From 995f3870209b66f8c63677bab1e016e246479413 Mon Sep 17 00:00:00 2001
From: TJ Hoplock <t.hoplock@gmail.com>
Date: Mon, 4 Mar 2024 22:20:36 -0500
Subject: [PATCH] docs: update README and example config for firewall support

---
 README.md                | 3 ++-
 packaging/etc/tagger.yml | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 773ccb1..04bcf5a 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,7 @@ Tagger is an application that can enforce the presence/absence of API tags in bu
 | NodeBalancers | `nodebalancers:read_write` |
 | Domains | `domains:read_write` |
 | LKEClusters | `lke:read_write` |
+| Firewalls | `firewall:read_write` |
 
 ## Motivation
 
@@ -21,7 +22,7 @@ Tools like Terraform/Pulumi that are capable of programmatically managing all as
 
 API tags provide a powerful and flexible way to dynamically annotate infrastructure. With tools like [Prometheus](https://prometheus.io), you can even discover monitoring targets using [Linode Service Discovery](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config) based on API tags.
 
-So it's helpful to be able to manage tags on Linode APIv4 resources en-masse -- but how can that be done in an idempotent and consistent way? This is where `tagger` comes into play. With tagger, you write a configuration file defining a list of tag rules for each of the various Linode APIv4 taggable objects (instances, domains, nodebalancers, volumes, LKE clusters).
+So it's helpful to be able to manage tags on Linode APIv4 resources en-masse -- but how can that be done in an idempotent and consistent way? This is where `tagger` comes into play. With tagger, you write a configuration file defining a list of tag rules for each of the various Linode APIv4 taggable objects (instances, domains, nodebalancers, volumes, LKE clusters, firewalls).
 
 Each rule is a regex to be matched against the resource's human-readable label, and a list of tags that should be enforced as either `present` or `absent` on the resource. `tagger` is idempotent and doesn't update resources unless required, and can be run in `--dry-run` mode to see what changes are waiting. JSON output is provided as well with the `--json` flag for easy manipulation/inspection of the diffs and integration with other tools. Full help text:
 
diff --git a/packaging/etc/tagger.yml b/packaging/etc/tagger.yml
index 4bc69de..01b6ced 100644
--- a/packaging/etc/tagger.yml
+++ b/packaging/etc/tagger.yml
@@ -36,3 +36,10 @@ tagger:
       absent:
         - tagger_absent_1
         - tagger_absent_2
+  firewalls:
+  - regex: '.+'
+    tags:
+      present:
+        - tagger_managed_1
+      absent:
+        - tagger_absent_1