Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Strip https:// from OIDC provider URL if present #50

Merged

Conversation

chancez
Copy link
Contributor

@chancez chancez commented Feb 10, 2020

The OIDC URL returned from the AWS API and https://github.com/terraform-aws-modules/terraform-aws-eks
contains the https:// scheme in the URL, this handles removing it
automatically, as required for correctly creating IAM policies.

Copy link
Contributor

@max-rocket-internet max-rocket-internet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice! Makes implementation a bit tidier.

@tkent
Copy link

tkent commented Jul 16, 2020

I'd also like to vote for this change. The variable name provider_url indicates it's a URL (meaning the protocol should be included). However, the module actually needs the provider fully qualified domain name + path, with the protocol omitted. Stripping off the protocol if it's included will save a bit of confusion.

@max-rocket-internet
Copy link
Contributor

@chancez can you rebase

@antonbabenko can you review

@chancez
Copy link
Contributor Author

chancez commented Jul 17, 2020

Rebased

@chancez chancez force-pushed the oidc_remove_https_scheme branch from 40aaf35 to 2f80cb3 Compare July 17, 2020 20:28
@antonbabenko antonbabenko changed the title Strip https:// from OIDC provider URL if present feat: Strip https:// from OIDC provider URL if present Jul 20, 2020
@chancez chancez force-pushed the oidc_remove_https_scheme branch 2 times, most recently from ac857c4 to e17d37e Compare July 20, 2020 16:42
The OIDC URL returned from the AWS API and https://github.com/terraform-aws-modules/terraform-aws-eks
contains the https:// scheme in the URL, this handles removing it
automatically, as required for correctly creating IAM policies.
@chancez chancez force-pushed the oidc_remove_https_scheme branch from e17d37e to e74a299 Compare July 20, 2020 16:42
@antonbabenko antonbabenko merged commit 05fec50 into terraform-aws-modules:master Aug 17, 2020
@antonbabenko
Copy link
Member

Thanks, @chancez !

v2.17.0 has been just released.

@chancez chancez deleted the oidc_remove_https_scheme branch August 17, 2020 15:49
hoylemd added a commit to pixlee/terraform-aws-iam that referenced this pull request Oct 14, 2020
* upstream/master: (26 commits)
  Updated CHANGELOG
  fix: Fixed ses_smtp_password_v4 output name
  Updated CHANGELOG
  fix: simplify count statements (terraform-aws-modules#93)
  Updated CHANGELOG
  fix: Allow running on custom AWS partition (incl. govcloud) (terraform-aws-modules#94)
  Updated CHANGELOG
  feat: modules/iam-assumable-role-with-oidc: Support multiple provider URLs (terraform-aws-modules#91)
  Updated CHANGELOG
  feat: Strip https:// from OIDC provider URL if present (terraform-aws-modules#50)
  Updated CHANGELOG
  fix: Allow modules/iam-assumable-role-with-oidc to work in govcloud (terraform-aws-modules#83)
  Updated CHANGELOG
  feat: Added support for sts:ExternalId in modules/iam-assumable-role (terraform-aws-modules#90)
  Updated CHANGELOG
  fix: Delete DEPRECATED ses_smtp_password in iam-user. (terraform-aws-modules#88)
  Updated CHANGELOG
  feat: Support for Terraform v0.13 and AWS provider v3 (terraform-aws-modules#87)
  docs: Updated example in README (terraform-aws-modules#52)
  Updated CHANGELOG
  ...
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants