Use client-only WIF runner grants
This commit is contained in:
parent
e7c0442a12
commit
51f34c9a64
3 changed files with 5 additions and 6 deletions
|
|
@ -177,9 +177,9 @@ variable "google_wif_allowed_audiences" {
|
|||
}
|
||||
|
||||
variable "google_wif_runner_group" {
|
||||
description = "Mapped Authentik group allowed to assume the runner service account. Empty allows the whole pool."
|
||||
description = "Mapped Authentik group allowed to assume the runner service account. Leave empty for machine-to-machine client credentials."
|
||||
type = string
|
||||
default = "burrow-automation"
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "google_wif_runner_client_id" {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue