stackitcloud · JorTurFer · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026
@@ -0,0 +1,129 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_service_account_federated_identity_provider Resource - stackit"
+subcategory: ""
+description: |-
+  Service account federated identity provider schema.
+  Example Usage
+  Create a federated identity provider
+
+  resource "stackit_service_account" "sa" {
+    project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    name       = "my-service-account"
+  }
+
+  resource "stackit_service_account_federated_identity_provider" "provider" {
+    project_id            = stackit_service_account.sa.project_id
+    service_account_email = stackit_service_account.sa.email
+    name                  = "my-provider"
+    issuer                = "https://auth.example.com"
+
+    assertions = [
+      {
+        item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
+        operator = "equals"
+        value    = "sts.accounts.stackit.cloud"
+      },
+      {
+        item     = "email"
+        operator = "equals"
+        value    = "terraform@example.com"
+      }
+    ]
+  }
+---
+
+# stackit_service_account_federated_identity_provider (Resource)
+
+Service account federated identity provider schema.
+## Example Usage
+
+
+### Create a federated identity provider
+```terraform
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "my-provider"
+  issuer                = "https://auth.example.com"
+
+  assertions = [
+    {
+      item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "email"
+      operator = "equals"
+      value    = "terraform@example.com"
+    }
+  ]
+}
+
+```
+
+## Example Usage
+
+```terraform
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "gh-actions"
+  issuer                = "https://token.actions.githubusercontent.com"
+
+  assertions = [
+    {
+      item     = "aud"
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "sub"
+      operator = "equals"
+      value    = "repo:stackitcloud/terraform-provider-stackit:ref:refs/heads/main"
+    }
+  ]
+}
+
+# Only use the import statement, if you want to import an existing federated identity provider
+import {
+  to = stackit_service_account_federated_identity_provider.import-example
+  id = "${var.project_id},${var.service_account_email},${var.federation_id}"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `assertions` (Attributes List) The assertions for the federated identity provider. (see [below for nested schema](#nestedatt--assertions))
+- `issuer` (String) The issuer URL.
+- `name` (String) The name of the federated identity provider.
+- `project_id` (String) The STACKIT project ID associated with the service account.
+- `service_account_email` (String) The email address associated with the service account, used for account identification and communication.
+
+### Read-Only
+
+- `federation_id` (String) The unique identifier for the federated identity provider associated with the service account.
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`service_account_email`,`federation_id`".
+
+<a id="nestedatt--assertions"></a>
+### Nested Schema for `assertions`
+
+Required:
+
+- `item` (String) The assertion claim. At least one assertion with the claim "aud" is required for security reasons.
+- `operator` (String) The assertion operator. Currently, the only supported operator is "equals".
+- `value` (String) The assertion value.
@@ -0,0 +1,30 @@
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "gh-actions"
+  issuer                = "https://token.actions.githubusercontent.com"
+
+  assertions = [
+    {
+      item     = "aud"
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "sub"
+      operator = "equals"
+      value    = "repo:stackitcloud/terraform-provider-stackit:ref:refs/heads/main"
+    }
+  ]
+}
+
+# Only use the import statement, if you want to import an existing federated identity provider
+import {
+  to = stackit_service_account_federated_identity_provider.import-example
+  id = "${var.project_id},${var.service_account_email},${var.federation_id}"
+}
@@ -38,7 +38,7 @@ require (
 	github.com/stackitcloud/stackit-sdk-go/services/secretsmanager v0.18.0
 	github.com/stackitcloud/stackit-sdk-go/services/serverbackup v1.6.0
 	github.com/stackitcloud/stackit-sdk-go/services/serverupdate v1.5.0
-	github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.12.0
+	github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.18.1
 	github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v1.4.1
 	github.com/stackitcloud/stackit-sdk-go/services/sfs v0.6.3
 	github.com/stackitcloud/stackit-sdk-go/services/ske v1.12.0
@@ -108,6 +108,7 @@ require (
 	github.com/fzipp/gocyclo v0.6.0 // indirect
 	github.com/ghostiam/protogetter v0.3.20 // indirect
 	github.com/go-critic/go-critic v0.14.3 // indirect
+	github.com/go-git/go-git/v5 v5.18.0 // indirect
 	github.com/go-toolsmith/astcast v1.1.0 // indirect
 	github.com/go-toolsmith/astcopy v1.1.0 // indirect
 	github.com/go-toolsmith/astequal v1.2.0 // indirect

@@ -207,10 +207,10 @@ github.com/go-critic/go-critic v0.14.3 h1:5R1qH2iFeo4I/RJU8vTezdqs08Egi4u5p6vOES
 github.com/go-critic/go-critic v0.14.3/go.mod h1:xwntfW6SYAd7h1OqDzmN6hBX/JxsEKl5up/Y2bsxgVQ=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
-github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
-github.com/go-git/go-git/v5 v5.14.0 h1:/MD3lCrGjCen5WfEAzKg00MJJffKhC8gzS80ycmCi60=
-github.com/go-git/go-git/v5 v5.14.0/go.mod h1:Z5Xhoia5PcWA3NF8vRLURn9E5FRhSl7dGj9ItW3Wk5k=
+github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0=
+github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY=
+github.com/go-git/go-git/v5 v5.18.0 h1:O831KI+0PR51hM2kep6T8k+w0/LIAD490gvqMCvL5hM=
+github.com/go-git/go-git/v5 v5.18.0/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -722,8 +722,8 @@ github.com/stackitcloud/stackit-sdk-go/services/serverbackup v1.6.0 h1:OGAaEbuox
 github.com/stackitcloud/stackit-sdk-go/services/serverbackup v1.6.0/go.mod h1:h2fhcXRiSFP9yJXY8eb37e+2PhMW11g1GB8LL/EQ1aU=
 github.com/stackitcloud/stackit-sdk-go/services/serverupdate v1.5.0 h1:4MYNb3VQjVnVPfJ9xhDbSQgoSkxQZJ0tsv9N7O43/RI=
 github.com/stackitcloud/stackit-sdk-go/services/serverupdate v1.5.0/go.mod h1:iVCh5xZW/DHBMnJW4Zrw8KMhQIBRAETcnTPi5bbcQIE=
-github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.12.0 h1:l1EDIlXce2C8JcbBDHVa6nZ4SjPTqmnALTgrhms+NKI=
-github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.12.0/go.mod h1:EXq8/J7t9p8zPmdIq+atuxyAbnQwxrQT18fI+Qpv98k=
+github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.18.1 h1:T/5murYRgKIuieEY4PvLM0WipaSD2MsyR1VuQoKt+MQ=
+github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.18.1/go.mod h1:D8P9ZhWfXRE8gNQKUae9pyZGpskS949ezR7QQIGAMp8=
 github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v1.4.1 h1:HZnZju8yqpvRIs71PEk54Jov6p+jiKIIlN+J+4tvcL0=
 github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v1.4.1/go.mod h1:wBxlGcNeQPIh1aS4xYqJuN2z6haSHRwzne6drN5ROfM=
 github.com/stackitcloud/stackit-sdk-go/services/sfs v0.6.3 h1:LEdPJ6f9pbrft+HlIIzRcCQog58b7UKVm4ObiOH8H4o=

@@ -0,0 +1,32 @@
+package federated_identity_provider
+
+const markdownDescription = `
+## Example Usage` + "\n" + `
+
+### Create a federated identity provider` + "\n" +
+	"```terraform" + `
+resource "stackit_service_account" "sa" {
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name       = "my-service-account"
+}
+
+resource "stackit_service_account_federated_identity_provider" "provider" {
+  project_id            = stackit_service_account.sa.project_id
+  service_account_email = stackit_service_account.sa.email
+  name                  = "my-provider"
+  issuer                = "https://auth.example.com"
+
+  assertions = [
+    {
+      item     = "aud" # Including the audience check is mandatory for security reasons, the value is free to choose
+      operator = "equals"
+      value    = "sts.accounts.stackit.cloud"
+    },
+    {
+      item     = "email"
+      operator = "equals"
+      value    = "terraform@example.com"
+    }
+  ]
+}
+` + "\n```"