stackitcloud · JorTurFer · Apr 28, 2026 · Apr 28, 2026 · Apr 29, 2026 · Apr 29, 2026
@@ -0,0 +1,51 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_service_account_federated_identity_provider Data Source - stackit"
+subcategory: ""
+description: |-
+  Service account federated identity provider schema.
+---
+
+# stackit_service_account_federated_identity_provider (Data Source)
+
+Service account federated identity provider schema.
+
+## Example Usage
+
+```terraform
+data "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  email      = "sa01-8565oq1@sa.stackit.cloud"
+}
+
+data "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = data.stackit_service_account.sa.project_id
+  service_account_email = data.stackit_service_account.sa.email
+  federation_id         = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `federation_id` (String) The unique identifier for the federated identity provider associated with the service account.
+- `project_id` (String) The STACKIT project ID associated with the service account.
+- `service_account_email` (String) The email address associated with the service account, used for account identification and communication.
+
+### Read-Only
+
+- `assertions` (Attributes List) (see [below for nested schema](#nestedatt--assertions))
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`service_account_email`,`federation_id`".
+- `issuer` (String)
+- `name` (String)
+
+<a id="nestedatt--assertions"></a>
+### Nested Schema for `assertions`
+
+Read-Only:
+
+- `item` (String)
+- `operator` (String)
+- `value` (String)
@@ -0,0 +1,129 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_service_account_federated_identity_provider Resource - stackit"
+subcategory: ""
+description: |-
+  Service account federated identity provider schema.
+  Example Usage
+  Create a federated identity provider
+
+  resource "stackit_service_account" "sa" {
+    project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    name       = "my-service-account"
+  }
+
+  resource "stackit_service_account_federated_identity_provider" "provider" {
+    project_id            = stackit_service_account.sa.project_id
+    service_account_email = stackit_service_account.sa.email
+    name                  = "my-provider"
+    issuer                = "https://auth.example.com"
+
+    assertions = [
+      {
+        item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
+        operator = "equals"
+        value    = "sts.accounts.stackit.cloud"
+      },
+      {
+        item     = "email"
+        operator = "equals"
+        value    = "terraform@example.com"
+      }
+    ]
+  }
+---
+
+# stackit_service_account_federated_identity_provider (Resource)
+
+Service account federated identity provider schema.
+## Example Usage
+
+
+### Create a federated identity provider
+```terraform
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "my-provider"
+  issuer                = "https://auth.example.com"
+
+  assertions = [
+    {
+      item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "email"
+      operator = "equals"
+      value    = "terraform@example.com"
+    }
+  ]
+}
+
+```
+
+## Example Usage
+
+```terraform
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "gh-actions"
+  issuer                = "https://token.actions.githubusercontent.com"
+
+  assertions = [
+    {
+      item     = "aud"
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "sub"
+      operator = "equals"
+      value    = "repo:stackitcloud/terraform-provider-stackit:ref:refs/heads/main"
+    }
+  ]
+}
+
+# Only use the import statement, if you want to import an existing federated identity provider
+import {
+  to = stackit_service_account_federated_identity_provider.import-example
+  id = "${var.project_id},${var.service_account_email},${var.federation_id}"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `assertions` (Attributes List) The assertions for the federated identity provider. (see [below for nested schema](#nestedatt--assertions))
+- `issuer` (String) The issuer URL.
+- `name` (String) The name of the federated identity provider.
+- `project_id` (String) The STACKIT project ID associated with the service account.
+- `service_account_email` (String) The email address associated with the service account, used for account identification and communication.
+
+### Read-Only
+
+- `federation_id` (String) The unique identifier for the federated identity provider associated with the service account.
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`service_account_email`,`federation_id`".
+
+<a id="nestedatt--assertions"></a>
+### Nested Schema for `assertions`
+
+Required:
+
+- `item` (String) The assertion claim. At least one assertion with the claim "aud" is required for security reasons.
+- `operator` (String) The assertion operator. Currently, the only supported operator is "equals".
+- `value` (String) The assertion value.
@@ -0,0 +1,11 @@
+data "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  email      = "sa01-8565oq1@sa.stackit.cloud"
+}
+
+data "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = data.stackit_service_account.sa.project_id
+  service_account_email = data.stackit_service_account.sa.email
+  federation_id         = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
+
@@ -0,0 +1,30 @@
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "gh-actions"
+  issuer                = "https://token.actions.githubusercontent.com"
+
+  assertions = [
+    {
+      item     = "aud"
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "sub"
+      operator = "equals"
+      value    = "repo:stackitcloud/terraform-provider-stackit:ref:refs/heads/main"
+    }
+  ]
+}
+
+# Only use the import statement, if you want to import an existing federated identity provider
+import {
+  to = stackit_service_account_federated_identity_provider.import-example
+  id = "${var.project_id},${var.service_account_email},${var.federation_id}"
+}
@@ -0,0 +1,32 @@
+package federated_identity_provider
+
+const markdownDescription = `
+## Example Usage` + "\n" + `
+
+### Create a federated identity provider` + "\n" +
+	"```terraform" + `
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "my-provider"
+  issuer                = "https://auth.example.com"
+
+  assertions = [
+    {
+      item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "email"
+      operator = "equals"
+      value    = "terraform@example.com"
+    }
+  ]
+}
+` + "\n```"