Terraform
GCP OIDC configuration API reference
Note
Hold your own key is available on the HCP Terraform Premium edition. Refer to HCP Terraform pricing for details.
An GCP OIDC configuration is the model that lets you configure how hold your own key (HYOK) in HCP Terraform connects to your Google Cloud Platform (GCP) keys.
To learn more about hold your own key, refer to the Overview.
Create OIDC configuration
POST /api/v2/organizations/:organization_id/oidc-configurations
| Parameter | Description |
|---|---|
:organization_id | The ID of your organization. |
| Status | Response | Reason |
|---|---|---|
| 201 | JSON API document | Successfully created OIDC configuration. |
| 404 | JSON API error object | Organization not found, or user unauthorized to perform action. |
Request body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
| Key path | Type | Default | Description |
|---|---|---|---|
data.type | string | Must be "gcp-oidc-configurations". | |
data.attributes.service-account-email | string | The email of your GCP service account, with permissions to encrypt and decrypt using a Cloud KMS key. | |
data.attributes.workload-provider-name | string | The fully qualified workload provider path. This should be in the format projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id} | |
data.attributes.project-number | string | The GCP Project containing the workload provider and service account. |
Sample payload
{
"data": {
"attributes": {
"service-account-email": "myemail@gmail.com",
"workload-provider-name": "projects/1/locations/global/workloadIdentityPools/1/providers/1",
"project-number": "11111111"
},
"type": "gcp-oidc-configurations"
}
}
Sample request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--data @payload.json \
--request POST \
https://app.terraform.io/api/v2/organizations/:organization_id/oidc-configurations
Sample response
{
"data": {
"id": "gcpoidc-9yys1NaZSJXshnVf",
"type": "gcp-oidc-configurations",
"attributes": {
"type": "GcpOidcConfiguration",
"service-account-email": "myemail@gmail.com",
"workload-provider-name": "projects/1/locations/global/workloadIdentityPools/1/providers/1",
"project-number": "11111111"
},
"relationships": {
"organization": {
"data": {
"id": "my-hyok-org",
"type": "organizations"
}
}
},
"links": {
"self": "/api/v2/oidc-configurations/gcpoidc-9yys1NaZSJXshnVf"
}
}
}
Show OIDC configuration
GET /api/v2/oidc-configurations/:id
| Parameter | Description |
|---|---|
id | The ID of the OIDC configuration. |
| Status | Response | Reason |
|---|---|---|
| 200 | JSON API document | Successfully fetched OIDC configuration. |
| 404 | JSON API error object | OIDC configuration not found, or user unauthorized to perform action. |
Sample request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request GET \
https://app.terraform.io/api/v2/oidc-configurations/:id
Sample response
{
"data": {
"id": "gcpoidc-9yys1NaZSJXshnVf",
"type": "gcp-oidc-configurations",
"attributes": {
"type": "GcpOidcConfiguration",
"service-account-email": "myemail@gmail.com",
"workload-provider-name": "projects/1/locations/global/workloadIdentityPools/1/providers/1",
"project-number": "11111111"
},
"relationships": {
"organization": {
"data": {
"id": "my-hyok-org",
"type": "organizations"
}
}
},
"links": {
"self": "/api/v2/oidc-configurations/gcpoidc-9yys1NaZSJXshnVf"
}
}
}