Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

patch: update to oidc token v2 #130

Merged
merged 4 commits into from
Apr 3, 2023
Merged

patch: update to oidc token v2 #130

merged 4 commits into from
Apr 3, 2023

Conversation

jenny-miggin
Copy link
Contributor

Checklist

  • All new jobs, commands, executors, parameters have descriptions
  • Examples have been added for any significant new features
  • README has been updated, if necessary

Motivation, issues

A new version of the OIDC token has been published, to allow for additional claims.

The new value is org/ORGANIZATION_ID/project/PROJECT_ID/user/USER_ID/vcs-origin/VCS_ORIGIN/vcs-ref/VCS_REF, a string, where ORGANIZATION_ID, PROJECT_ID, and USER_ID are UUIDs that identify the CircleCI organization, project, and user, respectively. The user is the CircleCI user that caused this job to run. VCS_ORIGIN and VCS_REF are strings that identify the repo URL and reference to the change that caused the job to run.

Description

Updated instances of $CIRCLE_OIDC_TOKEN to $CIRCLE_OIDC_TOKEN_V2, and also updated the orb tools orb version from 11.1 to 11.6

@jenny-miggin jenny-miggin requested a review from a team as a code owner March 28, 2023 10:59
@brivu brivu changed the title Update OIDC token feat: update to oidc token v2 Apr 3, 2023
brivu
brivu approved these changes Apr 3, 2023
View reviewed changes
Copy link
Contributor

@brivu brivu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you @jenny-miggin!

@brivu brivu merged commit 05d2ab5 into CircleCI-Public:master Apr 3, 2023
@brivu brivu changed the title feat: update to oidc token v2 patch: update to oidc token v2 Apr 4, 2023
@davidbaskin33
Copy link

For what it's worth, this was a breaking change for us. We had our IAM permissions configured to specifically match on strings in the format org/ORGANIZATION_ID/project/PROJECT_ID/user/USER_ID. Since I don't see documentation on what to expect for the values of VCS_ORIGIN and VCS_REF, updating to org/ORGANIZATION_ID/project/PROJECT_ID/user/USER_ID/* fixed the issue for us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KyleTryon KyleTryon KyleTryon approved these changes

@brivu brivu brivu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jenny-miggin @davidbaskin33 @KyleTryon @brivu