Skip to content

Commit

Permalink
created terraform registry compliant examples
Browse files Browse the repository at this point in the history
  • Loading branch information
m13t committed Mar 26, 2024
1 parent 27ada42 commit 2eb3988
Show file tree
Hide file tree
Showing 3 changed files with 122 additions and 0 deletions.
59 changes: 59 additions & 0 deletions examples/provider/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
module "common_provider_example" {
source = "appvia/oidc/aws//modules/provider"
version = "0.0.16"

// List of common OIDC providers to enable
common_providers = [
"github",
"gitlab",
]

// Per-provider tags to apply to the OIDC provider
provider_tags = {
github = {
Provider = "GitHub Only Tag"
}

gitlab = {
Provider = "GitLab Only Tag"
}
}

// Tags to apply to all providers
tags = {
Name = "Example Common Provider"
}
}

module "custom_provider_example" {
source = "appvia/oidc/aws//modules/provider"
version = "0.0.16"

// Custom provider configuration
custom_providers = {
gitlab = {
// Friendly name of the provider
name = "GitLab"

// Root URL of the OpenID Connect identity provider
url = "https://gitlab.example.org"

// Client ID (audience)
client_id_list = [
"https://gitlab.example.org",
]

// List of certificate thumbprints for the provider.
// If these are not specified, the module will attempt
// to look up the current thumbprint automatically.
thumbprint_list = [
"92bed42098f508e91f47f321f6607e4b",
]
}
}

// Tags to provide to all providers
tags = {
Name = "Example Custom Provider"
}
}
24 changes: 24 additions & 0 deletions examples/remote_state/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
module "basic" {
source = "appvia/oidc/aws//modules/role"
version = "0.0.16"

// ID of the destination AWS account from which remote
// state is to be read from.
account_id = "0123456789"

// Name of the region of the destination AWS account where
// resource have been deployed to.
region = "eu-west-2"

// The path of the repository which produced the remote
// state being read.
repository = "appvia/repo-1"

// ARN of the role to be assumed with the permissions to read
// the remote state file.
reader_role_arn = "arn:aws:iam::0123456789:role/test-common-role"

// Path to the identity token file containing the credentials needed
// to assume the role.
web_identity_token_file = "/tmp/web_identity_token_file"
}
39 changes: 39 additions & 0 deletions examples/role/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
module "common_provider_example" {
source = "appvia/oidc/aws//modules/role"
version = "0.0.16"

// Basic role details
name = "test-common-role"
description = "Creates a role using the GitHub OIDC provider"

// Name of the common OIDC provider to use
common_provider = "github"

// Relative path to the repository for the given provider
repository = "appvia/something"

// Set the permission boundary for both the read-only and read-write role
permission_boundary_arn = "arn:aws:iam::aws:policy/AdministratorAccess"

// List of policy ARNs to attach to the read-only role
read_only_policy_arns = [
"arn:aws:iam::aws:policy/ReadOnlyAccess",
]

// List of policy ARNs to attach to the read-write role
read_write_policy_arns = [
"arn:aws:iam::aws:policy/AdministratorAccess",
]

// List of additional repositories which will be able to read the remote
// terraform state, created by this role.
shared_repositories = [
"appvia/repo-1",
"appvia/repo-2",
]

// Tags to apply to the role
tags = {
Name = "Example Common Provider"
}
}

0 comments on commit 2eb3988

Please sign in to comment.