This module creates a service account and Workload Identity Provider (WIP) with the scope necessary to be used for creation of a GitHub Action.
Any other permissions will need to be added to the service account after the WIP is created.
The module outputs a wif_provider
and wif_service_account
to be used in the GitHub action. You will need to create a secret in the GitHub project with the same names and add the outputs.
Name | Version |
---|---|
~> 4.71 | |
random | 3.4.3 |
Name | Version |
---|---|
6.3.0 | |
random | 3.6.3 |
No modules.
Name | Type |
---|---|
google_iam_workload_identity_pool.pool | resource |
google_iam_workload_identity_pool_provider.oidc_provider | resource |
google_project_iam_member.project | resource |
google_service_account.service_account | resource |
google_service_account_iam_member.workload_identity_pool_iam | resource |
random_pet.service_account_random_name | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
iam_role_ids | List of Role ID's that will be added to the service account. | list(string) |
n/a | yes |
project | The project the service account will be created in. | string |
n/a | yes |
repository_name | The name of the repository. | string |
n/a | yes |
repository_owner | The owner of the repository for claim validation. | string |
n/a | yes |
Name | Description |
---|---|
wif_provider | The full provider path for the Workload Identity Pool. |
wif_service_account | The email of the Google Cloud Service Account. |