cloud-foundation-fabric/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md

# Terraform Enterprise OIDC Credential for GCP Workload Identity Federation

This is a helper module to prepare GCP Credentials from Terraform Enterprise workload identity token. For more information see [Terraform Enterprise Workload Identity Federation](../) blueprint.

## Example
```hcl
module "tfe_oidc" {
  source = "./tfc-oidc"

  impersonate_service_account_email  = "tfe-test@tfe-test-wif.iam.gserviceaccount.com"
}

provider "google" {
  credentials = module.tfe_oidc.credentials
}

provider "google-beta" {
  credentials = module.tfe_oidc.credentials
}

# tftest skip
```
<!-- BEGIN TFDOC -->

## Variables

| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [impersonate_service_account_email](variables.tf#L17) | Service account to be impersonated by workload identity federation. | <code>string</code> | ✓ |  |
| [tmp_oidc_token_path](variables.tf#L22) | Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. | <code>string</code> |  | <code>&#34;.oidc_token&#34;</code> |

## Outputs

| name | description | sensitive |
|---|---|:---:|
| [credentials](outputs.tf#L17) | Credentials in format to pass the to gcp provider. |  |

<!-- END TFDOC -->
feat: TFE OIDC with GCP WIF blueprint added. 2022-10-25 04:04:27 -07:00			`# Terraform Enterprise OIDC Credential for GCP Workload Identity Federation`

			`This is a helper module to prepare GCP Credentials from Terraform Enterprise workload identity token. For more information see [Terraform Enterprise Workload Identity Federation](../) blueprint.`

			`## Example`
			```hcl
			`module "tfe_oidc" {`
feat(blueprints): get audience from tfc environment Fix typo in documentation and get audience from Terraform Cloud `TFC_WORKLOAD_IDENTITY_AUDIENCE` environment variable. 2022-12-03 09:04:41 -08:00			`source = "./tfc-oidc"`
feat: TFE OIDC with GCP WIF blueprint added. 2022-10-25 04:04:27 -07:00
			`impersonate_service_account_email = "tfe-test@tfe-test-wif.iam.gserviceaccount.com"`
			`}`

			`provider "google" {`
			`credentials = module.tfe_oidc.credentials`
			`}`

			`provider "google-beta" {`
			`credentials = module.tfe_oidc.credentials`
			`}`

			`# tftest skip`
			```
			`<!-- BEGIN TFDOC -->`

			`## Variables`

			`\| name \| description \| type \| required \| default \|`
			`\|---\|---\|:---:\|:---:\|:---:\|`
Sort variables and outputs 2022-11-19 03:38:37 -08:00			`\| [impersonate_service_account_email](variables.tf#L17) \| Service account to be impersonated by workload identity federation. \| <code>string</code> \| ✓ \| \|`
			`\| [tmp_oidc_token_path](variables.tf#L22) \| Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. \| <code>string</code> \| \| <code>".oidc_token"</code> \|`
feat: TFE OIDC with GCP WIF blueprint added. 2022-10-25 04:04:27 -07:00
			`## Outputs`

			`\| name \| description \| sensitive \|`
			`\|---\|---\|:---:\|`
Enforce nonempty descriptions ending in a colon 2022-11-24 09:56:01 -08:00			`\| [credentials](outputs.tf#L17) \| Credentials in format to pass the to gcp provider. \| \|`
feat: TFE OIDC with GCP WIF blueprint added. 2022-10-25 04:04:27 -07:00
			`<!-- END TFDOC -->`