feat: Support multiple audiences (#11)

See relaycorp/veraid-authority#229

api.tf

@@ -56,7 +56,7 @@ resource "google_cloud_run_v2_service" "api" {
       }
       env {
         name  = "OAUTH2_TOKEN_AUDIENCE"
-        value = var.api_auth_audience
+        value = join(",", var.api_auth_audiences)
       }
 
       dynamic "env" {

examples/awala/authority.tf

@@ -15,8 +15,8 @@ module "authority" {
   mongodb_user     = mongodbatlas_database_user.authority.username
   mongodb_password = random_password.mongodb_authority_user_password.result
 
-  api_auth_audience = var.api_auth_audience
-  superadmin_sub    = var.superadmin_sub
+  api_auth_audiences = [var.api_auth_audience]
+  superadmin_sub     = var.superadmin_sub
 
   awala_endpoint_enabled                 = true
   awala_endpoint_outgoing_messages_topic = module.endpoint.pubsub_topics.outgoing_messages

examples/basic/authority.tf

@@ -15,8 +15,8 @@ module "authority" {
   mongodb_user     = mongodbatlas_database_user.authority.username
   mongodb_password = random_password.mongodb_authority_user_password.result
 
-  api_auth_audience = var.api_auth_audience
-  superadmin_sub    = var.superadmin_sub
+  api_auth_audiences = [var.api_auth_audience]
+  superadmin_sub     = var.superadmin_sub
 
   depends_on = [time_sleep.wait_for_services]
 }

variables.tf

@@ -5,7 +5,7 @@ variable "docker_image_name" {
 
 variable "docker_image_tag" {
   description = "The Docker image tag to deploy (highly recommended to set this explicitly)"
-  default     = "1.20.5"
+  default     = "1.22.0"
 }
 
 variable "instance_name" {
@@ -41,9 +41,9 @@ variable "api_auth_token_issuer" {
   type        = string
   default     = "https://accounts.google.com"
 }
-variable "api_auth_audience" {
-  description = "The OAuth2 audience"
-  type        = string
+variable "api_auth_audiences" {
+  description = "The OAuth2 audiences"
+  type        = list(string)
 }
 variable "superadmin_sub" {
   description = "The sub claim from the JWTs of the superadmin"