Describe the bug
The provider configures differently than the UI, resulting in a none functional identity.
Steps to reproduce
Attempt to create an identity usable from github actions. The audience mismatch will result in it not working.
Manually updating the oidc in the UI to just a general oidc (still displays as github, it just happens to fix it) will set the audience to null instead of "" (empty string) which fixes the problem.
After manually editing, doing an apply results in no changes, which suggests the provider isn't managing the audience field.
Before:
{
"Id": "<redacted>",
"ServiceAccountId": "<redacted>",
"Name": "github-actions",
"Issuer": "https://token.actions.githubusercontent.com",
"Subject": "<redacted>",
"Audience": ""
}
After:
{
"Id": "<redacted>",
"ServiceAccountId": "<redacted>",
"Name": "github-actions",
"Issuer": "https://token.actions.githubusercontent.com",
"Subject": "<redacted>",
"Audience": null
}
Expected behavior
Set this field to null in the API call to allow the system to infer the audience. Potentially this can also be changed to allow an optional audience field
Describe the bug
The provider configures differently than the UI, resulting in a none functional identity.
Steps to reproduce
Attempt to create an identity usable from github actions. The audience mismatch will result in it not working.
Manually updating the oidc in the UI to just a general oidc (still displays as github, it just happens to fix it) will set the audience to
nullinstead of""(empty string) which fixes the problem.After manually editing, doing an apply results in no changes, which suggests the provider isn't managing the audience field.
Before:
After:
Expected behavior
Set this field to null in the API call to allow the system to infer the audience. Potentially this can also be changed to allow an optional audience field