Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub action OIDC Auth doesn't work with v2.28.0 #875

Closed
Satak opened this issue Aug 28, 2022 · 4 comments · Fixed by #876
Closed

GitHub action OIDC Auth doesn't work with v2.28.0 #875

Satak opened this issue Aug 28, 2022 · 4 comments · Fixed by #876
Assignees
@manicminer
Labels
authentication bug regression
Milestone
v2.28.1

Comments

@Satak
Copy link

Satak commented Aug 28, 2022
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

  • Terraform version, latest
  • AzureAD provider 2.28.0

Affected Resource(s)

OIDC auth

Terraform Configuration Files

provider "azuread" {}
env:
  ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
  ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
  ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
  ARM_USE_OIDC: true
  TF_IN_AUTOMATION: true
  ARM_SKIP_PROVIDER_REGISTRATION: true

permissions:
  contents: read
  id-token: write
  issues: write
  pull-requests: write

Debug Output

Error: building client: unable to obtain access token: clientAssertionAuthorizer: cannot parse certificate: x509: malformed certificate

  with provider["registry.terraform.io/hashicorp/azuread"],
  on main.tf line 5, in provider "azuread":
   5: provider "azuread" {}

Expected Behavior

OIDC auth should work as 2.27

Actual Behavior

Can't run terraform plan or apply since the oidc auth from github action doesn't work with azuread provider 2.28. 2.27 works.
@Satak
Copy link
Author

Satak commented Aug 30, 2022

Is there any full documentation and example how to setup OIDC auth in GitHub actions for 2.28 version? Something changed since the old configuration doesn't work for 2.28.

@manicminer manicminer self-assigned this Aug 30, 2022
@manicminer
Copy link
Contributor

@Satak Thanks for reporting this. I've looked into it and it does seem like GitHub OIDC auth is unfortunately broken. I believe I've found the cause and we should be able to issue a patch release for this shortly.

@manicminer manicminer mentioned this issue Aug 30, 2022
Merged
@manicminer manicminer added this to the v2.28.1 milestone Aug 30, 2022
@github-actions
Copy link

This functionality has been released in v2.28.1 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 30, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@manicminer manicminer

Labels
authentication bug regression
Projects
None yet
Milestone
v2.28.1
Development

Successfully merging a pull request may close this issue.

Bugfix: incorrect OIDC method selection hashicorp/terraform-provider-azuread
2 participants
@manicminer @Satak