From ae76dfd2a1b6498443e8b3ceb75f00573a7989ff Mon Sep 17 00:00:00 2001
From: Liam Nesteroff <lnesteroff@google.com>
Date: Tue, 1 Oct 2024 14:41:11 +1000
Subject: [PATCH] added tf def to wif providers

---
 fast/stages/0-bootstrap/identity-providers-defs.tf | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/fast/stages/0-bootstrap/identity-providers-defs.tf b/fast/stages/0-bootstrap/identity-providers-defs.tf
index 6333ee9984..d76b4e31cf 100644
--- a/fast/stages/0-bootstrap/identity-providers-defs.tf
+++ b/fast/stages/0-bootstrap/identity-providers-defs.tf
@@ -67,5 +67,18 @@ locals {
       principal_branch = "principalSet://iam.googleapis.com/%s/attribute.sub/project_path:%s:ref_type:branch:ref:%s"
       principal_repo   = "principalSet://iam.googleapis.com/%s/attribute.repository/%s"
     }
+    # https://developer.hashicorp.com/terraform/cloud-docs/workspaces/dynamic-provider-credentials/workload-identity-tokens#token-structure
+    terraform = {
+      attribute_mapping = {
+        "attribute.tfc_organization_id" = "assertion.terraform_organization_id"
+        "attribute.tfc_project_id"      = "assertion.terraform_project_id"
+        "attribute.tfc_project_name"    = "assertion.terraform_project_name"
+        "google.subject"                = "assertion.terraform_workspace_id"
+        "attribute.tfc_workspace_name"  = "assertion.terraform_workspace_name"
+      }
+      issuer_uri       = "https://app.terraform.io"
+      principal_branch = "principalSet://iam.googleapis.com/%s/attribute.tfc_workspace_name/%s"
+      principal_repo   = "principalSet://iam.googleapis.com/%s/attribute.repository/%s"
+    }
   }
 }