cloud-foundation-fabric icon indicating copy to clipboard operation
cloud-foundation-fabric copied to clipboard

Published 20 hours ago verified publisher icon GoogleCloudPlatform

Feature/workload identity module

Open caiottavares opened this issue 2 years ago • 2 comments

Hey @ludoo it's been awhile since my last contribution. I had the need to scratch a module to support Workload Identity Federation the other day and figured I should share with you to get your thoughts. It's really basic but it supports OIDC and AWS at the moment. Please let me know if there is any nuance in the code.

Regards, Caio Tavares

caiottavares avatar Aug 17 '22 20:08 caiottavares

Hey Caio, glad you're still contributing here! :)

I think a Workload Identitiy Federation module is a good idea, I would like it to be more powerful though, e.g. by allowing to entirely manage a pool with potentially multiple providers, and potentially also IAM impersonation via principal/principalSet. This is a good start, would you be ok if we tried to make it more complex/powerful?

ludoo avatar Aug 18 '22 06:08 ludoo

Hey Caio, glad you're still contributing here! :)

I think a Workload Identitiy Federation module is a good idea, I would like it to be more powerful though, e.g. by allowing to entirely manage a pool with potentially multiple providers, and potentially also IAM impersonation via principal/principalSet. This is a good start, would you be ok if we tried to make it more complex/powerful?

That's fair enough. I will work on the 1:N relationship as well as the IAM binding. Will ping you once it's ready.

caiottavares avatar Aug 18 '22 12:08 caiottavares

@caiottavares I'm closing this PR. Feel free to reopen if you want to continue with this.

juliocc avatar Oct 12 '22 14:10 juliocc