This module creates a service account and Workload Identity Provider (WIP) with the scope necessary to be used for creation of a GitHub Action.
Any other permissions will need to be added to the service account after the WIP is created.
The module outputs a wif_provider and wif_service_account to be used in the GitHub action. You will need to create a secret in the GitHub project with the same names and add the outputs.
| Name | Version |
|---|---|
| ~> 4.71 | |
| random | 3.4.3 |
| Name | Version |
|---|---|
| 6.3.0 | |
| random | 3.6.3 |
No modules.
| Name | Type |
|---|---|
| google_iam_workload_identity_pool.pool | resource |
| google_iam_workload_identity_pool_provider.oidc_provider | resource |
| google_project_iam_member.project | resource |
| google_service_account.service_account | resource |
| google_service_account_iam_member.workload_identity_pool_iam | resource |
| random_pet.service_account_random_name | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| iam_role_ids | List of Role ID's that will be added to the service account. | list(string) |
n/a | yes |
| project | The project the service account will be created in. | string |
n/a | yes |
| repository_name | The name of the repository. | string |
n/a | yes |
| repository_owner | The owner of the repository for claim validation. | string |
n/a | yes |
| Name | Description |
|---|---|
| wif_provider | The full provider path for the Workload Identity Pool. |
| wif_service_account | The email of the Google Cloud Service Account. |