benchunghpe
commented
3 months ago This should be ready for review when someone's available.
Closed benchunghpe closed 2 months ago
benchunghpe
commented
3 months ago This should be ready for review when someone's available.
github-actions[bot]
commented
2 months ago This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days
github-actions[bot]
commented
2 months ago This PR was automatically closed because of stale in 10 days
github-actions[bot]
commented
1 month ago I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
This PR adds a dynamic block and optional variable to support specifying a set of allowed
job_workflow_refto allow fine-grained access to a github OIDC role.Motivation and Context
Currently, the github OIDC role module doesn't support passing
job_workflow_refto explicitly allow a limited set of workflows to assume an AWS IAM role through OIDC. The potential impact of this is that using this module, someone would be able to fork one of our github workflows, change the business logic and still have no issues assuming the IAM role.At HPE, we have a local version of this module which allows us to say "only allow a workflow to assume this IAM role if it's coming from the main branch of our organisation-wide reusable-workflows", which isn't possible in the main branch of this module due to the lack of support.
Breaking Changes
n/a, this adds a new optional variable so should extend the current functionality for those who require this feature
How Has This Been Tested?
examples/*to demonstrate and validate my change(s)