feat: Strip https:// from OIDC provider URL if present (#50)

05fec507 · Chance Zibolski · GitHub · 2af9e387 · 05fec507
Commit 05fec507 authored Aug 17, 2020 by Chance Zibolski Committed by GitHub Aug 17, 2020
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

main.tf modules/iam-assumable-role-with-oidc/main.tf +4 -3

No files found.
--- a/modules/iam-assumable-role-with-oidc/main.tf
+++ b/modules/iam-assumable-role-with-oidc/main.tf
 locals {
  aws_account_id = var.aws_account_id != "" ? var.aws_account_id : data.aws_caller_identity.current.account_id
+  provider_url   = replace(var.provider_url, "https://", "")
 }

 data "aws_caller_identity" "current" {}
@@ -18,7 +19,7 @@ data "aws_iam_policy_document" "assume_role_with_oidc" {
      type = "Federated"

      identifiers = [
-        "arn:${data.aws_partition.current.partition}:iam::${local.aws_account_id}:oidc-provider/${var.provider_url}"
+        "arn:${data.aws_partition.current.partition}:iam::${local.aws_account_id}:oidc-provider/${local.provider_url}"
      ]
    }

@@ -26,7 +27,7 @@ data "aws_iam_policy_document" "assume_role_with_oidc" {
      for_each = length(var.oidc_fully_qualified_subjects) > 0 ? [1] : []
      content {
        test     = "StringEquals"
-        variable = "${var.provider_url}:sub"
+        variable = "${local.provider_url}:sub"
        values   = var.oidc_fully_qualified_subjects
      }
    }
@@ -36,7 +37,7 @@ data "aws_iam_policy_document" "assume_role_with_oidc" {
      for_each = length(var.oidc_subjects_with_wildcards) > 0 ? [1] : []
      content {
        test     = "StringLike"
-        variable = "${var.provider_url}:sub"
+        variable = "${local.provider_url}:sub"
        values   = var.oidc_subjects_with_wildcards
      }
    }