Closed wvanderdeijl closed 3 years ago
@rileykarson I think this should be left open until WorkloadIdentityPoolProviders
is also created since both are in the criteria and description of the issue?
Yep- whoops! Over-aggressive Fixes
statement π
Thanks!
Now that the first data source is merged, Iβll create the second data source which should complete this issue.
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error π€ π , please reach out to my human friends π hashibot-feedback@hashicorp.com. Thanks!
Community Note
Description
In September 2020 GCP introduced Workload identity federation that allows external workloads to use AWS, Azure or OIDC credentials to get a Google Cloud accessToken without using a service account key. This is a very important feature for multi-cloud workloads and it would be great if we can use Terraform to provision 'WorkloadIdentityPools' and 'WorkloadIdentityPoolProviders'
New or Affected Resource(s)
I would expect new resources/data sources for:
google_project_workload_identity_pool
google_project_workload_identity_pool_provider
although the arguments are different for the two types of providers, so perhaps it is easier to split this into two resources:google_project_workload_identity_pool_provider_aws
andgoogle_project_workload_identity_pool_provider_oidc
A pools and providers are created/changed async, so they return an Operation that we need to poll, which is similar to many other google cloud resources.
References