Update the GitHub thumbprint variable

unfunco · unfunco · commit eded788e4944 · 2022-01-13T19:01:14.000Z
diff --git a/README.md b/README.md
@@ -65,21 +65,22 @@ jobs:
 
 #### Optional
 
-| Name                            | Default    | Description                                             |
-|---------------------------------|------------|---------------------------------------------------------|
-| `attach_admin_policy`           | `false`    | Flag to attach/detach the AdministratorAccess policy.   |
-| `attach_read_only_policy`       | `true`     | Flag to attach/detach the ReadOnly policy.              |
-| `enabled`                       | `true`     | Flag to enable/disable creation of resources.           |
-| `force_detach_policies`         | `false`    | Flag to force detach policies attached to the IAM role. |
-| `iam_policy_name`               | `"github"` | Name of the IAM policy to be assumed by GitHub.         |
-| `iam_policy_path`               | `"/"`      | Path to the IAM policy.                                 |
-| `iam_role_name`                 | `"github"` | Name of the IAM role.                                   |
-| `iam_role_path`                 | `"/"`      | Path to the IAM role.                                   |
-| `iam_role_permissions_boundary` | `""`       | Permissions boundary to be used by the IAM role.        |
-| `iam_role_policy_arns`          | `[]`       | List of IAM policy ARNs to be attached to the IAM role. |
-| `managed_policy_arns`           | `[]`       | List of managed policy ARNs to apply to the IAM role.   |
-| `max_session_duration`          | `3600`     | Maximum session duration in seconds.                    |
-| `tags`                          | `{}`       | Map of tags to be applied to all resources.             |
+| Name                            | Default       | Description                                             |
+|---------------------------------|---------------|---------------------------------------------------------|
+| `attach_admin_policy`           | `false`       | Flag to attach/detach the AdministratorAccess policy.   |
+| `attach_read_only_policy`       | `true`        | Flag to attach/detach the ReadOnly policy.              |
+| `enabled`                       | `true`        | Flag to enable/disable creation of resources.           |
+| `force_detach_policies`         | `false`       | Flag to force detach policies attached to the IAM role. |
+| `github_thumbprint`             | `"6938fd4d…"` | GitHub OpenID TLS certificate thumbprint.               |
+| `iam_policy_name`               | `"github"`    | Name of the IAM policy to be assumed by GitHub.         |
+| `iam_policy_path`               | `"/"`         | Path to the IAM policy.                                 |
+| `iam_role_name`                 | `"github"`    | Name of the IAM role.                                   |
+| `iam_role_path`                 | `"/"`         | Path to the IAM role.                                   |
+| `iam_role_permissions_boundary` | `""`          | Permissions boundary to be used by the IAM role.        |
+| `iam_role_policy_arns`          | `[]`          | List of IAM policy ARNs to be attached to the IAM role. |
+| `managed_policy_arns`           | `[]`          | List of managed policy ARNs to apply to the IAM role.   |
+| `max_session_duration`          | `3600`        | Maximum session duration in seconds.                    |
+| `tags`                          | `{}`          | Map of tags to be applied to all resources.             |
 
 ### Outputs
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -10,6 +10,7 @@ module "aws_oidc_github" {
   attach_admin_policy           = var.attach_admin_policy
   attach_read_only_policy       = var.attach_read_only_policy
   force_detach_policies         = var.force_detach_policies
+  github_thumbprint             = var.github_thumbprint
   iam_policy_name               = var.iam_policy_name
   iam_policy_path               = var.iam_policy_path
   iam_role_name                 = var.iam_role_name
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
@@ -32,6 +32,12 @@ variable "github_repositories" {
   type        = list(string)
 }
 
+variable "github_thumbprint" {
+  default     = "6938fd4d98bab03faadb97b34396831e3780aea1"
+  description = "GitHub OpenID TLS certificate thumbprint."
+  type        = string
+}
+
 variable "iam_policy_name" {
   default     = "github"
   description = "Name of the IAM policy to be assumed by GitHub."
diff --git a/variables.tf b/variables.tf
@@ -36,13 +36,6 @@ variable "force_detach_policies" {
   type        = string
 }
 
-// Refer to the README for information on obtaining the thumbprint.
-variable "github_thumbprint" {
-  default     = "15e29108718111e59b3dad31954647e3c344a231"
-  description = "GitHub OpenID TLS cert thumbprint"
-  type        = string
-}
-
 variable "github_organisation" {
   description = "GitHub organisation name."
   type        = string
@@ -53,6 +46,13 @@ variable "github_repositories" {
   type        = list(string)
 }
 
+// Refer to the README for information on obtaining the thumbprint.
+variable "github_thumbprint" {
+  default     = "6938fd4d98bab03faadb97b34396831e3780aea1"
+  description = "GitHub OpenID TLS certificate thumbprint."
+  type        = string
+}
+
 variable "iam_policy_name" {
   default     = "github"
   description = "Name of the IAM policy to be assumed by GitHub."
