Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add new identity to run terraform plan on PRs #97

Merged
merged 2 commits into from
Feb 8, 2024
Merged

add new identity to run terraform plan on PRs #97

merged 2 commits into from
Feb 8, 2024

Conversation

cpanato
Copy link
Collaborator

@cpanato cpanato commented Feb 6, 2024
edited
Loading

Not sure how to define the pull-request in the new identity

Related to #54

@cpanato cpanato requested a review from mattmoor February 6, 2024 14:27
mattmoor
mattmoor reviewed Feb 7, 2024
View reviewed changes
iac/bootstrap/main.tf Outdated Show resolved Hide resolved
@cpanato @mattmoor
Update iac/bootstrap/main.tf
152725a 
Co-authored-by: Matt Moore <[email protected]>
Signed-off-by: Carlos Tadeu Panato Junior <[email protected]>
@cpanato cpanato requested a review from mattmoor February 7, 2024 15:02
@cpanato
Copy link
Collaborator Author

cpanato commented Feb 8, 2024

ptal @mattmoor

@mattmoor mattmoor merged commit 51964c8 into octo-sts:main Feb 8, 2024
13 checks passed
@mattmoor mattmoor deleted the GH-54-part-I branch February 8, 2024 15:14
@mattmoor
Copy link
Member

mattmoor commented Feb 8, 2024

I'm applying this now.

@mattmoor
Copy link
Member

mattmoor commented Feb 8, 2024 

Terraform will perform the following actions:

  # google_project_iam_member.github_viewer will be created
  + resource "google_project_iam_member" "github_viewer" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = (known after apply)
      + project = "octo-sts"
      + role    = "roles/viewer"
    }

  # google_service_account.github_pull_requests will be created
  + resource "google_service_account" "github_pull_requests" {
      + account_id = "github-pull-requests"
      + disabled   = false
      + email      = (known after apply)
      + id         = (known after apply)
      + member     = (known after apply)
      + name       = (known after apply)
      + project    = "octo-sts"
      + unique_id  = (known after apply)
    }

  # google_service_account_iam_binding.allow_github_pull_requests_impersonation will be created
  + resource "google_service_account_iam_binding" "allow_github_pull_requests_impersonation" {
      + etag               = (known after apply)
      + id                 = (known after apply)
      + members            = [
          + "principalSet://iam.googleapis.com/projects/96355665038/locations/global/workloadIdentityPools/github-pool/attribute.sub/repo:chainguard-dev/octo-sts:pull_request",
        ]
      + role               = "roles/iam.workloadIdentityUser"
      + service_account_id = (known after apply)
    }

Plan: 3 to add, 0 to change, 0 to destroy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmoor mattmoor mattmoor approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cpanato @mattmoor