2.5 KiB
2.5 KiB
GCP Workload Identity Provider for Terraform Cloud Dynamic Credentials
This terraform code is a part of GCP Workload Identity Federation for Terraform Cloud blueprint.
The codebase provisions the following list of resources:
- (optional) GCP Project
- IAM Service Account
- Workload Identity Pool
- Workload Identity Provider
- IAM Permissins
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| billing_account | Billing account id used as default for new projects. | string |
✓ | |
| project_id | Existing project id. | string |
✓ | |
| tfc_organization_id | TFC organization id. | string |
✓ | |
| tfc_workspace_id | TFC workspace id. | string |
✓ | |
| issuer_uri | Terraform Cloud/Enterprise uri. Replace the uri if a self hosted instance is used. | string |
"https://app.terraform.io/" |
|
| parent | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string |
null |
|
| project_create | Create project instead of using an existing one. | bool |
true |
|
| workload_identity_pool_id | Workload identity pool id. | string |
"tfc-pool" |
|
| workload_identity_pool_provider_id | Workload identity pool provider id. | string |
"tfc-provider" |
Outputs
| name | description | sensitive |
|---|---|---|
| project_id | GCP Project ID. | |
| tfc_workspace_wariables | Variables to be set on the TFC workspace. |
Test
module "test" {
source = "./fabric/blueprints/cloud-operations/terraform-cloud-dynamic-credentials/gcp-workload-identity-provider"
billing_account = "1234-ABCD-1234"
project_create = true
project_id = "project-1"
parent = "folders/12345"
tfc_organization_id = "org-123"
tfc_workspace_id = "ws-123"
workload_identity_pool_id = "tfe-pool"
workload_identity_pool_provider_id = "tf-provider"
issuer_uri = "https://app.terraform.io/"
}
# tftest modules=3 resources=12