Untitled

resource "google_service_account_iam_binding" "secretaccessor-ksa-wi-gsa" {
  service_account_id = "projects/${local.pulse.project_id}/serviceAccounts/secret-accessor@${local.pulse.project_id}.iam.gserviceaccount.com"
  role               = "roles/iam.workloadIdentityUser"
  members = [
    "serviceAccount:${local.pulse.project_id}.svc.id.goog[external-secrets/wi-secret-accessor]",
  ]
}

module "pulse-secret-accessor-iam-binding" {
  source  = "terraform-google-modules/iam/google//modules/secret_manager_iam"
  project = local.pulse.project_id
  secrets = ["OIDC_CLIENT_SECRET", "ODS_OWNER_PASSWORD"]

  bindings = {
    "roles/secretmanager.secretAccessor" = [
      "serviceAccount:secret-accessor@${local.pulse.project_id}.iam.gserviceaccount.com"
    ]
  }
}
Editor is loading...