diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..fd29452
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,16 @@
+# EditorConfig is awesome: http://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+
+end_of_line = lf
+
+indent_size = 2
+indent_style = space
+
+insert_final_newline = true
+trim_trailing_whitespace = true
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..81f7f80
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,9 @@
+# This is a comment.
+# Each line is a file pattern followed by one or more owners.
+#
+# https://help.github.com/en/articles/about-code-owners#example-of-a-codeowners-file
+
+# These owners will be the default owners for everything in the repo.
+# Unless a later match takes precedence, @strebitz will be requested for
+# review when someone opens a pull request.
+* @strebitz
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3f3aa8c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,37 @@
+# Created by https://www.toptal.com/developers/gitignore/api/terraform
+# Edit at https://www.toptal.com/developers/gitignore?templates=terraform
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# End of https://www.toptal.com/developers/gitignore/api/terraform
+
+# Terraform dependecy lock file should not be part of the module
+.terraform.lock.hcl
diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..73f69e0
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
+# Editor-based HTTP Client requests
+/httpRequests/
diff --git a/.idea/.name b/.idea/.name
new file mode 100644
index 0000000..6c90968
--- /dev/null
+++ b/.idea/.name
@@ -0,0 +1 @@
+Terraform module Google TFE workspace SA
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..7be0030
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..872239a
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
diff --git a/.idea/terraform-google-tfe-workspace-sa.iml b/.idea/terraform-google-tfe-workspace-sa.iml
new file mode 100644
index 0000000..bdf896d
--- /dev/null
+++ b/.idea/terraform-google-tfe-workspace-sa.iml
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..dcb6b8c
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/.license_header.txt b/.license_header.txt
new file mode 100644
index 0000000..5d9de45
--- /dev/null
+++ b/.license_header.txt
@@ -0,0 +1,13 @@
+Copyright 2022 NephoSolutions srl, Sebastian Trebitz
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..3c8629b
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,38 @@
+# Copyright 2022 NephoSolutions srl, Sebastian Trebitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.3.0
+ hooks:
+ - id: end-of-file-fixer
+ - id: trailing-whitespace
+ - id: check-case-conflict
+ - id: check-merge-conflict
+- repo: https://github.com/Lucas-C/pre-commit-hooks
+ rev: v1.3.0
+ hooks:
+ - id: insert-license
+ files: .*\.(rb|tf.*|y[a]?ml)$
+ args:
+ - --license-filepath
+ - .license_header.txt
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.74.1
+ hooks:
+ - id: terraform_fmt
+ - id: terraform_docs
+ - id: terraform_validate
+ - id: terraform_tflint
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..a53794e
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,12 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [Unreleased]
+
+## [1.0.0] - 2022-06-30
+
+Initial release
+
+[Unreleased]: https://github.com/nephosolutions/terraform-module-template/compare/v1.0.0...HEAD
+[1.0.0]: https://github.com/nephosolutions/terraform-module-template/releases/tag/v1.0.0
diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..ef46db0
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,193 @@
+# Apache License
+
+_Version 2.0, January 2004_
+_<>_
+
+## Terms and Conditions for use, reproduction, and distribution
+
+### 1. Definitions
+
+“License” shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+“Licensor” shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+“Legal Entity” shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, “control” means **(i)** the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or **(ii)** ownership of fifty percent (50%) or more of the
+outstanding shares, or **(iii)** beneficial ownership of such entity.
+
+“You” (or “Your”) shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+“Source” form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+“Object” form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+“Work” shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work (an example is provided in the Appendix below).
+
+“Derivative Works” shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+“Contribution” shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work
+by the copyright owner or by an individual or Legal Entity authorized to submit
+on behalf of the copyright owner. For the purposes of this definition,
+“submitted” means any form of electronic, verbal, or written communication sent
+to the Licensor or its representatives, including but not limited to
+communication on electronic mailing lists, source code control systems, and
+issue tracking systems that are managed by, or on behalf of, the Licensor for
+the purpose of discussing and improving the Work, but excluding communication
+that is conspicuously marked or otherwise designated in writing by the copyright
+owner as “Not a Contribution.”
