feat: add aws_gke_oidc_config and aws_gke_oidc_role modules #239
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amitchell-moz
changed the title
Release plan
|
jbuck
approved these changes
Dec 18, 2024
|
😿 I didn't realize my GHA bot commits weren't getting signed - the repo I tested on didn't require them. I'll need to get #240 merged, then |
amitchell-moz
force-pushed
the
amitchell-OPST-1509
branch
from
5360a1c to
0c9d965
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add modules to provision AWS roles + OIDC configs to allow GKE workloads to assume AWS roles.
https://mozilla-hub.atlassian.net/browse/OPST-1509
This PR introduces 2 modules:
These need to be separate modules because the OIDC provider URL must be unique per-account, but a given GKE cluster only has 1 OIDC endpoint. That means the OIDC provider tf must only be ran once, after that any number of roles can use it.
Changelog entry