Inconsistent Provider URL for GitHub OIDC Integration

Question

Inconsistent Provider URL for GitHub OIDC Integration

Closed this issue 4 months ago · 4 comments

Describe the bug

When I'm using the web user interface and create a new OIDC Integration via "Administration" -> "Platform Management" -> "Manage Integrations" -> "New Integration" -> "OpenID Connect" and select "GitHub" as the Provider Type, the default Provider URL is https://token.actions.githubusercontent.com

I tried the new platform_oidc_configuration resource from Terraform but here I'm getting an error for the exact same URL. Please the trailing slash in the error message.

╷
│ Error: Invalid Attribute Configuration
│
│   with platform_oidc_configuration.some_test_terraform,
│   on platform_oidc_configuration_devops_training.tf line 4, in resource "platform_oidc_configuration" "some_test_terraform":
│    4:   issuer_url    = "https://token.actions.githubusercontent.com"
│
│ issuer_url must be set to https://token.actions.githubusercontent.com/ when provider_type is set to 'GitHub'.
╵

Here is my terraform resource

resource "platform_oidc_configuration" "some_test_terraform" {
  name          = "some-test"
  description   = "Test team integration"
  issuer_url    = "https://token.actions.githubusercontent.com"
  provider_type = "GitHub"
  audience      = "jfrog-github"
}

Here is my terraform version

Terraform v1.8.2
on linux_amd64
+ provider registry.terraform.io/hashicorp/azuread v2.48.0
+ provider registry.terraform.io/jfrog/artifactory v10.7.4
+ provider registry.terraform.io/jfrog/platform v1.7.2
+ provider registry.terraform.io/jfrog/project v1.5.2

Requirements for and issue

A description of the bug
A fully functioning terraform snippet that can be copy&pasted (no outside files or ENV vars unless that's part of the issue). If this is not supplied, this issue will likely be closed without any effort expended.
Your version of artifactory (you can curl it at $host/artifactory/api/system/version
Your version of terraform
Your version of terraform provider

Expected behavior
The error message should not appear and the URL should work without a trailing slash, i.e. https://token.actions.githubusercontent.com

Answer 1 · 2024-05-06T12:51:42.000Z

In the spec they also use the URL without trailing slash

https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect

Answer 2 · 2024-05-06T15:47:59.000Z

@zemirco Thanks for the report. I've added this to our plan to fix.

Answer 3 · 2024-05-07T07:02:35.000Z

Awesome 🥳 Thank you very much!

Can you release a new version? The registry still shows version 1.7.2 but in the Changelog https://github.com/jfrog/terraform-provider-platform/blob/main/CHANGELOG.md#173-may-6-2024 you've added 1.7.3.

Answer 4 · 2024-05-07T16:03:54.000Z

@zemirco I'm bundling #73 in the same release so it shouldn't be long.