-
Notifications
You must be signed in to change notification settings - Fork 0
/
local.tf
20 lines (17 loc) · 1.35 KB
/
local.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
locals {
uid_with_service_account_name = var.service_account_name != "" ? var.service_account_name : format("gh-repo-%s", var.github_repository_name)
uid_name = var.user_assigned_identity_name != "" ? var.user_assigned_identity_name : local.uid_with_service_account_name
## Multiple filters using conditional expressions for github workflows/actions subject name.
tag_entity_type = var.github_entity_type != "tag" ? "" : "ref:refs/tags/${var.github_tag_name}"
branch_entity_type = var.github_entity_type != "branch" ? (local.tag_entity_type) : "ref:refs/heads/${var.github_branch_name}"
environment_entity_type = var.github_entity_type != "environment" ? (local.branch_entity_type) : "environment/${var.github_environment_name}"
github_entity_config = var.github_entity_type != "pull_request" ? (local.environment_entity_type) : "pull_request"
## final subject name contstructed using the entity_config.
github_workflow_subject_name = format("repo:%s/%s:%s",
var.github_owner,
var.github_repository_name,
local.github_entity_config
)
kubernetes_service_account_subject = format("system:serviceaccount:%s:%s", var.namespace, var.service_account_name)
subject = !var.create_github_workflow_credentials ? local.kubernetes_service_account_subject : local.github_workflow_subject_name
}