Skip to content

Commit

Permalink
chore(tf): harden oidc claims validation (#171)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucacasonato @donjo
lucacasonato authored and donjo committed Mar 4, 2024
1 parent a1cbc78 commit 46286e2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion terraform/oidc.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ resource "google_iam_workload_identity_pool_provider" "github_actions" {
"attribute.repository" = "assertion.repository"
"attribute.environment" = "assertion.environment"
}
attribute_condition = "assertion.repository == 'jsr-io/jsr'"
attribute_condition = "assertion.repository == 'jsr-io/jsr' && assertion.environment == '${var.production ? "prod" : "staging"}'"
}

resource "google_service_account" "github_actions" {
Expand Down

0 comments on commit 46286e2

Please sign in to comment.