Overview
In this section, you learn how to attach, detach, and list tags on Datastream resources, such as private connectivity configurations, connection profiles, and streams. For an overview of tags on Datastream, see Access control with tags.
A tag is a key-value pair that can be attached to an organization, folder, or project. You can use tags to allow or deny policies conditionally based on whether a resource has a specific tag.
For example, you might want to specify production, test, and development environments for resources in your resource hierarchy. To do this, you would create a key for your tag that describes the tag that you're creating. For this example, you could create a key with the name env
.
After creating the key, you can create the different values that the key can have. For this example, after you create the tag key named env
, you would specify that there are three potential environments, and create a value for each: prod
, test
, and dev
.
In addition to attaching, detaching, and listing tags on Datastream resources, you can use the API or gcloud
to perform the following actions to manage tags:
- Create a tag
- View a key for a tag
- Add values to the tag key
- Retrieve tag values
- Update tags
- List tag keys
- List tag values
- Delete tags
For more information on how to perform these actions through the API or gcloud
, see Creating and managing tags.
Before you begin
Tags are managed through the Resource Manager. You need the following Datastream identity and access management (IAM) permissions to view and set tags on Datastream resources:
datastream.connectionProfiles.createTagBinding
datastream.connectionProfiles.deleteTagBinding
datastream.connectionProfiles.listTagBindings
datastream.connectionProfiles.listEffectiveTags
datastream.streams.createTagBinding
datastream.streams.deleteTagBinding
datastream.streams.listTagBindings
datastream.streams.listEffectiveTags
datastream.privateConnections.createTagBinding
datastream.privateConnections.deleteTagBinding
datastream.privateConnections.listTagBindings
datastream.privateConnections.listEffectiveTags
Attach tags to Datastream resources
After you've created and defined a tag using Resource Manager, you can attach the tag directly to your Datastream resource.
For example:
- The tag value is
815471563813/environment/development
.815471563813
is the organization ID.environment
is the tag key.development
is the tag value.
- Your project name is
my-project
. - Your stream name is
my-stream
. - Your instance is in
us-central1
.
The following gcloud
command attaches the tag to a resource, in this case,
my-stream
:
gcloud alpha resource-manager tags bindings create \
--tag-value=815471563813/environment/development \
--parent=//datastream.googleapis.com/projects/my-project/streams/my-stream \
--location=us-central1
Detach tags from Datastream resources
The following gcloud
command detaches the tag from my-stream
:
gcloud alpha resource-manager tags bindings delete \
--tag-value=815471563813/environment/development \
--parent=//datastream.googleapis.com/projects/my-project/streams/my-stream \
--location=us-central1
List tags on Datastream resources
The following gcloud
command lists all tags directly attached to my-stream
,
except tags that my-stream
has inherited:
gcloud alpha resource-manager tags bindings list \
--parent=//datastream.googleapis.com/projects/my-project/streams/my-stream \
--location=us-central1
What's next
- For an overview of tags on Datastream, see Access control with tags.
- For more detailed instructions about tags, see Attach tags to resources.