terraform-aws-eks icon indicating copy to clipboard operation
terraform-aws-eks copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

IRSA, Thumbprint list must contain fewer than 5 entries

Open atre opened this issue 2 years ago β€’ 0 comments

Is your request related to a problem? Please describe.

I'm working on IRSA and I'm getting this Error: creating IAM OIDC Provider: InvalidInput: Thumbprint list must contain fewer than 5 entries.

I'm also using two additional entries in custom_oidc_thumbprints

So due to this concatenation https://github.com/terraform-aws-modules/terraform-aws-eks/blob/f741db1b2c7c4ef0409d7c2e4f588bbc639cbaf2/main.tf#L235

I can't apply configuration in any environment with more than 3 certificates in the chain

Describe the solution you'd like.

I want to discuss possible fixes and work on these. I see following

  1. Prioritise custom_oidc_thumbprints over those that have been added from the datasource. Maybe add a switch to just add custom_oidc_thumbprints?

  2. Slice resulting thumbprint_list to 5 entries, from the end

  3. Add validation here so no more 5 entries can be in a list https://github.com/terraform-aws-modules/terraform-aws-eks/blob/f741db1b2c7c4ef0409d7c2e4f588bbc639cbaf2/variables.tf#L361-L365

Additional context

Last related commit from @ThetaSinner https://github.com/terraform-aws-modules/terraform-aws-eks/commit/7436178cc1a720a066c73f1de23b04b3c24ae608

atre avatar May 26 '23 10:05 atre