stackitcloud · JorTurFer · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026
@@ -0,0 +1,129 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_service_account_federated_identity_provider Resource - stackit"
+subcategory: ""
+description: |-
+  Service account federated identity provider schema.
+  Example Usage
+  Create a federated identity provider
+
+  resource "stackit_service_account" "sa" {
+    project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    name       = "my-service-account"
+  }
+
+  resource "stackit_service_account_federated_identity_provider" "provider" {
+    project_id            = stackit_service_account.sa.project_id
+    service_account_email = stackit_service_account.sa.email
+    name                  = "my-provider"
+    issuer                = "https://auth.example.com"
+
+    assertions = [
+      {
+        item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
+        operator = "equals"
+        value    = "sts.accounts.stackit.cloud"
+      },
+      {
+        item     = "email"
+        operator = "equals"
+        value    = "terraform@example.com"
+      }
+    ]
+  }
+---
+
+# stackit_service_account_federated_identity_provider (Resource)
+
+Service account federated identity provider schema.
+## Example Usage
+
+
+### Create a federated identity provider
+```terraform
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "my-provider"
+  issuer                = "https://auth.example.com"
+
+  assertions = [
+    {
+      item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "email"
+      operator = "equals"
+      value    = "terraform@example.com"
+    }
+  ]
+}
+
+```
+
+## Example Usage
+
+```terraform
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "gh-actions"
+  issuer                = "https://token.actions.githubusercontent.com"
+
+  assertions = [
+    {
+      item     = "aud"
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "sub"
+      operator = "equals"
+      value    = "repo:stackitcloud/terraform-provider-stackit:ref:refs/heads/main"
+    }
+  ]
+}
+
+# Only use the import statement, if you want to import an existing federated identity provider
+import {
+  to = stackit_service_account_federated_identity_provider.import-example
+  id = "${var.project_id},${var.service_account_email},${var.federation_id}"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `assertions` (Attributes List) The assertions for the federated identity provider. (see [below for nested schema](#nestedatt--assertions))
+- `issuer` (String) The issuer URL.
+- `name` (String) The name of the federated identity provider.
+- `project_id` (String) The STACKIT project ID associated with the service account.
+- `service_account_email` (String) The email address associated with the service account, used for account identification and communication.
+
+### Read-Only
+
+- `federation_id` (String) The unique identifier for the federated identity provider associated with the service account.
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`service_account_email`,`federation_id`".
+
+<a id="nestedatt--assertions"></a>
+### Nested Schema for `assertions`
+
+Required:
+
+- `item` (String) The assertion claim. At least one assertion with the claim "aud" is required for security reasons.
+- `operator` (String) The assertion operator. Currently, the only supported operator is "equals".
+- `value` (String) The assertion value.
@@ -0,0 +1,30 @@
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "gh-actions"
+  issuer                = "https://token.actions.githubusercontent.com"
+
+  assertions = [
+    {
+      item     = "aud"
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "sub"
+      operator = "equals"
+      value    = "repo:stackitcloud/terraform-provider-stackit:ref:refs/heads/main"
+    }
+  ]
+}
+
+# Only use the import statement, if you want to import an existing federated identity provider
+import {
+  to = stackit_service_account_federated_identity_provider.import-example
+  id = "${var.project_id},${var.service_account_email},${var.federation_id}"
+}
@@ -36,7 +36,7 @@ require (
 	github.com/stackitcloud/stackit-sdk-go/services/secretsmanager v0.14.3
 	github.com/stackitcloud/stackit-sdk-go/services/serverbackup v1.3.8
 	github.com/stackitcloud/stackit-sdk-go/services/serverupdate v1.2.6
-	github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.12.0
+	github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.15.0
 	github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v1.4.1
 	github.com/stackitcloud/stackit-sdk-go/services/sfs v0.6.1
 	github.com/stackitcloud/stackit-sdk-go/services/ske v1.7.0
@@ -46,8 +46,8 @@ require (
 )
 
 require (
+	github.com/go-git/go-git/v5 v5.16.5 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
-	github.com/kr/text v0.2.0 // indirect
 	golang.org/x/telemetry v0.0.0-20260109210033-bd525da824e2 // indirect
 )
 

@@ -15,7 +15,6 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
 github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
 github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -31,8 +30,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
 github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
-github.com/go-git/go-git/v5 v5.14.0 h1:/MD3lCrGjCen5WfEAzKg00MJJffKhC8gzS80ycmCi60=
-github.com/go-git/go-git/v5 v5.14.0/go.mod h1:Z5Xhoia5PcWA3NF8vRLURn9E5FRhSl7dGj9ItW3Wk5k=
+github.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s=
+github.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M=
 github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
@@ -205,6 +204,8 @@ github.com/stackitcloud/stackit-sdk-go/services/serverupdate v1.2.6 h1:sQ3fdtUjg
 github.com/stackitcloud/stackit-sdk-go/services/serverupdate v1.2.6/go.mod h1:3fjlL+9YtuI9Oocl1ZeYIK48ImtY4DwPggFhqAygr7o=
 github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.12.0 h1:l1EDIlXce2C8JcbBDHVa6nZ4SjPTqmnALTgrhms+NKI=
 github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.12.0/go.mod h1:EXq8/J7t9p8zPmdIq+atuxyAbnQwxrQT18fI+Qpv98k=
+github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.15.0 h1:n+NNJvhJYs7oFuIXZWCnMTHR3dukMXOHXlycBGZ3sEc=
+github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.15.0/go.mod h1:2nXRRpjYPKijMf3muc2fxv46ArqGdpG8IoePS/SUnoQ=
 github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v1.4.1 h1:HZnZju8yqpvRIs71PEk54Jov6p+jiKIIlN+J+4tvcL0=
 github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v1.4.1/go.mod h1:wBxlGcNeQPIh1aS4xYqJuN2z6haSHRwzne6drN5ROfM=
 github.com/stackitcloud/stackit-sdk-go/services/sfs v0.6.1 h1:hZSTu3gc31qpStc1Y4DUYF1xFHGBEEVBtUs6tGDLxzQ=

@@ -0,0 +1,32 @@
+package federated_identity_provider
+
+const markdownDescription = `
+## Example Usage` + "\n" + `
+
+### Create a federated identity provider` + "\n" +
+	"```terraform" + `
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "my-provider"
+  issuer                = "https://auth.example.com"
+
+  assertions = [
+    {
+      item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "email"
+      operator = "equals"
+      value    = "terraform@example.com"
+    }
+  ]
+}
+` + "\n```"