Support for IBM Cloud access management tags

[data-henrik]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

IBM Cloud allows to tag resources for access management. They can be defined and assigned. Support is missing.

https://cloud.ibm.com/apidocs/tagging#create-tag

[data-henrik]

Seem like #2472 will add it

[data-henrik]

It seems to me that only user tags, but not access tags can be created. Note that access tags need to be created before attaching them. With the mandatory resource_id it is not possible create them without attaching. Attaching a non-existent access tag gives an error and does not create it.

[willholley]

Additionally, it seems like it's not possible to define an ibm_iam_access_group_policy which controls access by tag using Terraform.

[mkrudele]

My understanding is that the IBM Cloud plugin only models the resource-tag relation. It does not model the tag itself. In fact you can manage attaching/detaching tags on a resource, but you cannot create/list/delete tags in an account (create is the most important because it is required for access management tags. User tags don't need to be created in advance because the system does that automatically).
Wouldn't be better to define a new resource e.g. ibm_iam_access_tag to apply/destroy access management tags?

[data-henrik]

Any progress?

[l2fprod]

@hkantare @kavya498 any chance to get #3321 merged?