Skip to content

SPHTech-Platform/terraform-google-tfc-workload-identity

BranchesTags

Repository files navigation

Terraform Modules Template

Workload Identity Pool Provider ID

The ID is created with the format <organization>-<workspace name>. If the entire string is longer than 32 characters (GCP's limit), the name is truncated to become:

locals {
  k = "${organization}-${workspace_name}"

  id = join("-", [substr(k, 0, 23), substr(sha512(k), 0, 8)])
}

Requirements

Name Version
terraform >= 1.0
google >= 4.0

Providers

Name Version
google >= 4.0

Modules

No modules.

Resources

Name Type
google_iam_workload_identity_pool.tfc resource
google_iam_workload_identity_pool_provider.workspaces resource
google_project_service.required resource
google_service_account.tfc resource
google_service_account_iam_member.all resource
google_project.this data source

Inputs

Name Description Type Default Required
allowed_audiences List of allowwed audiences for the provider list(string) 
[
  "tfc.workload.identity"
]
 no
create_all_service_account Create service account that allows all identities in the pool to impersonate bool true no
oidc_attributes_mapping Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes map(string) 
{
  "attribute.aud": "assertion.aud",
  "attribute.terraform_full_workspace": "assertion.terraform_full_workspace",
  "attribute.terraform_organization_id": "assertion.terraform_organization_id",
  "attribute.terraform_organization_name": "assertion.terraform_organization_name",
  "attribute.terraform_run_id": "assertion.terraform_run_id",
  "attribute.terraform_run_phase": "assertion.terraform_run_phase",
  "attribute.terraform_workspace_id": "assertion.terraform_workspace_id",
  "attribute.terraform_workspace_name": "assertion.terraform_workspace_name",
  "google.subject": "assertion.sub"
}
 no
project GCP Project ID string null no
service_account_description Description of the service account string "Used by Terraform Cloud" no
service_account_display_name Display name of the service account string "Terraform Cloud" no
service_account_id Service Account ID string "terraform-cloud" no
workload_identity_pool_description Description of the workload identity pool string "Terraform Cloud Workload Identity" no
workload_identity_pool_display_name Display name of TFC Workload Identity Pool string "Terraform Cloud" no
workload_identity_pool_id Workload Identity Pool ID string "terraform-cloud" no
workspaces Map of workspaces to allow access to. Workspace names are prefixes. map(list(string)) n/a yes

Outputs

Name Description
project_number GCP Project Number
service_account_email Email of the service account created to allow all identities in the pool to impersonate
service_account_name Name of the service account created to allow all identities in the pool to impersonate
workload_identity_pool_id Workload Identity Pool ID
workload_identity_pool_principal_base Base URI of the workload identity pool principal
workload_identity_pool_principalset_base Base URI of the workload identity pool principalset
workload_identity_pool_providers Workload Identity Pool Providers

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 5

v0.3.0 Latest
Oct 31, 2023
+ 4 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages