From af68a05de5b12d39d8f1120085ca4596bbcefa97 Mon Sep 17 00:00:00 2001 From: Daniel Morris Date: Thu, 13 Jan 2022 18:55:44 +0000 Subject: [PATCH] Update the GitHub thumbprint variable --- README.md | 31 ++++++++++++++++--------------- examples/complete/main.tf | 1 + examples/complete/variables.tf | 6 ++++++ variables.tf | 14 +++++++------- 4 files changed, 30 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index ec994dd..4aad814 100644 --- a/README.md +++ b/README.md @@ -65,21 +65,22 @@ jobs: #### Optional -| Name | Default | Description | -|---------------------------------|------------|---------------------------------------------------------| -| `attach_admin_policy` | `false` | Flag to attach/detach the AdministratorAccess policy. | -| `attach_read_only_policy` | `true` | Flag to attach/detach the ReadOnly policy. | -| `enabled` | `true` | Flag to enable/disable creation of resources. | -| `force_detach_policies` | `false` | Flag to force detach policies attached to the IAM role. | -| `iam_policy_name` | `"github"` | Name of the IAM policy to be assumed by GitHub. | -| `iam_policy_path` | `"/"` | Path to the IAM policy. | -| `iam_role_name` | `"github"` | Name of the IAM role. | -| `iam_role_path` | `"/"` | Path to the IAM role. | -| `iam_role_permissions_boundary` | `""` | Permissions boundary to be used by the IAM role. | -| `iam_role_policy_arns` | `[]` | List of IAM policy ARNs to be attached to the IAM role. | -| `managed_policy_arns` | `[]` | List of managed policy ARNs to apply to the IAM role. | -| `max_session_duration` | `3600` | Maximum session duration in seconds. | -| `tags` | `{}` | Map of tags to be applied to all resources. | +| Name | Default | Description | +|---------------------------------|---------------|---------------------------------------------------------| +| `attach_admin_policy` | `false` | Flag to attach/detach the AdministratorAccess policy. | +| `attach_read_only_policy` | `true` | Flag to attach/detach the ReadOnly policy. | +| `enabled` | `true` | Flag to enable/disable creation of resources. | +| `force_detach_policies` | `false` | Flag to force detach policies attached to the IAM role. | +| `github_thumbprint` | `"6938fd4d…"` | GitHub OpenID TLS certificate thumbprint. | +| `iam_policy_name` | `"github"` | Name of the IAM policy to be assumed by GitHub. | +| `iam_policy_path` | `"/"` | Path to the IAM policy. | +| `iam_role_name` | `"github"` | Name of the IAM role. | +| `iam_role_path` | `"/"` | Path to the IAM role. | +| `iam_role_permissions_boundary` | `""` | Permissions boundary to be used by the IAM role. | +| `iam_role_policy_arns` | `[]` | List of IAM policy ARNs to be attached to the IAM role. | +| `managed_policy_arns` | `[]` | List of managed policy ARNs to apply to the IAM role. | +| `max_session_duration` | `3600` | Maximum session duration in seconds. | +| `tags` | `{}` | Map of tags to be applied to all resources. | ### Outputs diff --git a/examples/complete/main.tf b/examples/complete/main.tf index c60cf81..aec9d97 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -10,6 +10,7 @@ module "aws_oidc_github" { attach_admin_policy = var.attach_admin_policy attach_read_only_policy = var.attach_read_only_policy force_detach_policies = var.force_detach_policies + github_thumbprint = var.github_thumbprint iam_policy_name = var.iam_policy_name iam_policy_path = var.iam_policy_path iam_role_name = var.iam_role_name diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index a7932ac..15c08c8 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -32,6 +32,12 @@ variable "github_repositories" { type = list(string) } +variable "github_thumbprint" { + default = "6938fd4d98bab03faadb97b34396831e3780aea1" + description = "GitHub OpenID TLS certificate thumbprint." + type = string +} + variable "iam_policy_name" { default = "github" description = "Name of the IAM policy to be assumed by GitHub." diff --git a/variables.tf b/variables.tf index 894d513..07297f5 100644 --- a/variables.tf +++ b/variables.tf @@ -36,13 +36,6 @@ variable "force_detach_policies" { type = string } -// Refer to the README for information on obtaining the thumbprint. -variable "github_thumbprint" { - default = "15e29108718111e59b3dad31954647e3c344a231" - description = "GitHub OpenID TLS cert thumbprint" - type = string -} - variable "github_organisation" { description = "GitHub organisation name." type = string @@ -53,6 +46,13 @@ variable "github_repositories" { type = list(string) } +// Refer to the README for information on obtaining the thumbprint. +variable "github_thumbprint" { + default = "6938fd4d98bab03faadb97b34396831e3780aea1" + description = "GitHub OpenID TLS certificate thumbprint." + type = string +} + variable "iam_policy_name" { default = "github" description = "Name of the IAM policy to be assumed by GitHub."