google-github-actions/auth
1
0
Fork 0
mirror of https://github.com/google-github-actions/auth.git synced 2026-06-06 07:47:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

Document admission for all repos of an owner (#279)

Browse source 
I really struggleded several days with this and thankfully i found
https://github.com/google-github-actions/auth/issues/77#issuecomment-990371420
big thanks to @sethvargo ❤
as @dobromyslov already said, this should be documented
so I went ahead and created added a paragrah for this use case

---------

Signed-off-by: Daniel Brown <djbrown@users.noreply.github.com>
This commit is contained in:
Daniel Brown 2023-03-24 15:24:13 +01:00 committed by GitHub
commit 5431d4afba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -607,6 +607,14 @@ Terraform module to automate your infrastructure provisioning. See [examples](ht
--role="roles/iam.workloadIdentityUser" \
--member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}"
```
If you want to admit all repos of an owner (user or organization), map on `attribute.repository_owner`:
```sh
--member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository_owner/${OWNER}"
```
For this to work, you need to make sure that `attribute.repository_owner` is mapped in your attribute mapping (see previous step).
Note that `$WORKLOAD_IDENTITY_POOL_ID` should be the **full** Workload
Identity Pool resource ID, like: