From f64f8d1bb5ee7e6056acecf92922c2579d60a569 Mon Sep 17 00:00:00 2001
From: akovtun-extenda <57349964+akovtun-extenda@users.noreply.github.com>
Date: Mon, 20 Jul 2020 18:41:25 +0300
Subject: [PATCH] feat: Add OIDC token support (#28)

---
 README.md | 2 ++
 main.tf   | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e15282b..e4d3ecc 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,8 @@ module "pubsub" {
       ack_deadline_seconds = 20 // optional
       push_endpoint        = "https://example.com" // required
       x-goog-version       = "v1beta1" // optional
+      oidc_service_account = "sa@example.com" // optional
+      audience             = "example" // optional
       expiration_policy    = "1209600s" // optional
     }
   ]
diff --git a/main.tf b/main.tf
index f9dd2c2..f0bb719 100644
--- a/main.tf
+++ b/main.tf
@@ -64,8 +64,15 @@ resource "google_pubsub_subscription" "push_subscriptions" {
     attributes = {
       x-goog-version = lookup(var.push_subscriptions[count.index], "x-goog-version", "v1")
     }
-  }
 
+    dynamic "oidc_token" {
+      for_each = (lookup(var.push_subscriptions[count.index], "oidc_service_account_email", "") != "") ? [true] : []
+      content {
+        service_account_email = lookup(var.push_subscriptions[count.index], "oidc_service_account_email", "")
+        audience              = lookup(var.push_subscriptions[count.index], "audience", "")
+      }
+    }
+  }
   depends_on = [google_pubsub_topic.topic]
 }