From 60c622c1611a29af696bf11210f5ec9eadd6f817 Mon Sep 17 00:00:00 2001
From: Lars Waage <46653859+larwaa@users.noreply.github.com>
Date: Fri, 14 Jul 2023 16:35:19 +0200
Subject: [PATCH] chore: add enviroment subject to federated credentials

---
 infrastructure/shared_resources/service_principal.tf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/infrastructure/shared_resources/service_principal.tf b/infrastructure/shared_resources/service_principal.tf
index d16cd0a0..7844a827 100644
--- a/infrastructure/shared_resources/service_principal.tf
+++ b/infrastructure/shared_resources/service_principal.tf
@@ -45,6 +45,15 @@ resource "azuread_application_federated_identity_credential" "github_branch_main
   subject               = "repo:rubberdok/${var.repository_name}:ref:refs/heads/main"
 }
 
+resource "azuread_application_federated_identity_credential" "github_environment_production" {
+  application_object_id = azuread_application.github.object_id
+  display_name          = "github-environment-production"
+  description           = "GitHub Actions Service Principal"
+  audiences             = ["api://AzureADTokenExchange"]
+  issuer                = "https://token.actions.githubusercontent.com"
+  subject               = "repo:rubberdok/indok-api:environment:production"
+}
+
 resource "azuread_application_federated_identity_credential" "github_pull_request" {
   application_object_id = azuread_application.github.object_id
   display_name          = "github-pull-request"