allowed_audiences is now a list

Author: Cyclenerd

README.md

@@ -24,10 +24,10 @@ Create Workload Identity Pool and Provider:
 # Create Workload Identity Pool Provider for Bitbucket
 module "bitbucket-wif" {
   source            = "Cyclenerd/wif-bitbucket/google"
-  version           = "~> 1.0.0"
+  version           = "~> 2.0.0"
   project_id        = "your-project-id"
   issuer_uri        = "your-bitbucket-identity-provider-url"
-  allowed_audiences = "your-bitbucket-identity-provider-audience"
+  allowed_audiences = ["your-bitbucket-identity-provider-audience"]
 }
 
 # Get the Workload Identity Pool Provider resource name for Bitbucket pipeline configuration
@@ -101,7 +101,7 @@ Default attribute mapping:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_allowed_audiences"></a> [allowed\_audiences](#input\_allowed\_audiences) | Bitbucket identity provider allowed audiences | `string` | n/a | yes |
+| <a name="input_allowed_audiences"></a> [allowed\_audiences](#input\_allowed\_audiences) | Bitbucket identity provider allowed audiences | `list(string)` | n/a | yes |
 | <a name="input_attribute_condition"></a> [attribute\_condition](#input\_attribute\_condition) | (Optional) Workload Identity Pool Provider attribute condition expression | `string` | `null` | no |
 | <a name="input_attribute_mapping"></a> [attribute\_mapping](#input\_attribute\_mapping) | Workload Identity Pool Provider attribute mapping | `map(string)` | <pre>{<br>  "attribute.aud": "attribute.aud",<br>  "attribute.branch_name": "assertion.branchName",<br>  "attribute.iss": "attribute.iss",<br>  "attribute.pipeline_uuid": "assertion.pipelineUuid",<br>  "attribute.repository": "assertion.repositoryUuid",<br>  "attribute.step_uuid": "assertion.stepUuid",<br>  "attribute.sub": "attribute.sub",<br>  "attribute.workspace_uuid": "assertion.workspaceUuid",<br>  "google.subject": "assertion.sub"<br>}</pre> | no |
 | <a name="input_issuer_uri"></a> [issuer\_uri](#input\_issuer\_uri) | Bitbucket identity provider URL | `string` | n/a | yes |

examples/bitbucket-pipeline/README.md

@@ -19,7 +19,7 @@ With this example the following steps are executed and configured:
 # Create Workload Identity Pool Provider for Bitbucket
 module "bitbucket-wif" {
   source            = "Cyclenerd/wif-bitbucket/google"
-  version           = "~> 1.0.0"
+  version           = "~> 2.0.0"
   project_id        = var.project_id
   issuer_uri        = var.bitbucket_issuer_uri
   allowed_audiences = var.bitbucket_allowed_audiences
@@ -56,7 +56,7 @@ output "bitbucket-workload-identity-provider" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_bitbucket_account_id"></a> [bitbucket\_account\_id](#input\_bitbucket\_account\_id) | The account id of the service account for Bitbucket | `string` | n/a | yes |
-| <a name="input_bitbucket_allowed_audiences"></a> [bitbucket\_allowed\_audiences](#input\_bitbucket\_allowed\_audiences) | The Bitbucket allowed audience | `string` | n/a | yes |
+| <a name="input_bitbucket_allowed_audiences"></a> [bitbucket\_allowed\_audiences](#input\_bitbucket\_allowed\_audiences) | The Bitbucket allowed audiences | `list(string)` | n/a | yes |
 | <a name="input_bitbucket_issuer_uri"></a> [bitbucket\_issuer\_uri](#input\_bitbucket\_issuer\_uri) | The Bitbucket identity provider URL | `string` | n/a | yes |
 | <a name="input_bitbucket_repository"></a> [bitbucket\_repository](#input\_bitbucket\_repository) | The Bitbucket repository (UUID) | `string` | n/a | yes |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The ID of the project | `string` | n/a | yes |

examples/bitbucket-pipeline/main.tf

@@ -1,7 +1,7 @@
 # Create Workload Identity Pool Provider for Bitbucket
 module "bitbucket-wif" {
   source            = "Cyclenerd/wif-bitbucket/google"
-  version           = "~> 1.0.0"
+  version           = "~> 2.0.0"
   project_id        = var.project_id
   issuer_uri        = var.bitbucket_issuer_uri
   allowed_audiences = var.bitbucket_allowed_audiences

examples/bitbucket-pipeline/terraform.tfvars.example

@@ -1,5 +1,5 @@
 project_id                  = "your-project-id"
 bitbucket_issuer_uri        = "your-bitbucket-identity-provider-url"
-bitbucket_allowed_audiences = "your-bitbucket-identity-provider-audience"
+bitbucket_allowed_audiences = ["your-bitbucket-identity-provider-audience"]
 bitbucket_repository        = "your-bitbucket-repository-uuid"
 bitbucket_account_id        = "bitbucket-pipeline"

examples/bitbucket-pipeline/variables.tf

@@ -9,8 +9,8 @@ variable "bitbucket_issuer_uri" {
 }
 
 variable "bitbucket_allowed_audiences" {
-  type        = string
-  description = "The Bitbucket allowed audience"
+  type        = list(string)
+  description = "The Bitbucket allowed audiences"
 }
 
 variable "bitbucket_repository" {

main.tf

@@ -70,7 +70,7 @@ resource "google_iam_workload_identity_pool_provider" "provider" {
   attribute_mapping                  = var.attribute_mapping
   attribute_condition                = var.attribute_condition
   oidc {
-    allowed_audiences = [var.allowed_audiences]
+    allowed_audiences = var.allowed_audiences
     issuer_uri        = var.issuer_uri
   }
 

variables.tf

@@ -97,7 +97,7 @@ variable "issuer_uri" {
 }
 
 variable "allowed_audiences" {
-  type        = string
+  type        = list(string)
   description = "Bitbucket identity provider allowed audiences"
 }