Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Include all certificate fingerprints in the OIDC provider thumbprint list #2307

Merged
merged 1 commit into from
Nov 22, 2022
Merged

fix: Include all certificate fingerprints in the OIDC provider thumbprint list #2307

merged 1 commit into from
Nov 22, 2022

Conversation

ThetaSinner
Copy link
Contributor

@ThetaSinner ThetaSinner commented Nov 22, 2022
edited
Loading

Description

Include all certificate fingerprints in the thumbprint list, rather than just the first one

Motivation and Context

I'm following the Terraform documentation for enabling IRSA https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#enabling-iam-roles-for-service-accounts. This suggests that all the certificates thumbprints should be listed. This module currently only selects the first one, which should be the highest root certificate in the chain pulled back by the tls_certificate data lookup. I can't see anything to suggest that this is intentional.

Breaking Changes

No breaking changes

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

I only have access to my work environment. I have tested this change against our development and staging environments without issues.

@ThetaSinner ThetaSinner changed the title Include all certificate fingerprints in the thumbprint list fix: Include all certificate fingerprints in the thumbprint list Nov 22, 2022
@bryantbiggs bryantbiggs changed the title fix: Include all certificate fingerprints in the thumbprint list fix: Include all certificate fingerprints in the OIDC provider thumbprint list Nov 22, 2022
bryantbiggs
bryantbiggs approved these changes Nov 22, 2022
View reviewed changes
Copy link
Member

@bryantbiggs bryantbiggs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you!

@bryantbiggs bryantbiggs merged commit 7436178 into terraform-aws-modules:master Nov 22, 2022
antonbabenko pushed a commit that referenced this pull request Nov 22, 2022
@semantic-release-bot
chore(release): version 18.31.1 [skip ci]
000dd2c 
### [18.31.1](v18.31.0...v18.31.1) (2022-11-22)

### Bug Fixes

* Include all certificate fingerprints in the OIDC provider thumbprint list ([#2307](#2307)) ([7436178](7436178))
@antonbabenko
Copy link
Member

This PR is included in version 18.31.1 🎉

@ThetaSinner
Copy link
Contributor Author

Thanks for getting this in so quickly!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bryantbiggs bryantbiggs bryantbiggs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ThetaSinner @antonbabenko @bryantbiggs