Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/helmless/google-workload-identity-federation-terraform-module

A Terraform module to quickly setup a workload identity federation pool that allows your Github Actions to deploy resources in GCP.
https://github.com/helmless/google-workload-identity-federation-terraform-module

google terraform-module

Last synced: 3 months ago
JSON representation

A Terraform module to quickly setup a workload identity federation pool that allows your Github Actions to deploy resources in GCP.

Awesome Lists containing this project

README 

          
# helmless/google-workload-identity-federation-terraform-module



A [Terraform][terraform] module to create and manage a

Google Workload Identity Federation Pool in [Google Cloud][goolge-cloud].



The pool allows Github Actions to authenticate with Google Cloud and to deploy to Google Cloud Run.



[goolge-cloud]: https://cloud.google.com

[terraform]: https://www.terraform.io



# asdf tools



This repository has a _.tools-versions_ file used by [asdf](https://asdf-vm.com/) to install the necessary tools. For this you need the following additional plugins:



```

asdf plugin add terraform-docs https://github.com/looztra/asdf-terraform-docs

asdf plugin add tflint https://github.com/skyzyx/asdf-tflint

asdf install

```



## `/repository` Sub-Module



You can use the `/repository` sub-module to create a principal set for a specific repository. This is useful if you want to grant access to a specific repository.



See the [`repository/` README](./repository/README.md) for more information.



## Usage



```hcl

module "github_federation" {

  source              = "github.com/helmless/google-workload-identity-federation-terraform-module?ref=v0.1.0"

  github_organization = "helmless"

}

```



## Required Inputs



The following input variables are required:



###  [github\_organization](#input\_github\_organization)



Description: The GitHub organization to bind to the workload identity pool and provider



Type: `string`



## Optional Inputs



The following input variables are optional (have default values):



###  [id](#input\_id)



Description: The id of the workload identity pool and provider



Type: `string`



Default: `"github"`



## Outputs



The following outputs are exported:



###  [organization\_principal\_set\_id](#output\_organization\_principal\_set\_id)



Description: The principal set id for the GitHub organization to be used in IAM policies and bindings. Warning: this will grant all repositories in your Github organization the IAM role you bind this to. Use the repository\_principal\_set\_id for more granular control.



###  [pool\_name](#output\_pool\_name)



Description: The name of the workload identity pool. Example: projects/1234567890/locations/global/workloadIdentityPools/github



###  [provider\_name](#output\_provider\_name)



Description: The name of the workload identity provider.



###  [repository\_principal\_set\_id\_prefix](#output\_repository\_principal\_set\_id\_prefix)



Description: The principal set id for the GitHub repository to be used in IAM policies and bindings. You must append the repository name to this id to use it.



## Requirements



The following requirements are needed by this module:



-  [terraform](#requirement\_terraform) (>= 1.9.6, < 2)



-  [google](#requirement\_google) (>= 5.0)



## Providers



The following providers are used by this module:



-  [google](#provider\_google) (6.12.0)



## Modules



No modules.



## Resources



The following resources are used by this module:



- [google_iam_workload_identity_pool.github](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool) (resource)

- [google_iam_workload_identity_pool_provider.github](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool_provider) (resource)