kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for Workload Identity to project module and project factory (#3531)

Browse Source 
* module-level support

* fast stage 0

* fix inventory, add outputs/tfvars

* wip

* project factory

* pf outputs

* iam templates will be added where ci/cd configs are managed

* fix merge conflicts
This commit is contained in:
Ludovico Magnocavallo
2025-11-17 08:31:21 +01:00
committed by GitHub
parent 87ed19bc47
commit 897c6ef8c3
29 changed files with 1487 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/organization/README.md
View File

@@ -797,6 +797,7 @@ module "org" {
| [service-agents.tf](./service-agents.tf) | Service agents supporting resources. | |
| [tags.tf](./tags.tf) | Manages GCP Secure Tags, keys, values, and IAM. | <code>google_tags_tag_binding</code> · <code>google_tags_tag_key</code> · <code>google_tags_tag_key_iam_binding</code> · <code>google_tags_tag_key_iam_member</code> · <code>google_tags_tag_value</code> · <code>google_tags_tag_value_iam_binding</code> · <code>google_tags_tag_value_iam_member</code> |
| [variables-iam.tf](./variables-iam.tf) | None | |
| [variables-identity-providers.tf](./variables-identity-providers.tf) | None | |
| [variables-logging.tf](./variables-logging.tf) | None | |
| [variables-pam.tf](./variables-pam.tf) | None | |
| [variables-scc.tf](./variables-scc.tf) | None | |
@@ -831,7 +832,7 @@ module "org" {
| [tag_bindings](variables-tags.tf#L82) | Tag bindings for this organization, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [tags](variables-tags.tf#L89) | Tags by key name. If `id` is provided, key or value creation is skipped. The `iam` attribute behaves like the similarly named one at module level. | <code title="map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string, &#34;Managed by the Terraform organization module.&#34;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; members &#61; list&#40;string&#41;&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; member &#61; string&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; id &#61; optional&#40;string&#41;&#10; values &#61; optional&#40;map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string, &#34;Managed by the Terraform organization module.&#34;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; members &#61; list&#40;string&#41;&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; member &#61; string&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [tags_config](variables-tags.tf#L154) | Fine-grained control on tag resource and IAM creation. | <code title="object&#40;&#123;&#10; force_context_ids &#61; optional&#40;bool, false&#41;&#10; ignore_iam &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [workforce_identity_config](variables.tf#L136) | Workforce Identity Federation pools. | <code title="object&#40;&#123;&#10; pool_name &#61; optional&#40;string, &#34;default&#34;&#41;&#10; providers &#61; optional&#40;map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string&#41;&#10; display_name &#61; optional&#40;string&#41;&#10; attribute_condition &#61; optional&#40;string&#41;&#10; attribute_mapping &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; attribute_mapping_template &#61; optional&#40;string&#41;&#10; disabled &#61; optional&#40;bool, false&#41;&#10; identity_provider &#61; object&#40;&#123;&#10; oidc &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; optional&#40;string&#41;&#10; jwks_json &#61; optional&#40;string&#41;&#10; web_sso_config &#61; optional&#40;object&#40;&#123;&#10; response_type &#61; optional&#40;string, &#34;CODE&#34;&#41;&#10; assertion_claims_behavior &#61; optional&#40;string, &#34;ONLY_ID_TOKEN_CLAIMS&#34;&#41;&#10; additional_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; saml &#61; optional&#40;object&#40;&#123;&#10; idp_metadata_xml &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; oauth2_client_config &#61; optional&#40;object&#40;&#123;&#10; extended_attributes &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; string&#10; attributes_type &#61; optional&#40;string&#41;&#10; query_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; extra_attributes &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; string&#10; attributes_type &#61; optional&#40;string&#41;&#10; query_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [workforce_identity_config](variables-identity-providers.tf#L17) | Workforce Identity Federation pool and providers. | <code title="object&#40;&#123;&#10; pool_name &#61; optional&#40;string, &#34;default&#34;&#41;&#10; providers &#61; optional&#40;map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string&#41;&#10; display_name &#61; optional&#40;string&#41;&#10; attribute_condition &#61; optional&#40;string&#41;&#10; attribute_mapping &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; attribute_mapping_template &#61; optional&#40;string&#41;&#10; disabled &#61; optional&#40;bool, false&#41;&#10; identity_provider &#61; object&#40;&#123;&#10; oidc &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; optional&#40;string&#41;&#10; jwks_json &#61; optional&#40;string&#41;&#10; web_sso_config &#61; optional&#40;object&#40;&#123;&#10; response_type &#61; optional&#40;string, &#34;CODE&#34;&#41;&#10; assertion_claims_behavior &#61; optional&#40;string, &#34;ONLY_ID_TOKEN_CLAIMS&#34;&#41;&#10; additional_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; saml &#61; optional&#40;object&#40;&#123;&#10; idp_metadata_xml &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; oauth2_client_config &#61; optional&#40;object&#40;&#123;&#10; extended_attributes &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; string&#10; attributes_type &#61; optional&#40;string&#41;&#10; query_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; extra_attributes &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; string&#10; attributes_type &#61; optional&#40;string&#41;&#10; query_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs