-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.tf
More file actions
25 lines (21 loc) · 862 Bytes
/
main.tf
File metadata and controls
25 lines (21 loc) · 862 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
data "azuread_client_config" "current" {}
resource "azuread_application" "github_oidc" {
display_name = var.display_name
owners = [data.azuread_client_config.current.object_id]
}
resource "azuread_application_federated_identity_credential" "this" {
application_id = azuread_application.github_oidc.id
display_name = var.display_name
audiences = ["api://AzureADTokenExchange"]
issuer = "https://token.actions.githubusercontent.com"
subject = "repo:${var.github_org}/${var.github_repo}:*"
description = var.description
}
data "azuread_service_principal" "sp" {
client_id = azuread_application.github_oidc.client_id
}
resource "azurerm_role_assignment" "this" {
scope = var.role_scope
role_definition_name = var.role_name
principal_id = data.azuread_service_principal.sp.object_id
}