-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
116 lines (92 loc) · 2.37 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
variable "project_id" {
type = string
description = "id for gcp project"
default = ""
}
variable "pool_id_suffix" {
type = string
description = "mention your identity pool suffix"
default = "mypool"
}
variable "sa_id_suffix" {
type = string
description = "mention your service account suffix"
default = "mysa"
}
variable "display_name_pool" {
type = string
description = "display name for pool"
default = "test pool"
}
variable "description_for_pool" {
type = string
description = "description for pool"
default = "This pool is created for WIDF authentication"
}
variable "pool_status" {
type = bool
description = "true or false to enable/disable pool"
default = true
}
variable "provider_id" {
type = string
description = "id for workload identity provider"
default = "my-provider"
}
variable "provider_status" {
type = bool
description = "true or false to enable/disable provider"
default = true
}
variable "display_name_provider" {
type = string
description = "display name for provider"
default = "display-name-provider"
}
variable "attribute_condition" {
type = string
description = "attribute condition CEL expression to allow access"
default = ""
}
variable "description_for_provider" {
type = string
description = "description for provider"
default = "Provider added in identity pool"
}
variable "attribute_mapping" {
type = map(string)
default = {
"google.subject" = "assertion.sub"
}
description = "Attribute mapping for the workload identity provider"
}
variable "oidc_issuer_uri" {
type = string
default = "https://gitlab.com"
description = "OIDC issuer URI for the workload identity provider"
}
variable "display_name_sa" {
type = string
description = "display name for service account"
default = "my-sa"
}
variable "wid_role" {
type = string
description = " WID user role for service account"
default = "roles/iam.workloadIdentityUser"
}
variable "member" {
type = string
description = "dentities that will be granted the privilege in role"
default = "principalSet://iam.googleapis.com/"
}
variable "member_sa" {
type = string
description = "dentities that will be granted the privilege in role"
default = "serviceAccount:"
}
variable "impersonated-sa" {
type = string
description = "service account that terraform will use to create identity pool"
default = ""
}