feat: Allow OIDC root CA thumbprint to be included/excluded (#2778)

* fix: Allow OIDC root CA thumbprint to be included/excluded * chore: Consolidate conditional logic within local conditional --------- Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
2026-03-29 05:31:46 +02:00 · 2023-11-14 07:07:47 -08:00
parent f0e2e8badf
commit 091c68051d
3 changed files with 17 additions and 3 deletions
--- a/variables.tf
+++ b/variables.tf
@@ -358,6 +358,12 @@ variable "openid_connect_audiences" {
  default     = []
 }

+variable "include_oidc_root_ca_thumbprint" {
+  description = "Determines whether to include the root CA thumbprint in the OpenID Connect (OIDC) identity provider's server certificate(s)"
+  type        = bool
+  default     = true
+}
+
 variable "custom_oidc_thumbprints" {
  description = "Additional list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s)"
  type        = list(string)