add getAccessToken

SchmidtDSE · Dec 31, 2023 · 7ae0032 · 7ae0032
1 parent ad60173
commit 7ae0032
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 5 deletions.
diff --git a/main.tf b/main.tf
@@ -113,6 +113,12 @@ resource "google_project_iam_member" "cloudbuild_builder" {
   member   = "serviceAccount:${google_service_account.default.email}"
 }
 
+resource "google_project_iam_member" "SA_get_access_token" {
+  project  = "dse-nps"
+  role    = "roles/iam.serviceAccountUser"
+  member   = "serviceAccount:${google_service_account.default.email}"
+}
+
 resource "google_service_account_iam_binding" "workload_identity_user" {
   service_account_id = google_service_account.default.name
   role               = "roles/iam.workloadIdentityUser"

diff --git a/terraform.tfstate b/terraform.tfstate
@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "1.6.0",
-  "serial": 62,
+  "serial": 64,
   "lineage": "44075ebe-b91a-1e72-3b17-affdfb63c0f1",
   "outputs": {},
   "resources": [
@@ -313,6 +313,30 @@
         }
       ]
     },
+    {
+      "mode": "managed",
+      "type": "google_project_iam_member",
+      "name": "SA_getAccessToken",
+      "provider": "provider[\"registry.opentofu.org/hashicorp/google\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "condition": [],
+            "etag": "BwYNxR9UGJw=",
+            "id": "dse-nps/roles/iam.serviceAccountUser/serviceAccount:[email protected]",
+            "member": "serviceAccount:[email protected]",
+            "project": "dse-nps",
+            "role": "roles/iam.serviceAccountUser"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "google_service_account.default"
+          ]
+        }
+      ]
+    },
     {
       "mode": "managed",
       "type": "google_project_iam_member",

diff --git a/terraform.tfstate.backup b/terraform.tfstate.backup
@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "1.6.0",
-  "serial": 60,
+  "serial": 62,
   "lineage": "44075ebe-b91a-1e72-3b17-affdfb63c0f1",
   "outputs": {},
   "resources": [
@@ -294,9 +294,7 @@
             "name": "projects/113009620257/locations/global/workloadIdentityPools/github/providers/oidc-provider",
             "oidc": [
               {
-                "allowed_audiences": [
-                  "https://github.com/SchmidtDSE"
-                ],
+                "allowed_audiences": [],
                 "issuer_uri": "https://token.actions.githubusercontent.com",
                 "jwks_json": ""
               }