+
+“Contributor” shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+### 2. Grant of Copyright License
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable copyright license to reproduce, prepare Derivative Works of,
+publicly display, publicly perform, sublicense, and distribute the Work and such
+Derivative Works in Source or Object form.
+
+### 3. Grant of Patent License
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable (except as stated in this section) patent license to make, have
+made, use, offer to sell, sell, import, and otherwise transfer the Work, where
+such license applies only to those patent claims licensable by such Contributor
+that are necessarily infringed by their Contribution(s) alone or by combination
+of their Contribution(s) with the Work to which such Contribution(s) was
+submitted. If You institute patent litigation against any entity (including a
+cross-claim or counterclaim in a lawsuit) alleging that the Work or a
+Contribution incorporated within the Work constitutes direct or contributory
+patent infringement, then any patent licenses granted to You under this License
+for that Work shall terminate as of the date such litigation is filed.
+
+### 4. Redistribution
+
+You may reproduce and distribute copies of the Work or Derivative Works thereof
+in any medium, with or without modifications, and in Source or Object form,
+provided that You meet the following conditions:
+
+* **(a)** You must give any other recipients of the Work or Derivative Works a copy of
+this License; and
+* **(b)** You must cause any modified files to carry prominent notices stating that You
+changed the files; and
+* **(c)** You must retain, in the Source form of any Derivative Works that You distribute,
+all copyright, patent, trademark, and attribution notices from the Source form
+of the Work, excluding those notices that do not pertain to any part of the
+Derivative Works; and
+* **(d)** If the Work includes a “NOTICE” text file as part of its distribution, then any
+Derivative Works that You distribute must include a readable copy of the
+attribution notices contained within such NOTICE file, excluding those notices
+that do not pertain to any part of the Derivative Works, in at least one of the
+following places: within a NOTICE text file distributed as part of the
+Derivative Works; within the Source form or documentation, if provided along
+with the Derivative Works; or, within a display generated by the Derivative
+Works, if and wherever such third-party notices normally appear. The contents of
+the NOTICE file are for informational purposes only and do not modify the
+License. You may add Your own attribution notices within Derivative Works that
+You distribute, alongside or as an addendum to the NOTICE text from the Work,
+provided that such additional attribution notices cannot be construed as
+modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+### 5. Submission of Contributions
+
+Unless You explicitly state otherwise, any Contribution intentionally submitted
+for inclusion in the Work by You to the Licensor shall be under the terms and
+conditions of this License, without any additional terms or conditions.
+Notwithstanding the above, nothing herein shall supersede or modify the terms of
+any separate license agreement you may have executed with Licensor regarding
+such Contributions.
+
+### 6. Trademarks
+
+This License does not grant permission to use the trade names, trademarks,
+service marks, or product names of the Licensor, except as required for
+reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+### 7. Disclaimer of Warranty
+
+Unless required by applicable law or agreed to in writing, Licensor provides the
+Work (and each Contributor provides its Contributions) on an “AS IS” BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
+including, without limitation, any warranties or conditions of TITLE,
+NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
+solely responsible for determining the appropriateness of using or
+redistributing the Work and assume any risks associated with Your exercise of
+permissions under this License.
+
+### 8. Limitation of Liability
+
+In no event and under no legal theory, whether in tort (including negligence),
+contract, or otherwise, unless required by applicable law (such as deliberate
+and grossly negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special, incidental,
+or consequential damages of any character arising as a result of this License or
+out of the use or inability to use the Work (including but not limited to
+damages for loss of goodwill, work stoppage, computer failure or malfunction, or
+any and all other commercial damages or losses), even if such Contributor has
+been advised of the possibility of such damages.
