Skip to content

Latest commit

 

History

History
60 lines (49 loc) · 5.5 KB

TERRAFORM.md

File metadata and controls

60 lines (49 loc) · 5.5 KB
Raw

Requirements

Name Version
terraform ~> 1
google >= 4, < 5
google-beta >= 4, < 5

Providers

Name Version
google 4.84.0
google-beta 4.84.0

Modules

No modules.

Resources

Name Type
google-beta_google_iam_workload_identity_pool.pool resource
google-beta_google_iam_workload_identity_pool_provider.provider resource
google-beta_google_service_account_iam_member.sa resource
google_project_iam_member.sa resource
google_project_service.service resource
google_service_account.sa resource
google_service_account_iam_member.principal resource

Inputs

Name Description Type Default Required
allowed_audiences Workload Identity Pool Provider allowed audiences, Terraform Cloud list(string) [] no
attach_default_roles Attach default IAM Editor role which allows management of all resources list(string) 
[
  "roles/editor",
  "roles/iam.workloadIdentityUser"
]
 no
attach_extra_roles Attach extra IAM roles to service account list(string) [] no
attribute_condition Workload Identity Pool Provider attribute condition expression string null no
attribute_mapping Workload Identity Pool Provider attribute mapping, Token Specification map(any) 
{
  "attribute.actor": "assertion.actor",
  "attribute.aud": "assertion.aud",
  "attribute.ref": "assertion.ref",
  "attribute.repository": "assertion.repository",
  "google.subject": "assertion.sub"
}
 no
enable_required_services Enabled required Services APIs list(string) 
[
  "iam.googleapis.com",
  "iamcredentials.googleapis.com",
  "cloudresourcemanager.googleapis.com",
  "sts.googleapis.com"
]
 no
issuer_uri Workload Identity Pool Issuer URL string "https://token.actions.githubusercontent.com" no
pool_id Workload Identity Pool ID string n/a yes
project_id Project ID to create Workload ID Pool string n/a yes
repositories List of repository organisation and branche names 
list(object({
    org_name   = string
    repository = string
  }))
 
[
  {
    "org_name": null,
    "repository": null
  }
]
 no

Outputs

Name Description
pool_display_name Pool display name
pool_id Pool ID
pool_name Pool name
provider_display_name Provider display name
provider_id Provider ID
provider_name Provider name
service_account_display_name Service account display name
service_account_email Service account email
service_account_id Service account ID
service_account_name Service account name