Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Workload Identity module, to bind roles in various projects for the service account created #1574

Merged
merged 5 commits into from
Apr 4, 2023

Conversation

SudharsaneSivamany
Copy link
Contributor

It will help users to bind the created service account account with roles in multiple projects.

@akshaybathija-github
Copy link
Contributor

/gcbrun

1 similar comment
@akshaybathija-github
Copy link
Contributor

/gcbrun

@akshaybathija-github
Copy link
Contributor

/gcbrun

Copy link
Collaborator

@apeabody apeabody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @SudharsaneSivamany! Please see the comments as ideally we can avoid a breaking change.

project = var.project_id
role = each.value
project = element(split("=>", each.value), 0)
role = element(split("=>", each.value), 1)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would recommend using a map(list(string)) rather than string parsing.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed with your point.

@@ -85,7 +85,7 @@ variable "automount_service_account_token" {
}

variable "roles" {
description = "A list of roles to be added to the created service account"
description = "A list of roles to be added to the created service account for specific projects"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently this would be a breaking change, if possible can we make this backward compatible.

A quick thought might be add a new (optional) map(list(string)) of additional projects=>[roles], and leave the existing roles for just var.project_id?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes are made as mentioned. Pls review

Copy link
Contributor Author

@SudharsaneSivamany SudharsaneSivamany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes are made. Pls review

@apeabody
Copy link
Collaborator

/gcbrun

@apeabody
Copy link
Collaborator

apeabody commented Apr 4, 2023

/gcbrun

Copy link
Collaborator

@apeabody apeabody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@apeabody apeabody merged commit 53f0f58 into terraform-google-modules:master Apr 4, 2023
CPL-markus pushed a commit to WALTER-GROUP/terraform-google-kubernetes-engine that referenced this pull request Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants