Closed thomasjhenson closed 1 year ago
Hello @thomasjhenson – the PR looks good (but terraform fmt
should be run) but what are the circumstances that additional thumbprints are required? GitHub notes the thumbprint here: https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/ – what do you mean by the data resource not being enough?
In my case, we have corporate HTTPS proxies with inbound packet inspection. The proxy re-encrypts with its own certificate, so depending on in which network I run terraform the thumbprints differs and I need to manually add the right thumbprint.
Thanks @christiangjengedal and @thomasjhenson – I'll create a new release shortly.
I kept finding that the thumbprint provided by the data resource was not enough and I kept having to add additional thumbprints manually in the console. Obviously then when I came to re-apply the Terraform, it would want to erase the additional thumbprints I had added.
I have amended the module to allow for additional thumbprints as an option. If omitted, the
thumbprints_list
will be populated as normal from the data source.I have set validation on the
additional_thumbprints
var to only allow 4 entries in the list, with the max being 5 thumbprints in the OIDC in AWS.