zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc
History
Julio Castillo 612d7283e8 Enforce nonempty descriptions ending in a colon 2022-11-24 18:56:01 +01:00
..
README.md Enforce nonempty descriptions ending in a colon 2022-11-24 18:56:01 +01:00
main.tf
outputs.tf Enforce nonempty descriptions ending in a colon 2022-11-24 18:56:01 +01:00
variables.tf Sort variables and outputs 2022-11-21 13:17:55 +01:00
versions.tf
write_token.sh

README.md

Terraform Enterprise OIDC Credential for GCP Workload Identity Federation

This is a helper module to prepare GCP Credentials from Terraform Enterprise workload identity token. For more information see Terraform Enterprise Workload Identity Federation blueprint.

Example

module "tfe_oidc" {
  source = "./tfe_oidc"

  workload_identity_pool_provider_id = "projects/683987109094/locations/global/workloadIdentityPools/tfe-pool/providers/tfe-provider"
  impersonate_service_account_email  = "tfe-test@tfe-test-wif.iam.gserviceaccount.com"
}

provider "google" {
  credentials = module.tfe_oidc.credentials
}

provider "google-beta" {
  credentials = module.tfe_oidc.credentials
}

# tftest skip

Variables

name description type required default
impersonate_service_account_email Service account to be impersonated by workload identity federation. string
workload_identity_pool_provider_id GCP workload identity pool provider ID. string
tmp_oidc_token_path Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. string ".oidc_token"

Outputs

name description sensitive
credentials Credentials in format to pass the to gcp provider.