terraform-aws-oidc-github icon indicating copy to clipboard operation
terraform-aws-oidc-github copied to clipboard

Published 20 hours ago verified publisher icon unfunco

Error when using enterprise_slug

Open joshblease opened this issue 1 year ago • 2 comments

I've just tried to use this module but added the enterprise slug parameter and ended up with this error:

Error: creating IAM Role (github): operation error IAM: CreateRole, https response error StatusCode: 400, RequestID: c8c0d8c3-58f2-4f71-9b17-b84fa3cf65e5, MalformedPolicyDocument: Trust policy with trusted principal arn:aws:iam::358411131270:oidc-provider/token.actions.githubusercontent.com/myslug/myslug must evaluate, using StringEquals, StringLike or StringEqualsIgnoreCase, token.actions.githubusercontent.com/myslug/myslug:sub which is not scoped to all.

I'll be proceeding without the enterprise slug for now but just thought I'd raise an issue.

joshblease avatar Jun 06 '24 08:06 joshblease

Thanks for reporting @joshblease – I no longer have access to an Enterprise GitHub instance but I'll look for a workaround soon.

unfunco avatar Jun 11 '24 19:06 unfunco

I experienced this bug as well. It looks like the enterprise slug is being added twice, but I'm not sure if that's the cause of the issue. https://github.com/unfunco/terraform-aws-oidc-github/blob/6a67a48bf466eb0a0820c90a4753aa205a6b0230/data.tf#L40 https://github.com/unfunco/terraform-aws-oidc-github/blob/6a67a48bf466eb0a0820c90a4753aa205a6b0230/main.tf#L75

I have access to an enterprise github and I would be willing to test a fix for this.

georgegeddes avatar Jun 12 '24 17:06 georgegeddes