+
+### 9. Accepting Warranty or Additional Liability
+
+While redistributing the Work or Derivative Works thereof, You may choose to
+offer, and charge a fee for, acceptance of support, warranty, indemnity, or
+other liability obligations and/or rights consistent with this License. However,
+in accepting such obligations, You may act only on Your own behalf and on Your
+sole responsibility, not on behalf of any other Contributor, and only if You
+agree to indemnify, defend, and hold each Contributor harmless for any liability
+incurred by, or claims asserted against, such Contributor by reason of your
+accepting any such warranty or additional liability.
+
+#### _END OF TERMS AND CONDITIONS_
+
+## APPENDIX: How to apply the Apache License to your work
+
+To apply the Apache License to your work, attach the following boilerplate
+notice, with the fields enclosed by brackets `[]` replaced with your own
+identifying information. (Don't include the brackets!) The text should be
+enclosed in the appropriate comment syntax for the file format. We also
+recommend that a file or class name and description of purpose be included on
+the same “printed page” as the copyright notice for easier identification within
+third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a3cc0f4
--- /dev/null
+++ b/README.md
@@ -0,0 +1,64 @@
+# Google service accounts for Terraform Cloud workspaces
+
+This Terraform module provisions a set of two Google service accounts for Terraform Cloud workspaces.
+
+A Terraform Workspace service account is used to authenticate the Terraform Cloud workspace to the Google APIs.
+The Google service account key for that account is rotated every 30 days.
+
+The workspace service account has only permissions granted which allows it to impersonate its corresponding runner.
+
+A Terrafrom Runner service account is foreseen to get the necessary permissions on the Google Cloud project resources
+granted. This service account does not have a service account key and must be impersonated.
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 0.13 |
+| [google](#requirement\_google) | >= 3.52 |
+| [random](#requirement\_random) | >= 2.0 |
+| [time](#requirement\_time) | >= 0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [google](#provider\_google) | 4.30.0 |
+| [random](#provider\_random) | 3.3.2 |
+| [time](#provider\_time) | 0.7.2 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_service_account.tfe_runner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource |
+| [google_service_account.tfe_workspace](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource |
+| [google_service_account_iam_binding.tfe_runner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_iam_binding) | resource |
+| [google_service_account_iam_binding.tfe_workspace](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_iam_binding) | resource |
+| [google_service_account_key.tfe_workspace](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource |
+| [random_id.google_service_account](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [time_rotating.google_service_account_key](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/rotating) | resource |
+| [google_project.project](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [google\_project\_id](#input\_google\_project\_id) | The Google Cloud Platform project ID | `string` | n/a | yes |
+| [tfe\_workspace\_id](#input\_tfe\_workspace\_id) | The Terraform Cloud workspace ID. | `string` | n/a | yes |
+| [tfe\_workspace\_sa\_key\_admins](#input\_tfe\_workspace\_sa\_key\_admins) | List of Terraform workspace service account key admins. | `list(string)` | n/a | yes |
+| [tfe\_workspace\_sa\_key\_rotation\_days](#input\_tfe\_workspace\_sa\_key\_rotation\_days) | Interval in days to rotate the workspace service account key. | `number` | `30` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [tfe\_runner\_sa](#output\_tfe\_runner\_sa) | The Google Cloud service account for the TFE runner. |
+| [tfe\_workspace\_sa](#output\_tfe\_workspace\_sa) | The Google Cloud service account for the TFE workspace. |
+| [tfe\_workspace\_sa\_key](#output\_tfe\_workspace\_sa\_key) | The Google Cloud credentials for the TFE workspace service account in JSON format, base64 encoded. |
+
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..2305017
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,86 @@
+# Copyright 2022 NephoSolutions srl, Sebastian Trebitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+data "google_project" "project" {
+ project_id = var.google_project_id
+}
+
+resource "google_service_account" "tfe_runner" {
+ account_id = random_id.google_service_account["tfe_runner"].hex
+ description = "Manages service accounts and IAM permissions."
