Skip to content

Commit f102fc9

Browse files
Merge branch 'terraform-google-modules:main' into network-dns-refactory
2 parents 488ced4 + e3fc764 commit f102fc9

File tree

4 files changed

+27
-2
lines changed

4 files changed

+27
-2
lines changed

0-bootstrap/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -515,6 +515,7 @@ The following steps will guide you through deploying without using Cloud Build.
515515

516516
| Name | Description | Type | Default | Required |
517517
|------|-------------|------|---------|:--------:|
518+
| attribute\_condition | Workload Identity Pool Provider attribute condition expression. [More info](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool_provider#attribute_condition) | `string` | `null` | no |
518519
| billing\_account | The ID of the billing account to associate projects with. | `string` | n/a | yes |
519520
| bucket\_force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | `bool` | `false` | no |
520521
| bucket\_prefix | Name prefix to use for state bucket created. | `string` | `"bkt"` | no |

0-bootstrap/github.tf.example

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,12 +93,13 @@ module "gh_cicd" {
9393

9494
module "gh_oidc" {
9595
source = "terraform-google-modules/github-actions-runners/google//modules/gh-oidc"
96-
version = "~> 3.1"
96+
version = "~> 4.0"
9797

9898
project_id = module.gh_cicd.project_id
9999
pool_id = "foundation-pool"
100100
provider_id = "foundation-gh-provider"
101101
sa_mapping = local.sa_mapping
102+
attribute_condition = "assertion.repository_owner=='${var.gh_repos.owner}'"
102103
}
103104

104105
resource "github_actions_secret" "secrets" {
@@ -116,3 +117,20 @@ resource "google_service_account_iam_member" "self_impersonate" {
116117
role = "roles/iam.serviceAccountTokenCreator"
117118
member = "serviceAccount:${google_service_account.terraform-env-sa[each.key].email}"
118119
}
120+
121+
module "gcp_projects_state_bucket" {
122+
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
123+
version = "~> 8.0"
124+
125+
name = "${var.bucket_prefix}-${module.seed_bootstrap.seed_project_id}-gcp-projects-tfstate"
126+
project_id = module.seed_bootstrap.seed_project_id
127+
location = var.default_region
128+
force_destroy = var.bucket_force_destroy
129+
130+
encryption = {
131+
default_kms_key_name = local.state_bucket_kms_key
132+
}
133+
134+
depends_on = [module.seed_bootstrap.gcs_bucket_tfstate]
135+
}
136+

0-bootstrap/variables.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,12 @@
1414
* limitations under the License.
1515
*/
1616

17+
variable "attribute_condition" {
18+
type = string
19+
description = "Workload Identity Pool Provider attribute condition expression. [More info](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool_provider#attribute_condition)"
20+
default = null
21+
}
22+
1723
variable "org_id" {
1824
description = "GCP Organization ID"
1925
type = string

CODEOWNERS

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# NOTE: This file is automatically generated from values at:
22
# https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf
33

4-
* @terraform-google-modules/cft-admins @eeaton @gtsorbo @rjerrems @sleighton2022
4+
* @terraform-google-modules/cft-admins @eeaton @rjerrems @sleighton2022
55

66
# NOTE: GitHub CODEOWNERS locations:
77
# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection

0 commit comments

Comments
 (0)