Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should this action have an explicit option for OIDC flow rather than rely on presence of webToken? #1223

Open
1 task
chris-mac opened this issue Dec 12, 2024 · 0 comments
Open
1 task

Should this action have an explicit option for OIDC flow rather than rely on presence of webToken? #1223

chris-mac opened this issue Dec 12, 2024 · 0 comments
Labels
bug Something isn't working needs-triage This issue still needs to be triaged

Comments

@chris-mac
Copy link

Describe the bug

When using the permission
id-token: write
It seems that that this action automatically goes down the OIDC flow
This is not always intended behaviour i.e. when using both OIDC for another action and IAM instance roles within the same job.
Looks like these lines are responsible
https://github.com/aws-actions/configure-aws-credentials/blob/main/src/assumeRole.ts#L152-L153

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

Should be allowed to use both OIDC and non OIDC AWS credentials flow in same action

Current Behavior

AWS auth fails as tries to go down OIDC flow

Reproduction Steps

Create job with id-token: write when you do not want to use the OIDC flow

Possible Solution

Provide explicit OIDC option and do not reply on presence of token(option:true && webToken:true) ?

Additional Information/Context

No response
@chris-mac chris-mac added bug Something isn't working needs-triage This issue still needs to be triaged labels Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-triage This issue still needs to be triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chris-mac