Merge pull request #1 from rrednaxela/master

Cyclenerd · web-flow · commit 387946d96e1e · 2023-04-27T08:59:38.000+02:00
Update attribute mappings to match assertions
diff --git a/README.md b/README.md
@@ -67,8 +67,9 @@ Attribute mapping:
 |------------------------|-------------------------------------------------------|
 | `google.subject`       | `assertion.sub`                                       |
 | `attribute.sub`        | `assertion.sub`                                       |
-| `attribute.actor`      | `assertion.actor`                                     |
 | `attribute.repository` | `assertion.project_path` (not `assertion.repository`) |
+| `attribute.user_login` | `assertion.user_login`                                |
+| `attribute.ref`        | `assertion.ref`                                       |
 
 <!-- BEGIN_TF_DOCS -->
 ## Providers
diff --git a/main.tf b/main.tf
@@ -70,14 +70,15 @@ resource "google_iam_workload_identity_pool_provider" "provider" {
 
   attribute_mapping = {
     "google.subject"       = "assertion.sub"
-    "attribute.sub"        = "attribute.sub"
-    "attribute.actor"      = "assertion.actor"
+    "attribute.sub"        = "assertion.sub"
+    "attribute.user_login" = "assertion.user_login"
     "attribute.repository" = "assertion.project_path"
+    "attribute.ref"        = "assertion.ref"
   }
   oidc {
     allowed_audiences = [var.allowed_audiences]
     issuer_uri        = var.issuer_uri
   }
 
   depends_on = [google_iam_workload_identity_pool.pool]
-}
+}
