feat: new identity oidc for fdr (#2782)

* feat: new identity oidc for fdr * added secret to prod --------- Co-authored-by: Francesco <[email protected]>
pagopa · Feb 11, 2025 · ea031c9 · ea031c9
1 parent c7e83c1
commit ea031c9
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 15 deletions.
diff --git a/src/domains/fdr-common/10_github_identity.tf b/src/domains/fdr-common/10_github_identity.tf
@@ -22,6 +22,13 @@ locals {
     }
   ]
 
+  federations_01_oidc = [
+    for repo in local.repos_01 : {
+      repository = repo
+      subject    = "oidc"
+    }
+  ]
+
   environment_cd_roles = {
     subscription = [
       "Contributor"
@@ -103,6 +110,29 @@ module "identity_ci_01" {
   ]
 }
 
+# create a module for each 20 repos
+module "identity_oidc_01" {
+  source    = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v8.36.1"
+  prefix    = var.prefix
+  env_short = var.env_short
+  domain    = "${var.domain}-01-oidc"
+
+  identity_role = "cd"
+
+  github_federations = local.federations_01_oidc
+
+  cd_rbac_roles = {
+    subscription_roles = local.environment_cd_roles.subscription
+    resource_groups    = local.environment_cd_roles.resource_groups
+  }
+
+  tags = var.tags
+
+  depends_on = [
+    data.azurerm_resource_group.identity_rg
+  ]
+}
+
 resource "null_resource" "github_runner_app_permissions_to_namespace_cd_01" {
   triggers = {
     aks_id               = data.azurerm_kubernetes_cluster.aks.id