Open SKalt opened 1 year ago
I hit the same _issue_when setting up GitHub OIDC provider. I don't think this is an issue though.
I think your problem is that you haven't specified https://
at the start of your URL. The error is misleading as it states that host
is expected:
Error: expected "url" to have a host, got api.bitbucket.org/2.0/workspaces/myorg/pipelines-config/identity/oidc
I got a similar issue trying to use token.actions.githubusercontent.com
as the resource url:
Error: expected "url" to have a host, got token.actions.githubusercontent.com
ā ...
ā 445: url = "token.actions.githubusercontent.com"
Changing this to url = "https://token.actions.githubusercontent.com"
resolved the error.
Pretty sure this can be closed.
I think it's a bug actually, due to how Terraform calculates it's outputs, here's an example:
resource "aws_iam_openid_connect_provider" "github_actions" {
client_id_list = [
"sts.amazonaws.com",
]
thumbprint_list = [
"1b511abead59c6ce207077c0bf0e0043b1382612",
]
url = "https://token.actions.githubusercontent.com"
}
output "github_actions_url" {
value = aws_iam_openid_connect_provider.github_actions.url
}
If you apply that it creates the resource and gives you output "https://token.actions.githubusercontent.com"
however when you apply again, because AWS returns the URL without the protocol, the output gets updated to"token.actions.githubusercontent.com"
.
We hit this bug after passing an output similar to above into data.aws_iam_openid_connect_provider
in a different module. The data resource fails without the protocol included, so everything worked as expected on the first apply but when the aws_iam_openid_connect_provider
resource got refreshed, the output changed, and the data block started returning errors.
It's easy to workaround though: putting a bunch of startswith()
logic to ensure the protocol is included if it's not present.
Community Note
Terraform CLI and Terraform AWS Provider Version
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
plan debug logs
Expected Behavior
the provider should have accepted the protocol-less "url" that BitBucket provides. If I were to enter the same protocol-less url in the AWS IAM console, the OIDC-provider resource would be created successfully.
Actual Behavior
The resource marks my "url" as invalid, despite the fact that the "url" is a valid iss claim.
Steps to Reproduce
terraform plan