diff options
Diffstat (limited to '')
| -rw-r--r-- | ops/buildkite/buildkite.tf | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/ops/buildkite/buildkite.tf b/ops/buildkite/buildkite.tf index e663adb..cd74785 100644 --- a/ops/buildkite/buildkite.tf +++ b/ops/buildkite/buildkite.tf @@ -1,7 +1,28 @@ +locals { + terraform_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com" +} + +provider "google" { + alias = "impersonation" + scopes = [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/userinfo.email", + ] +} + +data "google_service_account_access_token" "default" { + provider = google.impersonation + target_service_account = local.terraform_service_account + scopes = ["userinfo-email", "cloud-platform"] + lifetime = "1200s" +} + provider "google" { - project = "fcuny-homelab" - region = "us-west1" - zone = "us-west1-c" + project = "fcuny-homelab" + region = "us-west1" + zone = "us-west1-c" + access_token = data.google_service_account_access_token.default.access_token + request_timeout = "60s" } terraform { @@ -12,8 +33,9 @@ terraform { } backend "gcs" { - bucket = "world-tf-state" - prefix = "buildkite/state" + bucket = "world-tf-state" + prefix = "buildkite/state" + impersonate_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com" } } |