Callonski · January 16, 2022 17:31
diff --git a/Workload Identity b/Workload Identity
 // First create a Workload Identity Pool
 resource "google_iam_workload_identity_pool" "github" {
  provider                  = google-beta
  project                   = var.project_id
  workload_identity_pool_id = "github"
  display_name              = "Github Actions"
  description               = "Used to authenticate Github Actions without Service Account Keys"
 }

 // Create a Workload Identity Provider in that pool:
 resource "google_iam_workload_identity_pool_provider" "github" {
  provider                           = google-beta
  workload_identity_pool_id          = google_iam_workload_identity_pool.github.workload_identity_pool_id
  workload_identity_pool_provider_id = "github"
  display_name                       = "Github OIDC Identity Provider"
  description                        = "OIDC identity pool provider for Github Actions"
  attribute_mapping = {
    "google.subject"       = "assertion.sub"
    "attribute.actor"      = "assertion.actor"
    "attribute.aud"        = "assertion.aud"
    "attribute.repository" = "assertion.repository"
  }
  oidc {
    allowed_audiences = [
    "https://iam.googleapis.com/projects/${data.google_project.project.number}/locations/global/workloadIdentityPools/${google_iam_workload_identity_pool.github.workload_identity_pool_id}/providers/github", ]
    issuer_uri = "https://token.actions.githubusercontent.com"
  }
 }
 data "google_project" "project" {
 }
	// First create a Workload Identity Pool
	resource "google_iam_workload_identity_pool" "github" {
	provider = google-beta
	project = var.project_id
	workload_identity_pool_id = "github"
	display_name = "Github Actions"
	description = "Used to authenticate Github Actions without Service Account Keys"
	}

	// Create a Workload Identity Provider in that pool:
	resource "google_iam_workload_identity_pool_provider" "github" {
	provider = google-beta
	workload_identity_pool_id = google_iam_workload_identity_pool.github.workload_identity_pool_id
	workload_identity_pool_provider_id = "github"
	display_name = "Github OIDC Identity Provider"
	description = "OIDC identity pool provider for Github Actions"
	attribute_mapping = {
	"google.subject" = "assertion.sub"
	"attribute.actor" = "assertion.actor"
	"attribute.aud" = "assertion.aud"
	"attribute.repository" = "assertion.repository"
	}
	oidc {
	allowed_audiences = [
	"https://iam.googleapis.com/projects/${data.google_project.project.number}/locations/global/workloadIdentityPools/${google_iam_workload_identity_pool.github.workload_identity_pool_id}/providers/github", ]
	issuer_uri = "https://token.actions.githubusercontent.com"
	}
	}
	data "google_project" "project" {
	}
No results found