From c2780fa7b08a0339e6c4cedf60bab03421032d48 Mon Sep 17 00:00:00 2001
From: Liam Nesteroff <35284740+lnesteroff@users.noreply.github.com>
Date: Thu, 3 Oct 2024 23:41:31 +1000
Subject: [PATCH] fixed tfe wif definition variables (#2604)

* fixed tfe wif definition variables

* Added additional attributes for tfe

* kept workspaceid for google.subject as per gcp docs
---
 .../0-bootstrap/identity-providers-defs.tf    | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/fast/stages/0-bootstrap/identity-providers-defs.tf b/fast/stages/0-bootstrap/identity-providers-defs.tf
index d76b4e31c..51244170d 100644
--- a/fast/stages/0-bootstrap/identity-providers-defs.tf
+++ b/fast/stages/0-bootstrap/identity-providers-defs.tf
@@ -70,15 +70,21 @@ locals {
     # https://developer.hashicorp.com/terraform/cloud-docs/workspaces/dynamic-provider-credentials/workload-identity-tokens#token-structure
     terraform = {
       attribute_mapping = {
-        "attribute.tfc_organization_id" = "assertion.terraform_organization_id"
-        "attribute.tfc_project_id"      = "assertion.terraform_project_id"
-        "attribute.tfc_project_name"    = "assertion.terraform_project_name"
-        "google.subject"                = "assertion.terraform_workspace_id"
-        "attribute.tfc_workspace_name"  = "assertion.terraform_workspace_name"
+        "google.subject"                        = "assertion.terraform_workspace_id"
+        "attribute.aud"                         = "assertion.aud"
+        "attribute.terraform_run_phase"         = "assertion.terraform_run_phase"
+        "attribute.terraform_project_id"        = "assertion.terraform_project_id"
+        "attribute.terraform_project_name"      = "assertion.terraform_project_name"
+        "attribute.terraform_workspace_id"      = "assertion.terraform_workspace_id"
+        "attribute.terraform_workspace_name"    = "assertion.terraform_workspace_name"
+        "attribute.terraform_organization_id"   = "assertion.terraform_organization_id"
+        "attribute.terraform_organization_name" = "assertion.terraform_organization_name"
+        "attribute.terraform_run_id"            = "assertion.terraform_run_id"
+        "attribute.terraform_full_workspace"    = "assertion.terraform_full_workspace"
       }
       issuer_uri       = "https://app.terraform.io"
-      principal_branch = "principalSet://iam.googleapis.com/%s/attribute.tfc_workspace_name/%s"
-      principal_repo   = "principalSet://iam.googleapis.com/%s/attribute.repository/%s"
+      principal_branch = null
+      principal_repo   = "principalSet://iam.googleapis.com/%s/attribute.tfc_workspace_name/%s"
     }
   }
 }