Skip to content

service_account_federated_identity_provider.md

Latest commit

 

History

History
129 lines (106 loc) · 4.12 KB

service_account_federated_identity_provider.md

File metadata and controls

129 lines (106 loc) · 4.12 KB
page_title stackit_service_account_federated_identity_provider Resource - stackit
subcategory
description Service account federated identity provider schema. Example Usage Create a federated identity provider resource "stackit_service_account" "sa" { project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" name = "my-service-account" } resource "stackit_service_account_federated_identity_provider" "provider" { project_id = stackit_service_account.sa.project_id service_account_email = stackit_service_account.sa.email name = "my-provider" issuer = "https://auth.example.com" assertions = [ { item = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose operator = "equals" value = "sts.accounts.stackit.cloud" }, { item = "email" operator = "equals" value = "terraform@example.com" } ] }

stackit_service_account_federated_identity_provider (Resource)

Service account federated identity provider schema.

Example Usage

Create a federated identity provider

resource "stackit_service_account" "sa" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name       = "my-service-account"
}

resource "stackit_service_account_federated_identity_provider" "provider" {
  project_id            = stackit_service_account.sa.project_id
  service_account_email = stackit_service_account.sa.email
  name                  = "my-provider"
  issuer                = "https://auth.example.com"

  assertions = [
    {
      item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
      operator = "equals"
      value    = "sts.accounts.stackit.cloud"
    },
    {
      item     = "email"
      operator = "equals"
      value    = "terraform@example.com"
    }
  ]
}

Example Usage

resource "stackit_service_account" "sa" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name       = "my-service-account"
}

resource "stackit_service_account_federated_identity_provider" "provider" {
  project_id            = stackit_service_account.sa.project_id
  service_account_email = stackit_service_account.sa.email
  name                  = "gh-actions"
  issuer                = "https://token.actions.githubusercontent.com"

  assertions = [
    {
      item     = "aud"
      operator = "equals"
      value    = "sts.accounts.stackit.cloud"
    },
    {
      item     = "sub"
      operator = "equals"
      value    = "repo:stackitcloud/terraform-provider-stackit:ref:refs/heads/main"
    }
  ]
}

# Only use the import statement, if you want to import an existing federated identity provider
import {
  to = stackit_service_account_federated_identity_provider.import-example
  id = "${var.project_id},${var.service_account_email},${var.federation_id}"
}

Schema

Required

  • assertions (Attributes List) The assertions for the federated identity provider. (see below for nested schema)
  • issuer (String) The issuer URL.
  • name (String) The name of the federated identity provider.
  • project_id (String) The STACKIT project ID associated with the service account.
  • service_account_email (String) The email address associated with the service account, used for account identification and communication.

Read-Only

  • federation_id (String) The unique identifier for the federated identity provider associated with the service account.
  • id (String) Terraform's internal resource identifier. It is structured as "project_id,service_account_email,federation_id".

Nested Schema for assertions

Required:

  • item (String) The assertion claim. At least one assertion with the claim "aud" is required for security reasons.
  • operator (String) The assertion operator. Currently, the only supported operator is "equals".
  • value (String) The assertion value.