Skip to content

fix: Wrong content for oidc_fully_qualified_audiences in iam-assumable-role-with-oidc #301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

fix: Wrong content for oidc_fully_qualified_audiences in iam-assumable-role-with-oidc #301

wants to merge 5 commits into from

Conversation

@corneliusgdahling
Copy link

@corneliusgdahling corneliusgdahling commented Nov 4, 2022
edited
Loading

Fix: fully qualified audiences should generate StringEquals but is generating StringLike

Description

There is a bug that causes oidc_fully_qualified_audiences to create StringLike condition instead of StringEquals condition. This is simply because the content is created with StringLike instead of StringEquals

Motivation and Context

Solves bug

Breaking Changes

I don't know

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request
@corneliusgdahling corneliusgdahling changed the title Fix wrong content for audience fix: wrong content for audience Nov 4, 2022
@corneliusgdahling corneliusgdahling changed the title fix: wrong content for audience fix: Wrong content for audience iam-assumable-role-with-oidc Nov 4, 2022
@corneliusgdahling corneliusgdahling changed the title fix: Wrong content for audience iam-assumable-role-with-oidc fix: Wrong content for oidc_fully_qualified_audiences in iam-assumable-role-with-oidc Nov 4, 2022
bryantbiggs
bryantbiggs reviewed Nov 21, 2022
View reviewed changes
modules/iam-assumable-role-with-oidc/main.tf Outdated

content {
test = "StringLike"
test = "StringEquals"
Copy link
Member

@bryantbiggs bryantbiggs Nov 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is better suited to be a variable if we need to change it - see

terraform-aws-iam/modules/iam-role-for-service-accounts-eks/variables.tf

Line 76 in 3ec0f0f

default = "StringEquals"

Copy link
Author

@corneliusgdahling corneliusgdahling Nov 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed
bryantbiggs
bryantbiggs reviewed Dec 1, 2022
View reviewed changes
examples/iam-assumable-role-with-oidc/main.tf
}

#####################################
# IAM assumable role with audience
Copy link
Member

@bryantbiggs bryantbiggs Dec 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example doesn't match the changes being made
Copy link
Author

@corneliusgdahling corneliusgdahling Dec 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be fixed now
@corneliusgdahling corneliusgdahling force-pushed the fix-wrong-content-for-audience branch 4 times, most recently from 09c9ce4 to 2ab2a49 Compare December 1, 2022 09:12
bryantbiggs
bryantbiggs reviewed Dec 1, 2022
View reviewed changes
bryantbiggs
bryantbiggs reviewed Dec 1, 2022
View reviewed changes
@bryantbiggs
Copy link
Member

bryantbiggs commented Dec 1, 2022

based on your example - is this change needed or are you looking for https://github.com/terraform-aws-modules/terraform-aws-iam/blob/master/modules/iam-github-oidc-role ?
@github-actions
Copy link

github-actions bot commented Jan 1, 2023

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days
@github-actions github-actions bot added the stale label Jan 1, 2023
@corneliusgdahling
Copy link
Author

corneliusgdahling commented Jan 2, 2023

based on your example - is this change needed or are you looking for https://github.com/terraform-aws-modules/terraform-aws-iam/blob/master/modules/iam-github-oidc-role ?

Kind of. That would only work for GitHub, while making this change would allow it to work with others such as CircleCI
@github-actions github-actions bot removed the stale label Jan 3, 2023
@corneliusgdahling corneliusgdahling force-pushed the fix-wrong-content-for-audience branch from 96e3d5e to 9b88a9c Compare January 24, 2023 08:14
@github-actions
Copy link

github-actions bot commented Feb 24, 2023

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days
@github-actions github-actions bot added the stale label Feb 24, 2023
@corneliusgdahling
Copy link
Author

corneliusgdahling commented Feb 24, 2023

based on your example - is this change needed or are you looking for https://github.com/terraform-aws-modules/terraform-aws-iam/blob/master/modules/iam-github-oidc-role ?

Kind of. That would only work for GitHub, while making this change would allow it to work with others such as CircleCI

I have long since created my own module with this implementation, but still see the value in this. What do you think @bryantbiggs ?
@github-actions github-actions bot removed the stale label Feb 25, 2023
@github-actions
Copy link

github-actions bot commented Mar 28, 2023

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days
@github-actions github-actions bot added the stale label Mar 28, 2023
@github-actions
Copy link

github-actions bot commented Apr 8, 2023

This PR was automatically closed because of stale in 10 days
@github-actions github-actions bot closed this Apr 8, 2023
@github-actions
Copy link

github-actions bot commented May 8, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

2 participants

@corneliusgdahling @bryantbiggs