-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Workload Identity module, to bind roles in various projects for the service account created #1574
feat: Workload Identity module, to bind roles in various projects for the service account created #1574
Conversation
/gcbrun |
1 similar comment
/gcbrun |
… the service account created
/gcbrun |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution @SudharsaneSivamany! Please see the comments as ideally we can avoid a breaking change.
modules/workload-identity/main.tf
Outdated
project = var.project_id | ||
role = each.value | ||
project = element(split("=>", each.value), 0) | ||
role = element(split("=>", each.value), 1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would recommend using a map(list(string))
rather than string parsing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed with your point.
@@ -85,7 +85,7 @@ variable "automount_service_account_token" { | |||
} | |||
|
|||
variable "roles" { | |||
description = "A list of roles to be added to the created service account" | |||
description = "A list of roles to be added to the created service account for specific projects" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently this would be a breaking change, if possible can we make this backward compatible.
A quick thought might be add a new (optional) map(list(string))
of additional projects=>[roles], and leave the existing roles
for just var.project_id
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes are made as mentioned. Pls review
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes are made. Pls review
/gcbrun |
… the service account created
/gcbrun |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @SudharsaneSivamany!
… the service account created (terraform-google-modules#1574)
It will help users to bind the created service account account with roles in multiple projects.