Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple oidc_fully_qualified_subjects not working with iam-assumable-role-with-oidc #73

Closed
Anany-k opened this issue May 11, 2020 · 4 comments · Fixed by #74
Closed

Multiple oidc_fully_qualified_subjects not working with iam-assumable-role-with-oidc #73

Anany-k opened this issue May 11, 2020 · 4 comments · Fixed by #74

Comments

@Anany-k
Copy link

Anany-k commented May 11, 2020

Terraform Version

Terraform v0.12.24

Module Name - iam-assumable-role-with-oidc

Input

module "iam_role_XX" {
  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
  version                       = "v2.6.0"
  create_role                   = true
  role_name                     = "role-with-oidc"
  provider_url                  = "oidc.eks.eu-west-1.amazonaws.com/id/XXX"
  role_policy_arns              = ["arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"]
  oidc_fully_qualified_subjects = ["system:serviceaccount:default:sa1","system:serviceaccount:default:sa2"]
}

Expected Output

For the generated policy document

Condition = {
    StringEquals = {
        oidc.eks.ap-southeast-1.amazonaws.com/id/XXX = [
            "system:serviceaccount:default:sa1",
            "system:serviceaccount:default:sa2"
        ]
}

Actual Output

Condition = {
    StringEquals = {
        oidc.eks.ap-southeast-1.amazonaws.com/id/XXX = [
            "system:serviceaccount:default:sa1"
        ]
}
@antonbabenko
Copy link
Member

@miguelaferreira could you please take a look at this issue?

miguelaferreira added a commit to miguelaferreira/terraform-aws-iam that referenced this issue May 12, 2020
@miguelaferreira
Fix conditions with multiple subjects in assume role with oidc policy
9ad41e6 
Fixes terraform-aws-modules#73
@miguelaferreira miguelaferreira mentioned this issue May 12, 2020
Merged
@miguelaferreira
Copy link
Contributor

Hi @Anany-k Thanks for reporting this issue. I've opened a PR #74 that should fix it. Would you mind confirming that the code in the PR would solve your issue?

@Anany-k
Copy link
Author

Anany-k commented May 12, 2020
edited
Loading

@miguelaferreira
The change fixes the issue. Works as expected.
Thanks for your quick fix

@github-actions
Copy link

github-actions bot commented Nov 9, 2022

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 9, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@antonbabenko @miguelaferreira @Anany-k