Overview
This runbook captures the steps performed to set up Workload Identity Federation (WIF) on GCP project solution-comunity and to bring the existing WIF resources under Terraform management via terraform import. It is intended as a handover artifact for the team: it explains the underlying concepts, walks through the Terraform import configuration that was used, and explains why a separate state prefix was chosen for the import.
WIF Terraform Import Configuration
The WIF pool, provider, and service account were originally created out-of-band (via the console / gcloud) before Terraform owned them. To bring them under Terraform without recreating them, we used Terraform 1.5+ import blocks, which let you declare imports declaratively in code and have them executed on the next terraform apply. The import.tf file used for this project is below: