Add support for Workload Identity to project module and project factory (#3531)
* module-level support * fast stage 0 * fix inventory, add outputs/tfvars * wip * project factory * pf outputs * iam templates will be added where ci/cd configs are managed * fix merge conflicts
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
87ed19bc47
commit
897c6ef8c3
@@ -750,6 +750,137 @@
|
||||
"type": "boolean"
|
||||
}
|
||||
}
|
||||
},
|
||||
"workload_identity_pools": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"patternProperties": {
|
||||
"^[a-z][a-z0-9-]+[a-z0-9]$": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"display_name": {
|
||||
"type": "string"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"providers": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"patternProperties": {
|
||||
"^[a-z][a-z0-9-]+[a-z0-9]$": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"display_name": {
|
||||
"type": "string"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"attribute_condition": {
|
||||
"type": "string"
|
||||
},
|
||||
"attribute_mapping": {
|
||||
"type": "object",
|
||||
"additionalProperties": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"identity_provider": {
|
||||
"type": "object",
|
||||
"oneOf": [
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"aws"
|
||||
],
|
||||
"properties": {
|
||||
"aws": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"account_id"
|
||||
],
|
||||
"properties": {
|
||||
"account_id": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"oidc"
|
||||
],
|
||||
"properties": {
|
||||
"oidc": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"allowed_audiences": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"issuer_uri": {
|
||||
"type": "string"
|
||||
},
|
||||
"jwks_json": {
|
||||
"type": "string"
|
||||
},
|
||||
"template": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"github",
|
||||
"gitlab",
|
||||
"okta",
|
||||
"terraform"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"saml"
|
||||
],
|
||||
"properties": {
|
||||
"saml": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"idp_metadata_xml"
|
||||
],
|
||||
"properties": {
|
||||
"idp_metadata_xml": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"$defs": {
|
||||
|
||||
@@ -218,6 +218,24 @@
|
||||
- **vpc_sc**: *object*
|
||||
- ⁺**perimeter_name**: *string*
|
||||
- **is_dry_run**: *boolean*
|
||||
- **workload_identity_pools**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **description**: *string*
|
||||
- **display_name**: *string*
|
||||
- **disabled**: *boolean*
|
||||
- **providers**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **description**: *string*
|
||||
- **display_name**: *string*
|
||||
- **disabled**: *boolean*
|
||||
- **attribute_condition**: *string*
|
||||
- **attribute_mapping**: *object*
|
||||
<br>*additional properties: string*
|
||||
- **identity_provider**: *object*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
@@ -74,7 +74,6 @@ locals {
|
||||
principal_branch = "principalSet://iam.googleapis.com/%s/attribute.terraform_workspace_id/%s"
|
||||
principal_repo = "principalSet://iam.googleapis.com/%s/attribute.terraform_project_id/%s"
|
||||
}
|
||||
|
||||
# https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/
|
||||
okta = {
|
||||
attribute_mapping = {
|
||||
@@ -85,7 +84,5 @@ locals {
|
||||
principal_repo = "principalSet://iam.googleapis.com/%s/attribute.repository/%s"
|
||||
principal_member = "principalSet://iam.googleapis.com/%s/*"
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -750,6 +750,137 @@
|
||||
"type": "boolean"
|
||||
}
|
||||
}
|
||||
},
|
||||
"workload_identity_pools": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"patternProperties": {
|
||||
"^[a-z][a-z0-9-]+[a-z0-9]$": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"display_name": {
|
||||
"type": "string"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"providers": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"patternProperties": {
|
||||
"^[a-z][a-z0-9-]+[a-z0-9]$": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"display_name": {
|
||||
"type": "string"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"attribute_condition": {
|
||||
"type": "string"
|
||||
},
|
||||
"attribute_mapping": {
|
||||
"type": "object",
|
||||
"additionalProperties": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"identity_provider": {
|
||||
"type": "object",
|
||||
"oneOf": [
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"aws"
|
||||
],
|
||||
"properties": {
|
||||
"aws": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"account_id"
|
||||
],
|
||||
"properties": {
|
||||
"account_id": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"oidc"
|
||||
],
|
||||
"properties": {
|
||||
"oidc": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"allowed_audiences": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"issuer_uri": {
|
||||
"type": "string"
|
||||
},
|
||||
"jwks_json": {
|
||||
"type": "string"
|
||||
},
|
||||
"template": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"github",
|
||||
"gitlab",
|
||||
"okta",
|
||||
"terraform"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"saml"
|
||||
],
|
||||
"properties": {
|
||||
"saml": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"idp_metadata_xml"
|
||||
],
|
||||
"properties": {
|
||||
"idp_metadata_xml": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"$defs": {
|
||||
|
||||
@@ -218,6 +218,24 @@
|
||||
- **vpc_sc**: *object*
|
||||
- ⁺**perimeter_name**: *string*
|
||||
- **is_dry_run**: *boolean*
|
||||
- **workload_identity_pools**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **description**: *string*
|
||||
