Option to add additional thumbprints

[thomasjhenson]

I kept finding that the thumbprint provided by the data resource was not enough and I kept having to add additional thumbprints manually in the console. Obviously then when I came to re-apply the Terraform, it would want to erase the additional thumbprints I had added.

I have amended the module to allow for additional thumbprints as an option. If omitted, the thumbprints_list will be populated as normal from the data source.

I have set validation on the additional_thumbprints var to only allow 4 entries in the list, with the max being 5 thumbprints in the OIDC in AWS.

[unfunco]

Hello @thomasjhenson – the PR looks good (but terraform fmt should be run) but what are the circumstances that additional thumbprints are required? GitHub notes the thumbprint here: https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/ – what do you mean by the data resource not being enough?

[christiangjengedal]

In my case, we have corporate HTTPS proxies with inbound packet inspection. The proxy re-encrypts with its own certificate, so depending on in which network I run terraform the thumbprints differs and I need to manually add the right thumbprint.

[unfunco]

Thanks @christiangjengedal and @thomasjhenson – I'll create a new release shortly.