Enable OIDC based authentication to execute tf on cloud provider about terraform-github-actions HOT 5 CLOSED

You'll need to provide whatever credentials you need to the container. GitHub makes this more awkward than it should be because it doesn't mount the job HOME dir into the container.

From looking at the OIDC login action for Google Cloud it looks like it stores credentials in the job temp directory and sets the standard environment variables to point to it, so I think it would just work.

Often you can pass credentials just in environment variables, which could be set explicitly for the terraform action or set by a previous step.
With AWS for example, the OIDC login action already sets the required environment variables so it also just works.

I don't know Azure, so I don't know where you would find such credentials after using azure/login.

from terraform-github-actions.

Thanks, will probably dig a bit deep feed into this issue.

from terraform-github-actions.

OIDC , seems to be supported now - although strangely not made its way to the main docs

https://github.com/hashicorp/terraform-provider-azurerm/pull/16555/files

from terraform-github-actions.

Tested it , fairly straightforward with TF - no change needed for the actions (as terraform now has go module to retrieve the id-token , using github actions) .

a bit strange, that the terraform azurerm provider has a specific coupling to github action (env variables too).

a spike here -> https://github.com/stevengonsalvez/cloud-cicd-exploration/blob/master/.github/workflows/az-oidc-test.yml , will probably write it up as well.

from terraform-github-actions.

Glad everything seems to be working. Closing as there doesn't seem to be any changes necessary to the actions.

from terraform-github-actions.