diff --git a/fast/stages/0-bootstrap/identity-providers-defs.tf b/fast/stages/0-bootstrap/identity-providers-defs.tf index d76b4e31c..51244170d 100644 --- a/fast/stages/0-bootstrap/identity-providers-defs.tf +++ b/fast/stages/0-bootstrap/identity-providers-defs.tf @@ -70,15 +70,21 @@ locals { # https://developer.hashicorp.com/terraform/cloud-docs/workspaces/dynamic-provider-credentials/workload-identity-tokens#token-structure terraform = { attribute_mapping = { - "attribute.tfc_organization_id" = "assertion.terraform_organization_id" - "attribute.tfc_project_id" = "assertion.terraform_project_id" - "attribute.tfc_project_name" = "assertion.terraform_project_name" - "google.subject" = "assertion.terraform_workspace_id" - "attribute.tfc_workspace_name" = "assertion.terraform_workspace_name" + "google.subject" = "assertion.terraform_workspace_id" + "attribute.aud" = "assertion.aud" + "attribute.terraform_run_phase" = "assertion.terraform_run_phase" + "attribute.terraform_project_id" = "assertion.terraform_project_id" + "attribute.terraform_project_name" = "assertion.terraform_project_name" + "attribute.terraform_workspace_id" = "assertion.terraform_workspace_id" + "attribute.terraform_workspace_name" = "assertion.terraform_workspace_name" + "attribute.terraform_organization_id" = "assertion.terraform_organization_id" + "attribute.terraform_organization_name" = "assertion.terraform_organization_name" + "attribute.terraform_run_id" = "assertion.terraform_run_id" + "attribute.terraform_full_workspace" = "assertion.terraform_full_workspace" } issuer_uri = "https://app.terraform.io" - principal_branch = "principalSet://iam.googleapis.com/%s/attribute.tfc_workspace_name/%s" - principal_repo = "principalSet://iam.googleapis.com/%s/attribute.repository/%s" + principal_branch = null + principal_repo = "principalSet://iam.googleapis.com/%s/attribute.tfc_workspace_name/%s" } } }