf-tagguard
```
## CLI Usage
```
validatetags-tf PLAN_FILE [OPTIONS]
```
| Option | Description | Example |
|--------|-------------|---------|
| `-r, --required-tags` | Comma-separated list of required tags (presence only). | `--required-tags Name,Environment` |
| `-v, --value-tags` | List of tags with expected values. Supports: <br> - **Exact value** → `key=value` <br> - **List of allowed values** → `key=[v1,v2,v3]` <br> - **Regex pattern** → `key=^regex$` | `Environment=dev` <br> `Team=[dev,ops,qa]` <br> `Owner=^user.*$` |
| `-d, --delta` | Only validate resources being created/updated/replaced | `--delta` |
| `--no-terraform-detection` | Disable automatic taggable resource detection | `--no-terraform-detection` |
## Examples
### Basic Usage
```bash
# Validate required tags with smart resource detection
validatetags-tf plan.json -r Name,Environment,Owner
# Validate only resources being modified (delta mode)
validatetags-tf plan.json -r Name,Environment --delta
# Validate tag values with multiple types
validatetags-tf plan.json -v "Environment=[dev,prod]" -v "Owner=^user.*$"
```
### Advanced Usage
```bash
# Disable Terraform detection (validate all resources)
validatetags-tf plan.json -r Name --no-terraform-detection
# Combined validation with delta mode
validatetags-tf plan.json -r Name -v "Environment=[dev,prod]" --delta
# Complex validation
validatetags-tf plan.json \
-r Name,Environment,Owner \
-v "Team=[ops,dev,qa]" \
-v "Owner=^user[0-9]+$" \
-v "CostCenter=[1000,2000,3000]" \
--delta
```
**NOTE:**
⚠️ Tags declared in both `-r` and `-v` will trigger a warning, as a fallback mechanisim `-v` values take precedence.
### Terraform Plan JSON
tf-tagguard expects a Terraform plan in JSON format. Generate it with:
```bash
terraform plan -out=tfplan.binary
terraform show -json tfplan.binary > plan.json
```
## Exit Codes
| Code | Description |
|------|-------------|
| `0` | ✅ All validations passed |
| `1` | ❌ Validation failed or error occurred |
## Advanced Usage
### Smart Resource Detection
tf-tagguard automatically detects which AWS resources support tagging:
```bash
# Shows Terraform version, provider version, and detected resource types
validatetags-tf plan.json -r Name,Environment
# Output:
# Using Terraform Version: 1.7.2
# AWS Provider Version: 5.31.0
# Detected 200+ taggable resource types
# Validated 15 resources (all resources)
# Skipped 3 non-taggable resources:
# - data.aws_caller_identity.current
# - random_id.bucket_suffix
# - aws_iam_policy_document.assume_role
#
# All 15 validated resources passed tag validation.
```
### Delta Mode (Only Modified Resources)
```bash
# Only validate resources being created, updated, or replaced
validatetags-tf plan.json -r Name,Environment --delta
# Perfect for CI/CD pipelines - faster execution
```
### Multiple Value Tags
Use separate `-v` flags for multiple validations:
```bash
validatetags-tf plan.json \
-v "Environment=[dev,staging,prod]" \
-v "Team=[ops,dev,qa]" \
-v "Owner=^user.*$" \
--delta
```
<!-- ### CI/CD Integration
**GitHub Actions:**
```yaml
- name: Validate Terraform Tags
run: |
terraform plan -out=tfplan.binary
terraform show -json tfplan.binary > plan.json
validatetags-tf plan.json -r Name,Environment,Owner --delta
```
**GitLab CI:**
```yaml
validate_tags:
script:
- terraform plan -out=tfplan.binary
- terraform show -json tfplan.binary > plan.json
- validatetags-tf plan.json -r Name,Environment,Owner --delta
```
**Azure DevOps:**
```yaml
- script: |
terraform plan -out=tfplan.binary
terraform show -json tfplan.binary > plan.json
validatetags-tf plan.json -r Name,Environment,Owner --delta
displayName: 'Validate Terraform Tags'
``` -->
## Contributing
Contributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## Changelog
See [CHANGELOG.md](CHANGELOG.md) for version history and changes.
Raw data
{
"_id": null,
"home_page": null,
"name": "tf-tagguard",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "terraform, aws, tags, validation, ci/cd",
"author": null,
"author_email": "Mxyzptlk <noreply@noreply.com>",
"download_url": null,
"platform": null,
"description": "# tf-tagguard\r\n\r\n[](https://pypi.org/project/tf-tagguard/)\r\n[](LICENSE)\r\n[](https://python.org)\r\n[](tests/)\r\n\r\n`tf-tagguard` is a production-ready CLI tool to validate and enforce AWS tags on resources deployed via Terraform. It features intelligent resource detection, comprehensive validation, and seamless CI/CD integration for **enterprise-grade** tagging compliance.\r\n\r\n---\r\n\r\n## Features\r\n\r\n- **Smart Resource Detection**: Auto-detects taggable AWS resources using Terraform provider schema\r\n- **Action Filtering**: Option to validate only resources being created/updated/replaced\r\n- **Tag Validation**: Presence, exact values, lists, and regex patterns\r\n- **Terraform Integration**: Shows Terraform and AWS provider versions\r\n- **Non-taggable Skipping**: Automatically skips resources that don't support tags\r\n- **Comprehensive Reporting**: Detailed validation results with resource counts\r\n- **CI/CD Ready**: Proper exit codes and structured output\r\n\r\n---\r\n\r\n## Installation\r\n\r\n```\r\npip install tf-tagguard\r\n```\r\n## CLI Usage\r\n\r\n```\r\nvalidatetags-tf PLAN_FILE [OPTIONS]\r\n```\r\n\r\n| Option | Description | Example |\r\n|--------|-------------|---------|\r\n| `-r, --required-tags` | Comma-separated list of required tags (presence only). | `--required-tags Name,Environment` |\r\n| `-v, --value-tags` | List of tags with expected values. Supports: <br> - **Exact value** \u2192 `key=value` <br> - **List of allowed values** \u2192 `key=[v1,v2,v3]` <br> - **Regex pattern** \u2192 `key=^regex$` | `Environment=dev` <br> `Team=[dev,ops,qa]` <br> `Owner=^user.*$` |\r\n| `-d, --delta` | Only validate resources being created/updated/replaced | `--delta` |\r\n| `--no-terraform-detection` | Disable automatic taggable resource detection | `--no-terraform-detection` |\r\n\r\n## Examples\r\n\r\n### Basic Usage\r\n```bash\r\n# Validate required tags with smart resource detection\r\nvalidatetags-tf plan.json -r Name,Environment,Owner\r\n\r\n# Validate only resources being modified (delta mode)\r\nvalidatetags-tf plan.json -r Name,Environment --delta\r\n\r\n# Validate tag values with multiple types\r\nvalidatetags-tf plan.json -v \"Environment=[dev,prod]\" -v \"Owner=^user.*$\"\r\n```\r\n\r\n### Advanced Usage\r\n```bash\r\n# Disable Terraform detection (validate all resources)\r\nvalidatetags-tf plan.json -r Name --no-terraform-detection\r\n\r\n# Combined validation with delta mode\r\nvalidatetags-tf plan.json -r Name -v \"Environment=[dev,prod]\" --delta\r\n\r\n# Complex validation\r\nvalidatetags-tf plan.json \\\r\n -r Name,Environment,Owner \\\r\n -v \"Team=[ops,dev,qa]\" \\\r\n -v \"Owner=^user[0-9]+$\" \\\r\n -v \"CostCenter=[1000,2000,3000]\" \\\r\n --delta\r\n```\r\n\r\n**NOTE:**\r\n\r\n\u26a0\ufe0f Tags declared in both `-r` and `-v` will trigger a warning, as a fallback mechanisim `-v` values take precedence.