+ display_name = "Terraform Cloud management service account"
+ project = data.google_project.project.project_id
+}
+
+resource "google_service_account" "tfe_workspace" {
+ account_id = random_id.google_service_account["tfe_workspace"].hex
+ description = "Impersonates service accounts but has no permission on any other resource."
+ display_name = "Terraform Cloud authentication service account"
+ project = data.google_project.project.project_id
+}
+
+resource "google_service_account_iam_binding" "tfe_runner" {
+ for_each = toset([
+ /* Impersonate service accounts (create OAuth2 access tokens, sign blobs or JWTs, etc). */
+ "roles/iam.serviceAccountTokenCreator",
+
+ /* Run operations as the service account. */
+ "roles/iam.serviceAccountUser",
+ ])
+
+ service_account_id = google_service_account.tfe_runner.name
+ role = each.value
+
+ members = [
+ "serviceAccount:${google_service_account.tfe_workspace.email}",
+ ]
+}
+
+/* Create and manage (and rotate) service account keys. */
+resource "google_service_account_iam_binding" "tfe_workspace" {
+ service_account_id = google_service_account.tfe_workspace.name
+ role = "roles/iam.serviceAccountKeyAdmin"
+
+ members = var.tfe_workspace_sa_key_admins
+}
+
+resource "google_service_account_key" "tfe_workspace" {
+ service_account_id = google_service_account_iam_binding.tfe_workspace.service_account_id
+
+ keepers = {
+ rotation_time = time_rotating.google_service_account_key.rotation_rfc3339
+ }
+
+ lifecycle {
+ create_before_destroy = true
+ }
+}
+
+resource "random_id" "google_service_account" {
+ for_each = toset([
+ "tfe_runner",
+ "tfe_workspace",
+ ])
+
+ byte_length = 4
+ prefix = "${lower(var.tfe_workspace_id)}-"
+}
+
+resource "time_rotating" "google_service_account_key" {
+ rotation_days = var.tfe_workspace_sa_key_rotation_days
+
+ triggers = {
+ tfe_workspace_id = var.tfe_workspace_id
+ }
+}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..ede5ad0
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,29 @@
+# Copyright 2022 NephoSolutions srl, Sebastian Trebitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+output "tfe_runner_sa" {
+ description = "The Google Cloud service account for the TFE runner."
+ value = google_service_account.tfe_runner.email
+}
+
+output "tfe_workspace_sa" {
+ description = "The Google Cloud service account for the TFE workspace."
+ value = google_service_account.tfe_workspace.email
+}
+
+output "tfe_workspace_sa_key" {
+ description = "The Google Cloud credentials for the TFE workspace service account in JSON format, base64 encoded."
+ sensitive = true
+ value = google_service_account_key.tfe_workspace.private_key
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..3c345f7
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,34 @@
+# Copyright 2022 NephoSolutions srl, Sebastian Trebitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "google_project_id" {
+ description = "The Google Cloud Platform project ID"
+ type = string
+}
+
+variable "tfe_workspace_id" {
+ description = "The Terraform Cloud workspace ID."
+ type = string
+}
+
+variable "tfe_workspace_sa_key_admins" {
+ description = "List of Terraform workspace service account key admins."
+ type = list(string)
+}
+
+variable "tfe_workspace_sa_key_rotation_days" {
+ default = 30
+ description = "Interval in days to rotate the workspace service account key."
+ type = number
+}
diff --git a/versions.tf b/versions.tf
new file mode 100644
index 0000000..ce50cee
--- /dev/null
+++ b/versions.tf
@@ -0,0 +1,31 @@
+# Copyright 2022 NephoSolutions srl, Sebastian Trebitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 3.52"
+ }
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.0"
+ }
+ time = {
+ source = "hashicorp/time"
+ version = ">= 0"
+ }
+ }
+ required_version = ">= 0.13"
+}