Fix Gitlab WIF attributes (#671)
This commit is contained in:
parent
75abd80d9f
commit
bb3f55fe9e
|
@ -349,7 +349,7 @@ The variable maps each provider's `issuer` attribute with the definitions in the
|
|||
|
||||
Provider key names are used by the `cicd_repositories` variable to configure authentication for CI/CD repositories, and generally from your Terraform code whenever you need to configure IAM access or impersonation for federated identities.
|
||||
|
||||
This is a sample configuration of a GitHub provider, the `attribute_condition` attribute can be set to null if needed:
|
||||
This is a sample configuration of a GitHub and a Gitlab provider, `attribute_condition` attribute can use any of the mapped attribute for the provider (refer to the `identity-providers.tf` file for the full list) or set to `null` if needed:
|
||||
|
||||
```hcl
|
||||
federated_identity_providers = {
|
||||
|
@ -357,6 +357,10 @@ federated_identity_providers = {
|
|||
attribute_condition = "attribute.repository_owner==\"my-github-org\""
|
||||
issuer = "github"
|
||||
}
|
||||
gitlab-sample = {
|
||||
attribute_condition = "attribute.namespace_path==\"my-gitlab-org\""
|
||||
issuer = "gitlab"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
@ -38,11 +38,20 @@ locals {
|
|||
# https://docs.gitlab.com/ee/ci/cloud_services/index.html#how-it-works
|
||||
gitlab = {
|
||||
attribute_mapping = {
|
||||
"google.subject" = "assertion.sub"
|
||||
"attribute.sub" = "assertion.sub"
|
||||
"attribute.actor" = "assertion.actor"
|
||||
"attribute.repository" = "assertion.project_path"
|
||||
"attribute.ref" = "assertion.ref"
|
||||
"google.subject" = "assertion.sub"
|
||||
"attribute.sub" = "assertion.sub"
|
||||
"attribute.environment" = "assertion.environment"
|
||||
"attribute.environment_protected" = "assertion.environment_protected"
|
||||
"attribute.namespace_id" = "assertion.namespace_id"
|
||||
"attribute.namespace_path" = "assertion.namespace_path"
|
||||
"attribute.pipeline_id" = "assertion.pipeline_id"
|
||||
"attribute.pipeline_source" = "assertion.pipeline_source"
|
||||
"attribute.project_id" = "assertion.project_id"
|
||||
"attribute.project_path" = "assertion.project_path"
|
||||
"attribute.repository" = "assertion.project_path"
|
||||
"attribute.ref" = "assertion.ref"
|
||||
"attribute.ref_protected" = "assertion.ref_protected"
|
||||
"attribute.ref_type" = "assertion.ref_type"
|
||||
}
|
||||
allowed_audiences = ["https://gitlab.com"]
|
||||
issuer_uri = "https://gitlab.com"
|
||||
|
|
Loading…
Reference in New Issue