\r\n\r\n### Terraform Plan JSON\r\n\r\ntf-tagguard expects a Terraform plan in JSON format. Generate it with:\r\n\r\n```bash\r\nterraform plan -out=tfplan.binary\r\nterraform show -json tfplan.binary > plan.json\r\n```\r\n\r\n## Exit Codes\r\n\r\n| Code | Description |\r\n|------|-------------|\r\n| `0` | \u2705 All validations passed |\r\n| `1` | \u274c Validation failed or error occurred |\r\n\r\n## Advanced Usage\r\n\r\n### Smart Resource Detection\r\ntf-tagguard automatically detects which AWS resources support tagging:\r\n\r\n```bash\r\n# Shows Terraform version, provider version, and detected resource types\r\nvalidatetags-tf plan.json -r Name,Environment\r\n\r\n# Output:\r\n# Using Terraform Version: 1.7.2\r\n# AWS Provider Version: 5.31.0\r\n# Detected 200+ taggable resource types\r\n# Validated 15 resources (all resources)\r\n# Skipped 3 non-taggable resources:\r\n# - data.aws_caller_identity.current\r\n# - random_id.bucket_suffix\r\n# - aws_iam_policy_document.assume_role\r\n#\r\n# All 15 validated resources passed tag validation.\r\n```\r\n\r\n### Delta Mode (Only Modified Resources)\r\n```bash\r\n# Only validate resources being created, updated, or replaced\r\nvalidatetags-tf plan.json -r Name,Environment --delta\r\n\r\n# Perfect for CI/CD pipelines - faster execution\r\n```\r\n\r\n### Multiple Value Tags\r\nUse separate `-v` flags for multiple validations:\r\n\r\n```bash\r\nvalidatetags-tf plan.json \\\r\n -v \"Environment=[dev,staging,prod]\" \\\r\n -v \"Team=[ops,dev,qa]\" \\\r\n -v \"Owner=^user.*$\" \\\r\n --delta\r\n```\r\n\r\n<!-- ### CI/CD Integration\r\n\r\n**GitHub Actions:**\r\n```yaml\r\n- name: Validate Terraform Tags\r\n run: |\r\n terraform plan -out=tfplan.binary\r\n terraform show -json tfplan.binary > plan.json\r\n validatetags-tf plan.json -r Name,Environment,Owner --delta\r\n```\r\n\r\n**GitLab CI:**\r\n```yaml\r\nvalidate_tags:\r\n script:\r\n - terraform plan -out=tfplan.binary\r\n - terraform show -json tfplan.binary > plan.json\r\n - validatetags-tf plan.json -r Name,Environment,Owner --delta\r\n```\r\n\r\n**Azure DevOps:**\r\n```yaml\r\n- script: |\r\n terraform plan -out=tfplan.binary\r\n terraform show -json tfplan.binary > plan.json\r\n validatetags-tf plan.json -r Name,Environment,Owner --delta\r\n displayName: 'Validate Terraform Tags'\r\n``` -->\r\n\r\n## Contributing\r\n\r\nContributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\r\n\r\n## License\r\n\r\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\r\n\r\n## Changelog\r\n\r\nSee [CHANGELOG.md](CHANGELOG.md) for version history and changes.\r\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "CLI tool to validate and enforce AWS tags for resources deployed using Terraform. Targeted for CI/CD pipelines and CLI environments.",
"version": "1.0.0",
"project_urls": {
"homepage": "https://github.com/name/tf-tagguard",
"repository": "https://github.com/name/tf-tagguard/issues"
},
"split_keywords": [
"terraform",
" aws",
" tags",
" validation",
" ci/cd"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "58ad34bafc1d042838a237fbc373483305696394dba142ef7baaa3e8e42334c3",
"md5": "622b4baa460d80aade415b8001f6d036",
"sha256": "ad8a0924327acf99050d48a974615f2d4721c4feddd50268fea9b77335ac61d1"
},
"downloads": -1,
"filename": "tf_tagguard-1.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "622b4baa460d80aade415b8001f6d036",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 9565,
"upload_time": "2025-09-15T10:39:35",
"upload_time_iso_8601": "2025-09-15T10:39:35.338740Z",
"url": "https://files.pythonhosted.org/packages/58/ad/34bafc1d042838a237fbc373483305696394dba142ef7baaa3e8e42334c3/tf_tagguard-1.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-15 10:39:35",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "name",
"github_project": "tf-tagguard",
"github_not_found": true,
"lcname": "tf-tagguard"
}
