github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/iam/AVD-GCP-0068/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/iam/AVD-GCP-0068/Terraform.md (about)

     1  
     2  Set conditions on this provider, for example by restricting it to only be allowed from repositories in your GitHub organization.
     3  
     4  ```hcl
     5   resource "google_iam_workload_identity_pool_provider" "github" {
     6      project                            = "example-project"
     7      workload_identity_pool_id          = "example-pool"
     8      workload_identity_pool_provider_id = "example-provider"
     9    
    10      attribute_condition = "assertion.repository_owner=='your-github-organization'"
    11  
    12      attribute_mapping = {
    13        "google.subject"       = "assertion.sub"
    14        "attribute.actor"      = "assertion.actor"
    15        "attribute.aud"        = "assertion.aud"
    16        "attribute.repository" = "assertion.repository"
    17      }
    18    }		
    19  ```
    20  
    21  #### Remediation Links
    22  
    23  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool_provider#attribute_condition
    24