chore(auth): obtain OIDC token with GCP on tf-base for consistency with AWS variant (74337516) · Commits · to be continuous... / Terraform

templates/gitlab-ci-terraform-aws.yml

+2 −2

Original line number	Diff line number	Diff line
		@@ -23,7 +23,7 @@ spec:
		default: ''
		---
		.tf-commands:
		init:
		gitlab_auth:
		# init Assume Role with Web Identity Configuration
		# see: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#assume-role-with-web-identity-configuration-reference
		- \|
		@@ -46,7 +46,7 @@ spec:
		export AWS_ROLE_ARN="${env_role_arn:-$AWS_OIDC_ROLE_ARN}"
		export AWS_ROLE_SESSION_NAME="GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
		fi
		- !reference [ .tf-commands, default, init ]
		- !reference [ .tf-commands, default, gitlab_auth ]

		variables:
		AWS_OIDC_AUD: $[[ inputs.aws-oidc-aud ]]

+42 −47

Original line number	Diff line number	Diff line
		@@ -51,7 +51,8 @@ variables:
		GCP_PROD_OIDC_ACCOUNT: $[[ inputs.gcp-prod-oidc-account ]]
		GCP_PROD_OIDC_PROVIDER: $[[ inputs.gcp-prod-oidc-provider ]]

		.tf-gcp-adc:
		.tf-commands:
		gitlab_auth:
		- \|-
		if [[ "$GCP_JWT" ]]
		then
		@@ -92,15 +93,9 @@ variables:
		else
		echo '[WARN] $GCP_JWT is not set: cannot setup Application Default Credentials (ADC) authentication'
		fi
		- !reference [ .tf-commands, default, gitlab_auth ]

		.tf-workspace:
		extends: .tf-base
		.tf-base:
		id_tokens:
		GCP_JWT:
		aud: "$GCP_OIDC_AUD"
		before_script:
		- !reference [.tf-base, before_script]
		- !reference [.tf-gcp-adc]
		- guess_tf_system
		- !reference [.tf-commands, init]
		- !reference [.tf-commands, select_workspace]

+1 −1

File changed.

Contains only whitespace changes.