Skip to content

Latest commit

 

History

History
 
 

multiple-identities

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.terraform.lock.hcl
.terraform.lock.hcl
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
local.tf
local.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

Introduction

This example show the example of using the module to create a multiple user-managed identities and assign a combination of azure built-in and newly created custom role definitions for Github workflows and Kubernetes Servic Accounts either individually or combination.

Refer to each individual module interfaces multiple_service_account_identities,multiple_github_workflow_identities and combination_service_accounts_and_github_workflow_identities for more details.

ℹ️ Individual usage of Module for GitHub Workflow and Kubernetes Service Account Identities is recommended to simplify configuration and reduce blast radius.

Requirements

No requirements.

Providers

Name Version
azurerm 3.85.0

Modules

Name Source Version
combination_service_accounts_and_github_workflow_identities ../../ n/a

Resources

Name Type
azurerm_resource_group.this resource

Inputs

Name Description Type Default Required
identities (optional) Identities to create. See README for more information.It includes all the inputs from the role_assignments block in the module. 
set(object({
    service_account_name               = string
    namespace                          = string
    oidc_issuer_url                    = string
    create_github_workflow_credentials = bool
    github_owner                       = string ## required if create_github_workflow_credentials is true
    github_repository_name             = string ## required if create_github_workflow_credentials is true
    github_entity_type                 = string ## required if create_github_workflow_credentials is true
    role_assignments = set(object({
      role_definition_name          = optional(string)
      name                          = optional(string, null)
      create_custom_role            = optional(bool, false)
      condition                     = optional(string, null)
      condition_version             = optional(string, null)
      scope                         = optional(string)
      custom_role_description       = optional(string)
      custom_role_definition_id     = optional(string, null)
      custom_role_actions           = optional(set(string), [])
      custom_role_data_actions      = optional(set(string), [])
      custom_role_not_actions       = optional(set(string), [])
      custom_role_not_data_actions  = optional(set(string), [])
      custom_role_assignable_scopes = optional(set(string), null)
    }))
  }))
 [] no
namespace (optional) namesapce for example-service-account-02, need variable to over-ride in tests. string "default" no
service_account_name (optional) Service Account name for second example, need variable to over-ride in tests. string "example-service-account-02" no

Outputs

Name Description
client_ids The Client IDs of the apps associated with the Identities.
subjects The subjects for the Federated Identity Credential associated with the Identities.