From 8d6248350444d064488e0e98e3de4c893a79ec70 Mon Sep 17 00:00:00 2001 From: Grant Sorbo Date: Mon, 26 Aug 2024 22:18:46 +0000 Subject: [PATCH 1/4] fix: attribute condition must reference one of the provider's claims --- examples/oidc-simple/main.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/oidc-simple/main.tf b/examples/oidc-simple/main.tf index a8fae5b..4065df5 100644 --- a/examples/oidc-simple/main.tf +++ b/examples/oidc-simple/main.tf @@ -30,9 +30,10 @@ module "oidc" { source = "terraform-google-modules/github-actions-runners/google//modules/gh-oidc" version = "~> 3.0" - project_id = var.project_id - pool_id = "example-pool" - provider_id = "example-gh-provider" + project_id = var.project_id + pool_id = "example-pool" + provider_id = "example-gh-provider" + attribute_condition = "assertion.repository_owner_id=='1342004'" sa_mapping = { (google_service_account.sa.account_id) = { sa_name = google_service_account.sa.name From 3fb7175024697efa7e49b82a5f514cc80e635689 Mon Sep 17 00:00:00 2001 From: Grant Sorbo Date: Mon, 26 Aug 2024 22:21:53 +0000 Subject: [PATCH 2/4] fix: reformat oidc test commands --- build/int.cloudbuild.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 45dbca1..291db4b 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -96,17 +96,17 @@ steps: # examples/oidc-simple - id: apply-oidc name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'cd test/integration && RUN_STAGE=apply go test -v -run TestOIDCSimple ./... -p 1'] + args: ['/bin/bash', '-c', 'cft test run TestOIDCSimple --stage apply --verbose'] waitFor: - init-all - id: verify-oidc name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'cd test/integration && RUN_STAGE=verify go test -v -run TestOIDCSimple ./... -p 1'] + args: ['/bin/bash', '-c', 'cft test run TestOIDCSimple --stage verify --verbose'] waitFor: - apply-oidc - id: destroy-oidc name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'cd test/integration && RUN_STAGE=teardown go test -v -run TestOIDCSimple ./... -p 1'] + args: ['/bin/bash', '-c', 'cft test run TestOIDCSimple --stage destroy --verbose'] waitFor: - verify-oidc tags: @@ -114,4 +114,4 @@ tags: - 'integration' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22' \ No newline at end of file From b18a6c5daece59aba0c72632079f20f6c5cb2d6e Mon Sep 17 00:00:00 2001 From: Grant Sorbo Date: Mon, 26 Aug 2024 18:28:42 -0400 Subject: [PATCH 3/4] fix: formatting --- build/int.cloudbuild.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 291db4b..aaa5877 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -114,4 +114,5 @@ tags: - 'integration' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22' \ No newline at end of file + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22' + From 0ce8dc83272fa93b281dd619db1875ba9906c212 Mon Sep 17 00:00:00 2001 From: Grant Sorbo Date: Tue, 27 Aug 2024 03:50:20 +0000 Subject: [PATCH 4/4] fix: formatting --- build/int.cloudbuild.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index aaa5877..d60b25c 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -115,4 +115,3 @@ tags: substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22' -