Multiple oidc_fully_qualified_subjects not working with iam-assumable-role-with-oidc

[Anany-k]

Terraform Version

Terraform v0.12.24

Module Name - iam-assumable-role-with-oidc

Input

module "iam_role_XX" {
  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
  version                       = "v2.6.0"
  create_role                   = true
  role_name                     = "role-with-oidc"
  provider_url                  = "oidc.eks.eu-west-1.amazonaws.com/id/XXX"
  role_policy_arns              = ["arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"]
  oidc_fully_qualified_subjects = ["system:serviceaccount:default:sa1","system:serviceaccount:default:sa2"]
}

Expected Output

For the generated policy document

Condition = {
    StringEquals = {
        oidc.eks.ap-southeast-1.amazonaws.com/id/XXX = [
            "system:serviceaccount:default:sa1",
            "system:serviceaccount:default:sa2"
        ]
}

Actual Output

Condition = {
    StringEquals = {
        oidc.eks.ap-southeast-1.amazonaws.com/id/XXX = [
            "system:serviceaccount:default:sa1"
        ]
}

[antonbabenko]

@miguelaferreira could you please take a look at this issue?

[miguelaferreira]

Hi @Anany-k Thanks for reporting this issue. I've opened a PR #74 that should fix it. Would you mind confirming that the code in the PR would solve your issue?

[Anany-k]

@miguelaferreira The change fixes the issue. Works as expected. Thanks for your quick fix

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.