- **display_name**: *string*
|
||||
- **disabled**: *boolean*
|
||||
- **providers**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **description**: *string*
|
||||
- **display_name**: *string*
|
||||
- **disabled**: *boolean*
|
||||
- **attribute_condition**: *string*
|
||||
- **attribute_mapping**: *object*
|
||||
<br>*additional properties: string*
|
||||
- **identity_provider**: *object*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
@@ -750,6 +750,137 @@
|
||||
"type": "boolean"
|
||||
}
|
||||
}
|
||||
},
|
||||
"workload_identity_pools": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"patternProperties": {
|
||||
"^[a-z][a-z0-9-]+[a-z0-9]$": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"display_name": {
|
||||
"type": "string"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"providers": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"patternProperties": {
|
||||
"^[a-z][a-z0-9-]+[a-z0-9]$": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"display_name": {
|
||||
"type": "string"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"attribute_condition": {
|
||||
"type": "string"
|
||||
},
|
||||
"attribute_mapping": {
|
||||
"type": "object",
|
||||
"additionalProperties": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"identity_provider": {
|
||||
"type": "object",
|
||||
"oneOf": [
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"aws"
|
||||
],
|
||||
"properties": {
|
||||
"aws": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"account_id"
|
||||
],
|
||||
"properties": {
|
||||
"account_id": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"oidc"
|
||||
],
|
||||
"properties": {
|
||||
"oidc": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"allowed_audiences": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"issuer_uri": {
|
||||
"type": "string"
|
||||
},
|
||||
"jwks_json": {
|
||||
"type": "string"
|
||||
},
|
||||
"template": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"github",
|
||||
"gitlab",
|
||||
"okta",
|
||||
"terraform"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"saml"
|
||||
],
|
||||
"properties": {
|
||||
"saml": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"idp_metadata_xml"
|
||||
],
|
||||
"properties": {
|
||||
"idp_metadata_xml": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"$defs": {
|
||||
|
||||
@@ -218,6 +218,24 @@
|
||||
- **vpc_sc**: *object*
|
||||
- ⁺**perimeter_name**: *string*
|
||||
- **is_dry_run**: *boolean*
|
||||
- **workload_identity_pools**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **description**: *string*
|
||||
- **display_name**: *string*
|
||||
- **disabled**: *boolean*
|
||||
- **providers**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **description**: *string*
|
||||
- **display_name**: *string*
|
||||
- **disabled**: *boolean*
|
||||
- **attribute_condition**: *string*
|
||||
- **attribute_mapping**: *object*
|
||||
<br>*additional properties: string*
|
||||
- **identity_provider**: *object*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
@@ -750,6 +750,137 @@
|
||||
"type": "boolean"
|
||||
}
|
||||
}
|
||||
},
|
||||
"workload_identity_pools": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"patternProperties": {
|
||||
"^[a-z][a-z0-9-]+[a-z0-9]$": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"display_name": {
|
||||
"type": "string"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"providers": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"patternProperties": {
|
||||
"^[a-z][a-z0-9-]+[a-z0-9]$": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"display_name": {
|
||||
"type": "string"
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"attribute_condition": {
|
||||
"type": "string"
|
||||
},
|
||||
"attribute_mapping": {
|
||||
"type": "object",
|
||||
"additionalProperties": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"identity_provider": {
|
||||
"type": "object",
|
||||
"oneOf": [
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"aws"
|
||||
],
|
||||
"properties": {
|
||||
"aws": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"account_id"
|
||||
],
|
||||
"properties": {
|
||||
"account_id": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"oidc"
|
||||
],
|
||||
"properties": {
|
||||
"oidc": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"allowed_audiences": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"issuer_uri": {
|
||||
"type": "string"
|
||||
},
|
||||
"jwks_json": {
|
||||
"type": "string"
|
||||
},
|
||||
"template": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"github",
|
||||
"gitlab",
|
||||
"okta",
|
||||
"terraform"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"saml"
|
||||
],
|
||||
"properties": {
|
||||
"saml": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [
|
||||
"idp_metadata_xml"
|
||||
],
|
||||
"properties": {
|
||||
"idp_metadata_xml": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"$defs": {
|
||||
|
||||
@@ -218,6 +218,24 @@
|
||||
- **vpc_sc**: *object*
|
||||
- ⁺**perimeter_name**: *string*
|
||||
- **is_dry_run**: *boolean*
|
||||
- **workload_identity_pools**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **description**: *string*
|
||||
- **display_name**: *string*
|
||||
- **disabled**: *boolean*
|
||||
- **providers**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **description**: *string*
|
||||
- **display_name**: *string*
|
||||
- **disabled**: *boolean*
|
||||
- **attribute_condition**: *string*
|
||||
- **attribute_mapping**: *object*
|
||||
<br>*additional properties: string*
|
||||
- **identity_provider**: *object*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
Reference in New Issue
Block a user