helmless/google-workload-identity-federation-terraform-module

A Terraform module to create and manage a Google Workload Identity Federation Pool in Google Cloud.

The pool allows Github Actions to authenticate with Google Cloud and to deploy to Google Cloud Run.

asdf tools

This repository has a .tools-versions file used by asdf to install the necessary tools. For this you need the following additional plugins:

asdf plugin add terraform-docs https://github.com/looztra/asdf-terraform-docs
asdf plugin add tflint https://github.com/skyzyx/asdf-tflint
asdf install

`/repository` Sub-Module

You can use the /repository sub-module to create a principal set for a specific repository. This is useful if you want to grant access to a specific repository.

See the repository/ README for more information.

Usage

module "github_federation" {
  source              = "github.com/helmless/google-workload-identity-federation-terraform-module?ref=v0.1.0"
  github_organization = "helmless"
}

Required Inputs

The following input variables are required:

github_organization

Description: The GitHub organization to bind to the workload identity pool and provider

Type: string

Optional Inputs

The following input variables are optional (have default values):

id

Description: The id of the workload identity pool and provider

Type: string

Default: "github"

Outputs

The following outputs are exported:

organization_principal_set_id

Description: The principal set id for the GitHub organization to be used in IAM policies and bindings. Warning: this will grant all repositories in your Github organization the IAM role you bind this to. Use the repository_principal_set_id for more granular control.

Requirements

The following requirements are needed by this module:

terraform (>= 1.9.6, < 2)
google (>= 5.0)

Providers

The following providers are used by this module:

google (6.12.0)

Modules

No modules.

Resources

The following resources are used by this module:

google_iam_workload_identity_pool.github (resource)
google_iam_workload_identity_pool_provider.github (resource)

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
.github/workflows		.github/workflows
.idea		.idea
example		example
repository		repository
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.release-please-manifest.json		.release-please-manifest.json
.terraform-docs.yml		.terraform-docs.yml
.terraform.lock.hcl		.terraform.lock.hcl
.tflint.hcl		.tflint.hcl
.tool-versions		.tool-versions
.yamllint.yaml		.yamllint.yaml
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
README.md		README.md
main.tf		main.tf
outputs.tf		outputs.tf
release-please-config.json		release-please-config.json
unit.tftest.hcl		unit.tftest.hcl
variables.tf		variables.tf
versions.tf		versions.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

Repository files navigation

helmless/google-workload-identity-federation-terraform-module

asdf tools

`/repository` Sub-Module

Usage

Required Inputs

github_organization

Optional Inputs

id

Outputs

organization_principal_set_id

pool_name

provider_name

repository_principal_set_id_prefix

Requirements

Providers

Modules

Resources

About

Uh oh!

Releases 2

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

Uh oh!

License

Uh oh!

helmless/google-workload-identity-federation-terraform-module

Folders and files

Latest commit

History

Repository files navigation

helmless/google-workload-identity-federation-terraform-module

asdf tools

/repository Sub-Module

Usage

Required Inputs

Optional Inputs

Outputs

Requirements

Providers

Modules

Resources

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Uh oh!

Uh oh!

Languages

`/repository` Sub-Module