Skip to content

Add audicence in the policy condition #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
blueprismo opened this issue Jun 12, 2024 · 8 comments · May be fixed by #90
Closed

Add audicence in the policy condition #87

blueprismo opened this issue Jun 12, 2024 · 8 comments · May be fixed by #90
Labels

Comments

@blueprismo
Copy link

Bug Report

When I try to set up a simple OIDC provisioning, the policy document only considerates the condition for the token.githubusercontent.com:sub and does not include the *:aud as explicitly stated in the doc (https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#configuring-the-role-and-trust-policy)

Steps to Reproduce:

Just apply anywhere the role

Expected Result:

"Condition": {
  "StringEquals": {
    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com",
    "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:ref:refs/heads/octo-branch"
  }
}

Actual Result:

"Condition": {
  "StringEquals": {
    "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:ref:refs/heads/octo-branch"
  }
}
@pintxxo
Copy link

pintxxo commented Aug 5, 2024

Did anybody has a solution to this? Thank you

@blueprismo
Copy link
Author

Did anybody has a solution to this? Thank you

I have the mental note to do it at some point in time in a forked repo / on my own! Will keep you updated :)

@blueprismo
Copy link
Author

@nikola197
Copy link

@blueprismo can you make a PR with your changes for audiences, and hopefully maintainers can merge it soon?
Thank you!

@blueprismo
Copy link
Author

@nikola197 Done in here: #90 hope some maintainers will merge it

Copy link

stale bot commented Jan 10, 2025

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jan 10, 2025
@blueprismo
Copy link
Author

Friendly ping

Copy link

stale bot commented Feb 12, 2025

This issue has been automatically closed because it has not had recent activity since being marked as stale.

@stale stale bot closed this as completed Feb 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
3 participants